Why ‘Zero Day’ Android Hacking Now Costs More Than iOS Attacks

Forums Security News (Security) Why ‘Zero Day’ Android Hacking Now Costs More Than iOS Attacks

  • This topic has 1 voice and 0 replies.
Viewing 0 reply threads
  • Author
    Posts
    • October 8, 2019 at 6:09 am #35213
      Telegram SmartBoT
      Moderator
      • Topic 5959
      • Replies 0
      • posts 5959
        @tgsmartbot

        #News(Security) [ via IoTGroup ]

        Headings…
        Why ‘Zero Day’ Android Hacking Now Costs More Than iOS Attacks

        Auto extracted Text……

        But Maor Shwartz, an independent security vulnerability researcher and founder of the now defunct vulnerability brokerage firm Q-Recon, says the shifts match his own observations.
        “In today’s reality, the majority of targets are Android, and there are less and less vulnerabilities because a lot of them have been patched,” says Shwartz, who spoke about selling zero days to government customers at last month’s Black Hat security conference.
        Shwartz says that a web-based attack that targets a high-end Android phone can now sell for more than $2 million non-exclusively, meaning that the researcher can sell it for that price to multiple buyers.
        That ratio also holds more generally, he says; an Android attack is often worth roughly 30 percent more than its iPhone equivalent.
        It’s long been tougher to find a way into a target device through a phone’s browser on Android than iOS, Shwartz argues, due to the relative security of Chrome versus Safari.
        But the real source of the changes that have made Android exploits more expensive, he says, is the difficulty of finding a so-called “local privilege escalation” exploit for Android, which allows an attacker to gain deeper control of a phone after they’ve already gotten a foothold.
        Thanks largely to increased security measures in Android phones, LPE exploits are now roughly as difficult to find for Android as they are for iOS, Shwartz says.
        Combined with the difficulty of finding a hackable browser vulnerability to start the chain of exploitation, that makes Android a harder—and more expensive—target overall.
        Shwartz credits Android’s increased security partly to its open-source strategy finally paying off.
        “So many vulnerabilities have been patched that the attack surface is decreased dramatically,” says Shwartz.
        Android has androids-huge-security-problem-getting-less-huge/”>long suffered from security patching problems caused by dependence on third-party manufacturers and carriers.
        “If you want to make money, go focus on Android

        Read More..
        AutoTextExtraction by Working BoT using SmartNews 1.0299999999 Build 26 Aug 2019

    • Author
      Posts
    Viewing 0 reply threads
    • You must be logged in to reply to this topic.