Related
Hi,
My phone was recently compromised with a sophisticated RAT. The exploits the RAT used were picked up by CM security and CM said it found.
1. Towel Root Exploit
2. Fake ID Exploit - something to do with exploiting Android certificates.
The thing is I have never rooted the phone or done anything other than a factory reset and purchased it new.
I'm concerned this may have been planted by someone close to me and need information to ensure I am safe in future.
How possible is it that this was carried out physically? the hacker who planted the RAT had physical access to my phone?
There is also other evidence which I can supply which was suggesting my phone had been flashed without my knowledge as well.
Any help would be greatly appreciated.
UPDATE: I just did a factory reset and reinstalled CM and again the exploits were found. How is this possible? Is the malware embedded in my ROM?
-Tim
timmyhall83 said:
Hi,
My phone was recently compromised with a sophisticated RAT. The exploits the RAT used were picked up by CM security and CM said it found.
1. Towel Root Exploit
2. Fake ID Exploit - something to do with exploiting Android certificates.
The thing is I have never rooted the phone or done anything other than a factory reset and purchased it new.
I'm concerned this may have been planted by someone close to me and need information to ensure I am safe in future.
How possible is it that this was carried out physically? the hacker who planted the RAT had physical access to my phone?
There is also other evidence which I can supply which was suggesting my phone had been flashed without my knowledge as well.
Any help would be greatly appreciated.
UPDATE: I just did a factory reset and reinstalled CM and again the exploits were found. How is this possible? Is the malware embedded in my ROM?
-Tim
Click to expand...
Click to collapse
1) Towel root is an application used to root phones, it itself is not malware
2) FakeID is a vuln, but not one to get worked up over and not introduced by malware
CM Security is utter garbage, and is only popular due to the shear amount of spamming that company has done. I have deleted a ton of their spam from here. Use Lookout if you want movie anti virus software. Delete that trash of an app CM.
jcase said:
1) Towel root is an application used to root phones, it itself is not malware
2) FakeID is a vuln, but not one to get worked up over and not introduced by malware
CM Security is utter garbage, and is only popular due to the shear amount of spamming that company has done. I have deleted a ton of their spam from here. Use Lookout if you want movie anti virus software. Delete that trash of an app CM.
Click to expand...
Click to collapse
Towel root is an exploit and can be packaged into malicious apps. If you do a Google search on this there are various articles explaining how it will be a nightmare for security firms due to this reason.
timmyhall83 said:
Towel root is an exploit and can be packaged into malicious apps. If you do a Google search on this there are various articles explaining how it will be a nightmare for security firms due to this reason.
Click to expand...
Click to collapse
Yeah I dont need garbage from a google search, I know what it is and how it works, doesnt change statement.
jcase said:
Yeah I dont need garbage from a google search, I know what it is and how it works, doesnt change statement.
Click to expand...
Click to collapse
Solid logic my friend.
I'll save you the hassle of searching and offer you this quote from an AVAST Virus Lab expert.
“Even though TowelRoot is not malicious itself, it may be misused as an exploit kit. Generally, TowelRoot can be used as a delivery package for malicious applications,” explained Filip Chytry, an AVAST Virus Lab expert on mobile malware. “It’s capable of misusing a mistake in Android code which allows attackers to get full control over your Android device. TowelRoot itself is more a proof-of-concept, but in the hands of bad guys, it can be misused really quickly. For this reason we added it to our virus signatures, so Avast detects it as Android:TowelExploit.” - Quoted from - blog.avast.com/2014/06/20/samsung-galaxy-s5-and-other-popular-phones-vulnerable-to-towelroot-android-exploit/
timmyhall83 said:
Solid logic my friend.
I'll save you the hassle of searching and offer you this quote from an AVAST Virus Lab expert.
“Even though TowelRoot is not malicious itself, it may be misused as an exploit kit. Generally, TowelRoot can be used as a delivery package for malicious applications,” explained Filip Chytry, an AVAST Virus Lab expert on mobile malware. “It’s capable of misusing a mistake in Android code which allows attackers to get full control over your Android device. TowelRoot itself is more a proof-of-concept, but in the hands of bad guys, it can be misused really quickly. For this reason we added it to our virus signatures, so Avast detects it as Android:TowelExploit.” - Quoted from - blog.avast.com/2014/06/20/samsung-galaxy-s5-and-other-popular-phones-vulnerable-to-towelroot-android-exploit/
Click to expand...
Click to collapse
I work fulltime in the mobile security industry "my friend". I analyze a large number of malware and exploit samples, on frequent basis. I'm well aware of what TowelRoot is, and did the first third party analysis of the exploit (as GeoHot shared a copy a day early with me).
That whole statement is rather poor, and misinformed. The Futex vulnerability, which is what towel root uses, is not even in Android code, its in the Kernel code. TowelRoot is not a proof of concept, its a full blown exploit doing it's designed purpose. Towelroot, as is, can not be used as a "delivery package".
Next time before coming with attitude against someone helping you, please do your research.
jcase said:
I work fulltime in the mobile security industry "my friend". I analyze a large number of malware and exploit samples, on frequent basis. I'm well aware of what TowelRoot is, and did the first third party analysis of the exploit (as GeoHot shared a copy a day early with me).
That whole statement is rather poor, and misinformed. The Futex vulnerability, which is what towel root uses, is not even in Android code, its in the Kernel code. TowelRoot is not a proof of concept, its a full blown exploit doing it's designed purpose. Towelroot, as is, can not be used as a "delivery package".
Next time before coming with attitude against someone helping you, please do your research.
Click to expand...
Click to collapse
I have done my research. It's seems out of the ordinary that a quote from a company representative of a major anti-virus firm would be 'rather poor, and misinformed'. Who's a more reliable source you or him?
I'm not coming with an attitude against anyone, if anything your second response was coming against me with attitude.
timmyhall83 said:
I have done my research. It's seems out of the ordinary that a quote from a company representative of a major anti-virus firm would be 'rather poor, and misinformed'. Who's a more reliable source you or him?
I'm not coming with an attitude against anyone, if anything your second response was coming against me with attitude.
Click to expand...
Click to collapse
Its not out of the ordinary, its called FUD and rather common.
In this case, me.
My second post had no attitude,
This is your THIRD thread about this topic, you have your answers. You seem not to like the answers.
jcase said:
Its not out of the ordinary, its called FUD and rather common.
In this case, me.
My second post had no attitude,
This is your THIRD thread about this topic, you have your answers. You seem not to like the answers.
Click to expand...
Click to collapse
Okay so explain to me, what would be the point of anti-virus companies adding the exploit to their databases if it can't be used for malicious purposes?
Your reply came of as pretty arrogant so yeah it did have attitude.
timmyhall83 said:
Okay so explain to me, what would be the point of anti-virus companies adding the exploit to their databases if it can't be used for malicious purposes?
Your reply came of as pretty arrogant so yeah it did have attitude.
Click to expand...
Click to collapse
The vulnerability can, that exploit as is can't as it requires user interaction.
More detections, more pop ups they show customers, more sales they get.
You have been given you answer here, and in the other two threads. I am closing this thread, please do not repost this question to other sections.
Hi there.
Just in case you missed it...Good news for everyone.
Since HackingTeam was hacked (and their source code was leaked) we all can root our devices like they used to do with their spy tool (they were able to root all devices included those with sepolicy enabled)
The exploits are publicly available (with the source code) hey devs, take a look.
https://github.com/hackedteam/core-android-native
Systems affected:
http://www.cvedetails.com/cve/2014-3153
http://www.cvedetails.com/cve/CVE-2013-6282
it's just a matter of time and a new wave of "rooting tools" will come out....
meanwhile do not update your systems 'cause the patches will roll out very quickly, I suppose.:laugh::laugh::laugh:
If I'm not mistaken, towelroot already covered those CVEs didn't it?
tabp0le said:
If I'm not mistaken, towelroot already covered those CVEs didn't it?
Click to expand...
Click to collapse
Yeah, I guess not seeing the years 2013/2014 in the links wasn't obvious enough...someone just wants views/thanks..
tabp0le said:
If I'm not mistaken, towelroot already covered those CVEs didn't it?
Click to expand...
Click to collapse
towelroot was only one of the three exploits (+1 for the selinux injection).
The futex and put_user ones are brand new. moreover, in the code, you can see more hacks targeted at samsung devices AND knox.
Hello all,
I was wondering if it would be possible for a developer to make use of vulnerability CVE-2016-0728 to gain root and inject SuperSU or others to gain permanent root on currently unrootable devices.
"perception-point(dot)io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/"
Another article here "databreachtoday(dot)com/zero-day-flaw-found-in-linux-a-8808" says that most android phones are vulnerable, even with SELinux enabled, and that it might just be harder.
I realize that I am not a developer and wouldn't understand at all how these vulnerabilities work, but I am just hoping that someone sees this. sorry I cannot post links yet.
Here's an active link for those interested- http://perception-point.io/2016/01/...f-a-linux-kernel-vulnerability-cve-2016-0728/
I actually came here looking for discussion about patching this newly discovered vulnerability, but the OP's question is intriguing to the non-developer.
windowsman01 said:
Hello all,
I was wondering if it would be possible for a developer to make use of vulnerability CVE-2016-0728 to gain root and inject SuperSU or others to gain permanent root on currently unrootable devices.
"perception-point(dot)io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/"
Another article here "databreachtoday(dot)com/zero-day-flaw-found-in-linux-a-8808" says that most android phones are vulnerable, even with SELinux enabled, and that it might just be harder.
I realize that I am not a developer and wouldn't understand at all how these vulnerabilities work, but I am just hoping that someone sees this. sorry I cannot post links yet.
Click to expand...
Click to collapse
This is definitely something I'm interested in as well. I have a verizon galaxy s5 that my wife updated to latest lollipop and can't root it. If I could get super-su injected and then patch this it would be awesome!
I think there is potential.
However: "The vulnerability affects any Linux Kernel version 3.8 and higher. SMEP & SMAP will make it difficult to exploit as well as SELinux on android devices."
windowsman01 said:
Hello all,
I was wondering if it would be possible for a developer to make use of vulnerability CVE-2016-0728 to gain root and inject SuperSU or others to gain permanent root on currently unrootable devices.
Click to expand...
Click to collapse
some people are interested in it if you see the comments
https://gist.github.com/PerceptionPointTeam/18b1e86d1c0f8531ff8f
jb789 said:
Here's an active link for those interested- http://perception-point.io/2016/01/...f-a-linux-kernel-vulnerability-cve-2016-0728/
I actually came here looking for discussion about patching this newly discovered vulnerability, but the OP's question is intriguing to the non-developer.
Click to expand...
Click to collapse
A Dutch consumer organization (consumentenbond) is sueing Samsung for the lack of security updates on their devices.
Here a link in English.
Now i wonder. I have for example a smartphone from the Chinese manufacturer 'No.1". I think No.1 users will never get a update about for example 'Linux Kernel Vulnerability (CVE-2016-0728)'.
What do you think, is their a possibility that if the Dutch consumer organization wins the battle, that we can sue all Android device builders who lack the priority of Android security updates?
I just send this email to No.1, curious is they reply (guess not,probably select and past in trashbin) :
Hello No.1 employee.
First of all, i'm very satisfied about my No.1 X6800 smartphone.
But i'm a bit dissapointed when i ask a question as consumer, and don't get any reply of the manufacturer of my smartphone.
I asked long time ago for a recovery / update rom for the No.1 X6800 on your website as firmware download. I see other phones roms , but not the X6800 rom.
But now..
A big security leak is found in the Linux kernel. (Linux Kernel Vulnerability (CVE-2016-0728)).
So i hope that the build in update app of the X6800 will offer me a update in future days.
May i remind you for the next thing: Consumentenbond takes Samsung to court for its poor update policy for smartphones.
Here a link: https://www.consumentenbond.nl/nieuws/attachment/20160118_Consumentenbond_takes_Samsung_to_court.pdf
Then i think, isn't it your duty to give us consumers of No.1 smartphones Android security updates ?
Click to expand...
Click to collapse
Sounds like it's unlikely to be exploited on Android, but still, it should be patched:
http://www.zdnet.com/article/how-to-fix-the-latest-linux-and-android-zero-day-flaw/
Over 900 Million Android Phones Vulnerable to New 'QuadRooter' Attack
http://thehackernews.com/2016/08/hack-android-phone.html
https://play.google.com/store/apps/details?id=com.checkpoint.quadrooter
...it seems that running latest MM shows we are vulnerable for CVE-2016-2059, CVE-2016-2504,CVE-2016-2503.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2059
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-2504
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2503
Anyone, who really understand that / capable of rooting, can comment on that ?
Also I would be wondering if rooting our phones ourselves helps us to defend until LG fix that. And we all know how LG is slow....
Yes, my LG V10 is vulnerable to all four vulns. For MM users, this should be our ticket to root!
shaarky said:
Anyone, who really understand that / capable of rooting, can comment on that ?
Also I would be wondering if rooting our phones ourselves helps us to defend until LG fix that. And we all know how LG is slow....
Click to expand...
Click to collapse
I've seen many companies that were much slower at getting out security updates. Sounds like there is some potential there, but "gain privileges" covers a lot of space. This may well be useful for rooting, but could be more theoretical than useful. Someone with real cracking experience would have to comment (I've generally tried to avoid actual cracking).
xdauser15330 said:
Yes, my LG V10 is vulnerable to all four vulns. For MM users, this should be our ticket to root!
Click to expand...
Click to collapse
I think shaarky was looking for an opinion from someone who has actively done cracking, not merely a confirmation of a device being vulnerable.
Firstly, if your device doesn't use Qualcomm hardware(not likely though), you seem safe. The quadroot vulnerabilities in their system, as far as I've heard. Secondly, if you don't allow apps from unknown sources, you're pretty safe. Google has been aware for some time, and had confirmed that the play store is scanning for apps that attack these vulnerabilities. With the next round of updates these should be patched. Fingers crossed.
Some of us want any willing dev to use these exploits to garner root.
Hello everyone. I decided to start this thread so we would have a new outlet to discuss root, not having it, and anything else that pertains to rooting the US Snapdragon variant (or any locked bootloader Snapdragon for that matter).
I for one do like root on Samsung devices. I feel that the services, logging, etc that Samsung puts on these phones is at best excessive, at worst, a violation of privacy. I use root o disable these services and anything that I don't believes warrants running in the background.
I also like to use host level ad blocking which can only be done with root (AFAIK).
So, the poll asks the question...
Do you want root?
Feel free to discuss anything root related in this thread.
Please be respectful of others opinions!
I personally love flashing custom roms on my android devices and that's the main reason I want root on this device. There was a thread before but it got locked, apparently we only have like 1 person working on root and that was then - don't know if that has since changed. I personally don't know much about the process and don't even know where to begin learning how to accomplish something like this. I offered help before but was quickly informed there was nothing I can do to "help" without vast amounts of this type of knowledge.
https://drive.google.com/file/d/1Vq567mIA11gv4Ovp1RZo1rpCesrueqCr/view?usp=drivesdk
Can this be related to any type of exploit for root?
215Aphillyated said:
https://drive.google.com/file/d/1Vq567mIA11gv4Ovp1RZo1rpCesrueqCr/view?usp=drivesdk
Can this be related to any type of exploit for root?
Click to expand...
Click to collapse
"Google Drive
You need permission
Want in? Ask for access, or switch to an account with permission. Learn more
You are signed in as scott...."
Can you make the document public?
Kcrick said:
I personally love flashing custom roms on my android devices and that's the main reason I want root on this device. There was a thread before but it got locked, apparently we only have like 1 person working on root and that was then - don't know if that has since changed. I personally don't know much about the process and don't even know where to begin learning how to accomplish something like this. I offered help before but was quickly informed there was nothing I can do to "help" without vast amounts of this type of knowledge.
Click to expand...
Click to collapse
Yeah, I would really like to build a ROM. Its been couple years and I got that itch to optimize my phone.
Scott said:
Yeah, I would really like to build a ROM. Its been couple years and I got that itch to optimize my phone.
Click to expand...
Click to collapse
Since your a recognized developer you just might be the person we need. If you have the time that is. I wasn't really into rooting this phone but now I have the itch too. Lol
Nope, the only reason I used to root on all my phones was to get rid of the ads. Now with apps available to do the same, I don't feel the need to root.
I want root for xposed and/or magisk.
Otherwise to disable packages I use adhell 3 (no root needed) as I don't want to trip Knox yet...
---------- Post added at 02:44 PM ---------- Previous post was at 02:43 PM ----------
I want root for xposed and/or magisk.
Otherwise to disable packages I use adhell 3 (no root needed) as I don't want to trip Knox yet...
Yes... I want to have control over the device. for privacy, customization, optimization, TWRP/Titanium backups, remove silly warnings, extend device life post mfg support, etc
Imagine buying a car and not being able to open up the hood........................................ total BS........
IndDoc said:
Nope, the only reason I used to root on all my phones was to get rid of the ads. Now with apps available to do the same, I don't feel the need to root.
Click to expand...
Click to collapse
This is the main reason I want to root my phone, do you mind mentioning which apps you're using to block ads at the host file level?
Almightystef said:
This is the main reason I want to root my phone, do you mind mentioning which apps you're using to block ads at the host file level?
Click to expand...
Click to collapse
Adhell 3. Look it up on google, can't discuss it on xda.
lightninbug said:
Why not make a thread for people who want a million dollars too? Of course we all want root! However, I am no longer working on it, which now leaves ZERO Devs working on it. They/We have all left the device. It's looking rather bleek guys/gals.
Click to expand...
Click to collapse
Hey Guy, please don't post nonsense in my thread. You have no clue who is working on what. You pretend like you some sort of developer and you know how to crack this system but when I asked you what you accomplished or even looked at you didn't really seam to have a clue. Also, someone working on root doesn't talk about it... They just do it.
All of your posts in that thread were atrocious. You are a very rude, ill mannered person that lacks any communication skills.
So please... Stop posting rude, unneeded comments in this thread!
Scott said:
Hey Guy, please don't post nonsense in my thread. You have no clue who is working on what. You pretend like you some sort of developer and you know how to crack this system but when I asked you what you accomplished or even looked at you didn't really seam to have a clue. Also, someone working on root doesn't talk about it... They just do it.
All of your posts in that thread were atrocious. You are a very rude, ill mannered person that lacks any communication skills.
So please... Stop posting rude, unneeded comments in this thread!
Click to expand...
Click to collapse
Just because I'm telling you want you don't want to hear, doesn't mean I'm being rude. Did I call you any names? No I did not. I have been EXTENSIVELY working on rootting our device. Me and several (14) others started in telegram about a week or two after the device was released. Over time people left for Exynos, gave up, or went for other devices, leaving it to just me. And now I have moved on.
I'm letting you know that there are NO KNOWN BIG Devs working on rooting the snapdragon S9+. Is there someone working on it silently, that isn't known to this community/others, or has no previous exploit releases? I can't speak for that. I can speak for myself and others who were working on it, we are on to other projects now.
We put well over 200+ hours into it. Again, there's no way to fully "write up" what we all tried....We did all the OBVIOUS, and MORE. I have more important things to do with my time, than to write you a report as to what we did. Be glad you got this much of an explanation. The root was that much of a concern to you you would have been in the boat (telegram chat) since the beginning. Good luck on root, and good luck finding any andvanced developers to work on it for you.
TLDR: Keep praying for "Joe Schmo" to release root for you guys. There are absolutely zero WELL KNOWN developers working on it. SORRY IF IT'S BLUNT AND NOT WHAT YOU WANT TO HEAR.
And to OP.. Prove me wrong.
Scott said:
Hello everyone. I decided to start this thread so we would have a new outlet to discuss root, not having it, and anything else that pertains to rooting the US Snapdragon variant (or any locked bootloader Snapdragon for that matter).
I for one do like root on Samsung devices. I feel that the services, logging, etc that Samsung puts on these phones is at best excessive, at worst, a violation of privacy. I use root o disable these services and anything that I don't believes warrants running in the background.
I also like to use host level ad blocking which can only be done with root (AFAIK).
So, the poll asks the question...
Do you want root?
Click to expand...
Click to collapse
For Which devices US S9s.
Sent from my SM-G965U using XDA Free mobile app
Son Rise said:
For Which devices US S9s.
Sent from my SM-G965U using XDA Free mobile app
Click to expand...
Click to collapse
Any variant. Its just a discussion about root despite what some of the more rude people on XDA think. Its just a place to talk about it.
I use Samsung Pay as my primary means of payment on a daily basis so much that if it wasn't for needing a physical drivers licenses I would just leave my wallet at home at this point. If Root breaks Samsung Pay then it's not something I would want.
DaPoets said:
I use Samsung Pay as my primary means of payment on a daily basis so much that if it wasn't for needing a physical drivers licenses I would just leave my wallet at home at this point. If Root breaks Samsung Pay then it's not something I would want.
Click to expand...
Click to collapse
Thats a real good point! I feel the same way. I have been thinking alot about a digital D/L that would be stored on your phone. If that could happen, I would no longer need a wallet. I think all but one of my credit and debit cards are on Samsung Pay.
I do really love rooting most specially for blocking ads, since non root adblocker used VPN to omit ads which compare to root can be easily add via hosts file without additional software/task (which obviously draining additional battery). also my wifi tools can be run via root only. and wanted to do more and it is only possibe via rooted phone.
though there is a rooting method already in here but seems i cant keep up on that much besides I cant use any pc for now. is rooting like flashing zip file possible as what older devices can be easily did? or way more easier rooting method than currently in here is way much better.
thanks
Sent from my Samsung Galaxy S9+ using XDA Labs
Root is a must! Phones these days are like computers and when I pay $$$ for a flagship phone, I expect I get "full control" over my device. Samsung Pay is "nice to have" but Viper for audio, Adaway, Titanium backup, TWRP are a must to enjoy my device to its full extent.