this post was submitted on 25 Jul 2023
62 points (98.4% liked)
Ask Android
2200 readers
1 users here now
A place to ask your questions and seek help related to your Android device and the Android ecosystem.
Whether you're looking for app recommendations, phone buying advice, or want to explore rooting and tutorials, this is the place for you!
Rules
- Be descriptive: Help us help you by providing as many details as you can.
- Be patient: You're getting free help from Internet strangers, so you may have to wait for an answer.
- Be helpful: If someone asks you for more information, tell us what you can. If someone asks you for a screenshot, please provide one!
- Be nice: Treat others with respect, even if you don't agree with their advice. Accordingly, you should expect others to be nice to you as well. Report intentionally rude answers.
- No piracy: Sharing or discussing pirated content is strictly prohibited. Do not ask others for a paid app or about how to acquire one.
- No affiliate/marketing links: Posting affiliate links is not allowed.
- No URL shorteners: These can hide the true location of the page and lead people to malicious places.
- No lockscreen bypasses: Please do not comment, link, or assist with bypassing lock screens or factory reset protection.
- No cross-posting: Please take the time to make a proper post instead of cross-posting.
Other Communities
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
“Your” phone belongs to some overseas crime ring and they're letting you borrow it. That's how insecure it is.
Doesn't even matter if you install apps or not. Plenty of RCE vulnerabilities crop up that require zero user intervention to exploit.
True that many potential RCEs are found, but I think there are a few points to keep in mind.
Plenty of RCEs are in privileged components, like the operating system or the baseband firmware.
And yes, it is correct to assume that any attacker-controlled memory corruption is likely an RCE vulnerability.
The baseband firmware is not so privileged anymore. Most new phones, like the Google Pixel 7, have IOMMU to force the baseband to communicate through a very restricted interface to the kernel. Certainly, you can interfere with texts and calls, but a baseband RCE doesn't yet compromise the data stored on the phone by itself--not to diminish the seriousness or to suggest that we shouldn't patch such an exploit immediately.
RCE, the "remote" aspect, in the operating system? So directly in the kernel and accessible remotely, such as through the networking code? I'm curious now. Most of the ones I've seen are in some other component that is sandboxed. True system-level privilege RCEs seem to be relatively rare. Usually, you get RCE, then you need privilege escalation to do something especially interesting.
Indeed; I'm sometimes able to leverage even a few bits of memory corruption into execution in many cases, though the hardened allocator in Android makes this a serious PITA to arrange to overwrite something useful.