- Date: 11 January 2011
- Author: Trevor
- Category: Android, Android Security, Apple, iPhone, iPhone Security, Smartphone, wireless
- Comments: 0
WFTS posted the video of the Smartphone Security piece that aired last night. You can watch the video below.
Yes, that was my wife sending me the rigged SMS message. Thanks Honey!
In all seriousness, the exploit used in the video utilized the Webkit Floating Point Datatype Remote Code Execution Vulnerability (CVE-2010-1807). I used MJ’s exploit code to compromise a stock Verizon Motorola Droid (A855) running Android Eclair (2.1). The exploit code was about 33% reliable, but I found running it against an Eclair Emulator to be far more reliable (~80%).
You can watch a full length video of the exploit demo below. I had put this together to show Michael George of WFTS how an attack might work. This was against an emulated Motorola Droid (A855) running Eclair (2.1).
If you have any questions about either of the videos, or smartphone security, please post them in the comments below. Also, make sure you read the previous posts on our blog regarding smartphone security: