• henfredemars@infosec.pub
    link
    fedilink
    English
    arrow-up
    12
    ·
    4 months ago

    Easier is a very relative term. It’ll be really expensive to use a genuine zero-day to do it. Such exploits are few and far between.

    • catloaf@lemm.ee
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 months ago

      But known exploits that have been patched, but not applied because they didn’t update their phone, are plentiful enough.

      Update your phones. Reboot them regularly, too.

      • henfredemars@infosec.pub
        link
        fedilink
        English
        arrow-up
        2
        ·
        4 months ago

        This is true, but becoming an increasingly less important factor because devices now ship with automatic updates enabled by default.

        Personally, if I had to guess as someone who studies exploits for a living, I’d wager the device isn’t the most recent model and is probably a few years old, so there are likely known unpatchable bootrom or firmware bugs that can be used from their private arsenal without having to risk an actual zero day exploit.