isma_m_13
10/04/19, 12:31:51
Pues como digo en el titulo han encontrado una manera de acceder a un menu oculto en el s9+ desde la calculadora. Del cual podria - Grabar la pantalla, tcpdump, recogida de datos sin que el usuario se enterase.
Dispositivos afectado: TODOS - Samsungs
"Cualquiera que sea tu modelo, un atacante con acceso físico a tu teléfono puede capturar tu tráfico de red sin tu consentimiento"
Toda la noticia os la dejo aqui: https://twitter.com/fs0c131y/status/1115889065285562368
Por si no queréis entrar os la pongo aquí también.
THREAD: If you have a samsungMobile phones, whatever your phone model, an attacker with a physical access to your phone can capture your network traffic without your consent. Let me show you
Step 1: Open the Calculator app
Step 2: Type (+30012012732+
The DRParser Mode app is launched
Step 3: Type *#9900#
The Service Mode app is launched. You have already a lot of cool options:
- run dumpstate/logcat/modem log
- enable silent logging from boot
- media db dump
- enable seclog
- ...
Wait why these 3 buttons are in black?
Low battery dump, tcp dump start, IMS logger, it looks like cool things
tcpdump is a command-line packet analyzer, it is use a lot to capture network traffic
When I click on the "tcp dump start" button, a pop up appears. They implemented an OTP mechanism.
Wait a second, my phone is not connected to Internet, so this OTP mechanism is a local mechanism. Time for some magic
I reversed the ServiceMode app and created a small proof of concept with the CheckOTP method.
Now, I can run my POC, enter the key given in the pop up and hop tcpdump is running on the phone aka all the network traffic is captured
To retrieve the capture:
1. Click on "TCP DUMP STOP"
2. Click on "COPY TO SDCARD"
The capture is available in /sdcard/log/tcpdump/tcpdump_[interface]_[timestamp].pcap
Bonus: You can also record the victim' screen for 1 hour
Step 1: Click on the "IMS LOGGER" button (one of the 3 black buttons).
IMSLogger+ is launched
Step 2: Click on "Filter Options"
Step 3: Enable the "Record screen" option and voila!
The video will be available in /sdcard/ims_logs/
These issues has been disclosed responsibly to Samsung 3 weeks ago.[/INDENT]
Dispositivos afectado: TODOS - Samsungs
"Cualquiera que sea tu modelo, un atacante con acceso físico a tu teléfono puede capturar tu tráfico de red sin tu consentimiento"
Toda la noticia os la dejo aqui: https://twitter.com/fs0c131y/status/1115889065285562368
Por si no queréis entrar os la pongo aquí también.
THREAD: If you have a samsungMobile phones, whatever your phone model, an attacker with a physical access to your phone can capture your network traffic without your consent. Let me show you
Step 1: Open the Calculator app
Step 2: Type (+30012012732+
The DRParser Mode app is launched
Step 3: Type *#9900#
The Service Mode app is launched. You have already a lot of cool options:
- run dumpstate/logcat/modem log
- enable silent logging from boot
- media db dump
- enable seclog
- ...
Wait why these 3 buttons are in black?
Low battery dump, tcp dump start, IMS logger, it looks like cool things
tcpdump is a command-line packet analyzer, it is use a lot to capture network traffic
When I click on the "tcp dump start" button, a pop up appears. They implemented an OTP mechanism.
Wait a second, my phone is not connected to Internet, so this OTP mechanism is a local mechanism. Time for some magic
I reversed the ServiceMode app and created a small proof of concept with the CheckOTP method.
Now, I can run my POC, enter the key given in the pop up and hop tcpdump is running on the phone aka all the network traffic is captured
To retrieve the capture:
1. Click on "TCP DUMP STOP"
2. Click on "COPY TO SDCARD"
The capture is available in /sdcard/log/tcpdump/tcpdump_[interface]_[timestamp].pcap
Bonus: You can also record the victim' screen for 1 hour
Step 1: Click on the "IMS LOGGER" button (one of the 3 black buttons).
IMSLogger+ is launched
Step 2: Click on "Filter Options"
Step 3: Enable the "Record screen" option and voila!
The video will be available in /sdcard/ims_logs/
These issues has been disclosed responsibly to Samsung 3 weeks ago.[/INDENT]