{"id":446,"date":"2019-09-05T08:52:46","date_gmt":"2019-09-05T07:52:46","guid":{"rendered":"http:\/\/zerothcode.com\/blog\/?p=446"},"modified":"2019-11-26T07:04:21","modified_gmt":"2019-11-26T07:04:21","slug":"sms-could-hack-phone","status":"publish","type":"post","link":"https:\/\/zerothcode.com\/blog\/sms-could-hack-phone\/","title":{"rendered":"Just An SMS Could Let Remote Attackers Access All Your Emails, Experts Warn"},"content":{"rendered":"\r\n<figure class=\"wp-block-image\">\r\n<figure id=\"attachment_447\" aria-describedby=\"caption-attachment-447\" style=\"width: 728px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-447\" src=\"http:\/\/zerothcode.com\/blog\/wp-content\/uploads\/2019\/09\/android-hacking.jpg\" alt=\"SMS\" width=\"728\" height=\"380\" srcset=\"https:\/\/zerothcode.com\/blog\/wp-content\/uploads\/2019\/09\/android-hacking.jpg 728w, https:\/\/zerothcode.com\/blog\/wp-content\/uploads\/2019\/09\/android-hacking-300x157.jpg 300w, https:\/\/zerothcode.com\/blog\/wp-content\/uploads\/2019\/09\/android-hacking-390x205.jpg 390w, https:\/\/zerothcode.com\/blog\/wp-content\/uploads\/2019\/09\/android-hacking-20x10.jpg 20w\" sizes=\"auto, (max-width: 728px) 100vw, 728px\" \/><figcaption id=\"caption-attachment-447\" class=\"wp-caption-text\">SMS<\/figcaption><\/figure>\r\n<\/figure>\r\n\r\n\r\n\r\n<p>Beware! Billion of Android users can easily be tricked into changing their devices&#8217; critical network settings with just an SMS-based phishing attack. SMS<\/p>\r\n\r\n\r\n\r\n<p>Whenever you insert a new SIM in your phone and connects to your cellular network for the very first time, your carrier service automatically configures or sends you a message containing network-specific settings required to connect to data services.<\/p>\r\n\r\n\r\n\r\n<p>While manually installing it on your device, have you ever noticed what configurations these messages, technically known as OMA CP messages, include?<\/p>\r\n\r\n\r\n\r\n<p>Well, believe me, most users never bother about it if their mobile Internet services work smoothly.<\/p>\r\n\r\n\r\n\r\n<p>But you should worry about these settings, as installing untrusted settings can put your data privacy at risk, allowing remote attackers to spy on your data communications, a team of cybersecurity researchers told The Hacker News.<\/p>\r\n\r\n\r\n\r\n<figure class=\"wp-block-image\">\r\n<figure id=\"attachment_448\" aria-describedby=\"caption-attachment-448\" style=\"width: 728px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-448\" src=\"http:\/\/zerothcode.com\/blog\/wp-content\/uploads\/2019\/09\/Android-full-chain-zero-click-exploit.png\" alt=\"zerodium prices table\" width=\"728\" height=\"331\" srcset=\"https:\/\/zerothcode.com\/blog\/wp-content\/uploads\/2019\/09\/Android-full-chain-zero-click-exploit.png 728w, https:\/\/zerothcode.com\/blog\/wp-content\/uploads\/2019\/09\/Android-full-chain-zero-click-exploit-300x136.png 300w, https:\/\/zerothcode.com\/blog\/wp-content\/uploads\/2019\/09\/Android-full-chain-zero-click-exploit-20x9.png 20w\" sizes=\"auto, (max-width: 728px) 100vw, 728px\" \/><figcaption id=\"caption-attachment-448\" class=\"wp-caption-text\">zerodium prices table<\/figcaption><\/figure>\r\n<\/figure>\r\n\r\n\r\n\r\n<p>Well, there&#8217;s some good news for hackers and vulnerability hunters, though terrible news for Google, Android device manufacturers, and their billions of users worldwide. SMS<\/p>\r\n\r\n\r\n\r\n<p>The zero-day buying and selling industry has recently taken a shift towards Android operating system, offering up to $2.5 million payouts to anyone who sells &#8216;full chain, zero-click, with persistence&#8217; Android zero-days. SMS<\/p>\r\n\r\n\r\n\r\n<p>Just like other traditional markets, the zero-day market is also a game of supply, demand, and strategy, which suggests either the demand of Android zero-days has significantly increased or somehow Android OS is getting tougher to hack remotely, which is unlikely.<\/p>\r\n\r\n\r\n\r\n<p>In it&#8217;s latest\u00a0<a href=\"https:\/\/zerodium.com\/program.html#changelog\" target=\"_blank\" rel=\"noreferrer noopener\">notification<\/a>, Zerodium\u2014a startup that buys zero-day exploits from hackers, and then probably sells them to law enforcement agencies and nation-sponsored spies around the world\u2014said it&#8217;s looking for hackers who can develop full chain Android exploits.<\/p>\r\n\r\n\r\n\r\n<figure class=\"wp-block-image\">\r\n<figure style=\"width: 728px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/1.bp.blogspot.com\/-JJjIr1FsHcg\/XW93lkpmGHI\/AAAAAAAA07w\/WCSoYIj0aZE0UuVIf8K2HEayoY3JffTKACLcBGAs\/s728-e100\/zerodium-prices-table.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-JJjIr1FsHcg\/XW93lkpmGHI\/AAAAAAAA07w\/WCSoYIj0aZE0UuVIf8K2HEayoY3JffTKACLcBGAs\/s728-e100\/zerodium-prices-table.png\" alt=\"zerodium prices table\" width=\"728\" height=\"500\" \/><\/a><figcaption class=\"wp-caption-text\">zerodium prices table<\/figcaption><\/figure>\r\n<\/figure>\r\n\r\n\r\n\r\n<p>The company is ready to pay up to $2.5 million for such exploits that can be used to gain persistence access on an Android device with no indication and interaction from the target user; a straight 12x jump from its previous price tag of $200,000.<\/p>\r\n\r\n\r\n\r\n<p>While the same type of zero-day exploits for iOS devices are worth $2 million, which is still double than what Apple has recently started offering to hackers to responsibly report\u00a0<a href=\"https:\/\/thehackernews.com\/2019\/08\/apple-bug-bounty.html\" target=\"_blank\" rel=\"noreferrer noopener\">severe deadly exploits<\/a>, described as &#8220;a zero-click kernel code execution vulnerability that enables complete, persistent control of a device&#8217;s kernel.&#8221;<\/p>\r\n\r\n\r\n\r\n<p>Besides Android exploits, Zerodium has also announced to offer $500,000 for submitting new persistence exploits or techniques for iOS, and increased payouts of WhatsApp and iMessage exploits.<\/p>\r\n","protected":false},"excerpt":{"rendered":"<p>Beware! Billion of Android users can easily be tricked into changing their devices&#8217; critical network settings with just an SMS-based<\/p>\n","protected":false},"author":1,"featured_media":447,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[37],"tags":[],"yst_prominent_words":[160,161,165,163,171,172,166,162,168,173,174,185,167,182,170,169,164,186,184,183],"class_list":["post-446","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hackers-news"],"_links":{"self":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts\/446","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/comments?post=446"}],"version-history":[{"count":0,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts\/446\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/media\/447"}],"wp:attachment":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/media?parent=446"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/categories?post=446"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/tags?post=446"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/yst_prominent_words?post=446"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}