Forums
DoWUK Clan Site :: Forums :: Public Area :: Chit chat
 
<< Previous thread | Next thread >>
Liked this ... found it interesting.
Moderators: Administrator, Mobster, seantheman, Claymore, DazzerG, Ripper, M@vrik, Elvis, B!azey*
Author Post
M@vrik
Sun Dec 18 2016, 05:30pm
The Website Guy

Registered Member #25
Joined: Sat Apr 28 2007, 05:56pm
Posts: 1852
Back to top
seantheman
Mon Dec 19 2016, 11:55pm
Leg-end

Registered Member #5
Joined: Thu Apr 19 2007, 09:02am
Posts: 2525
Yeah I seen this recently. Basically everything the US/UK government have been able to do for a while if they wanted.
Back to top
seantheman
Mon Dec 19 2016, 11:56pm
Leg-end

Registered Member #5
Joined: Thu Apr 19 2007, 09:02am
Posts: 2525
The best reply from reddit I seen was

wrote ...
You think this was bad? He had root access to the phone. If he wanted and adjusted the software appropriately, he could get everything typed into the phone, all the web sites visited, all the passwords, all the session cookies. He could place files on the phone. He could proxy traffic through it so it would appear as if it came from the phone. And in the end, he could most likely brick the phone and wipe the evidence of his backdoor.
Think about it: Stuff starts appearing on the thieves facebook. Thief changes the password, but since he did it using the phone, that doesn't help. The connection came from the phone so it wasn't suspicious. Noone will believe him that he didn't do it if it is something illegal, instead of just embarassing like the vid of him wanking it (including a screenshot of his porn, for good measure).
Audio, video and location scares most ordinary people a lot, but what is in your online accounts can be just as revealing. All your e-mail. Use Dropbox on the phone? All your Dropbox documents. Keep your pirated game in your dropbox? Surprise, it now contains a trojan that will infect any computer where you run it and let the attacker do the same surveillance there. Use reddit? Your reddit username, and password, and history. Including that post that you typed but never sent.
Want to be a bit less on the spying side, and more on the money-making side? How about using "his" phone (whoever has root still owns it, the thief is just providing power, connectivity, his data, and money) to call some additional premium rate numbers? Maybe route some phone calls through it? Some in-app purchases? Or, if the thief is using it as a 2-factor for his banking account and at the same time logs in with it, how about just making a few bank transfers? Any Bitcoins? Well, the keys are on the phone, and root can read them...
Do not steal a phone from an IT person who may have too much time unless you are certain you're smarter than them (in which case stealing phones is probably an inefficient use of your time). And don't buy stolen phones.
Now realize that anyone who manages to exploit your phone can install this kind of software remotely. If your phone doesn't get security updates, now would be a good time to get rid of it. Phones that do receive security updates are reasonably hardened since the system at least tries to isolate the apps from each other (Android and iOS). Desktop computers, not so much.
Now realize that a lot of governments are making laws allowing their agencies to do this. Sometimes with a warrant, sometimes even without, sometimes the warrants are rubber-stamps without any real checking, sometimes the agencies just don't give a shit and do it even if they aren't allowed. Consider taking your privacy a bit more seriously.
If it weren't illegal as fuck, I'd love to prep a phone, have it stolen, and then become the thief's/buyer's worst nightmare.
Edit: Free life-ruining idea of the day: Whenever connected to both WiFi and power, the phone turns into a Tor exit node.
Back to top
M@vrik
Tue Dec 20 2016, 09:58pm
The Website Guy

Registered Member #25
Joined: Sat Apr 28 2007, 05:56pm
Posts: 1852
Very interesting & scary !
Back to top
 

Jump:     Back to top

Syndicate this thread: rss 0.92 Syndicate this thread: rss 2.0 Syndicate this thread: RDF
Powered by e107 Forum System
just using this to see if we can get a google index {DoWUK Link} or click here to get DoWUK into the ATI google listing ... {DoWUK Link}