Phone hacked by visiting ANY website

turkeydance

Well-Known Member
Life Member
Supporting Member
Joined
Jul 17, 2017
Messages
4,434
Location
nc
Rating - 100%
4   0   0
Last edited:
What is WhatsApp mentioned in the article? People are always trying to get me to put it on my phone.
 
The article is about WhatsApp? Weird given popularity that something like that wouldn’t have been uncovered years ago?
 
The article is about WhatsApp? Weird given popularity that something like that wouldn’t have been uncovered years ago?
It was mentioned, and I asked what it was, because people are always trying to get me to put it on my phone, and I have no idea what it is.
 
It was mentioned, and I asked what it was, because people are always trying to get me to put it on my phone, and I have no idea what it is.

Its basically An Encrypted internet messenger and phone/video platform...

I often need to speak with folks in other countries for work and have used it a bunch. Didn’t read this article yet though just saw you noted it...
 
What is WhatsApp mentioned in the article? People are always trying to get me to put it on my phone.
whatsapp is ... or used to be... a GREAT comm app. You could do encrypted communications, and it had great visuals before facetime/zoom became so popular.
When I was in MX a few years back, I talked to Carole over WhatsApp every day.
I understand Facebook bought it.
When that happened, I quit using it.
 
whatsapp is ... or used to be... a GREAT comm app. You could do encrypted communications, and it had great visuals before facetime/zoom became so popular.
When I was in MX a few years back, I talked to Carole over WhatsApp every day.
I understand Facebook bought it.
When that happened, I quit using it.
I got a little suspicious because many, many strangers on messenger were ordering me to put it on my phone. Insisting! So, no thanks! Maybe I'm paranoid?
 
Our Team in Asia can only use WeChat. Can't use dropbox, Facebook, Google, Twitter, Microsoft.... only WeChat.

I have it on my phone and I know it is pinging all my data to the CCP.... oh well. They will have to get inline behind the other Alphabets....
 
  • Like
Reactions: Me.
I got a little suspicious because many, many strangers on messenger were ordering me to put it on my phone. Insisting! So, no thanks! Maybe I'm paranoid?
I have it, use it with my Masonic group.
 
Ok, so, if you look at the article, I'll break this down a little bit.

First, have you heard for a few years about the "Stingrays," cops use? That's where they use a device to impersonate a cell tower, and get it close to you. Your phone see's there's a cell tower that is closer/more powerful, and hops on to it. Traditionally, cops did this so they could intercept calls and texts from suspected criminals, spying on them.

With the advent of encrypted communication, like WhatsApp(encrypted calls) and Signal(encrypted texts), they had to up their game. If things were encrypted, even if they intercepted the messages, they couldn't tell what is being said. So, the next level of the arms race is to infect the phone itself.

You'll notice that the article shows a graphic that mentions "Pegasus." This is the malware that they are talking about in the article. Remember how the government is using that Stingray? That means they are the 'man in the middle' between you and your destination. They can't read your encrypted texts. But what else can they do? They can see, for example, you made a request to visit "google.com"

Now, here is where limitations come in. If you visit a website that is common, like google, they can make a fake website, that looks like google, and has the Pegasus virus hidden into it. Loading the webpage loads the webpage into your cache, and the malware along with it, it then runs. They then forward all the information you send, like searching for something, to the actual web page, leaving you none the wiser. The limitation is that it has to be a common webpage they have time to set up and make a forgery. So, google, yes. CarolinaFirearmsForum? Doubt they made a forgery of that.

Now to the malware. Pegasus is a nasty little girl. Works on Ios, Android, and Blackberry. Works a bit different on each flavor, but the general idea is that they 'jailbreak' the phone. You've heard of jailbreaking, which allows you to put what you want on your phone? Same think. This allows them to, for example, put hooks on apps like Facebook, Whatsapp, etc, and see what you are doing. Pull your location data, who you've called, turn on the microphone and log keystrokes, so they can hear what you say, and register what you write.

Next, this is a commercial malware, sold to big companies and governments, law enforcement, intelligence. It's expensive. It is mostly used by third world countries to track journalists and dissidents. Not a nice thing, but again, it's expensive. Have you made enemies of multimillionaire's that really want to track your every move? Next, you'll note this malware disables updates. That's because Android and IOS updates, I believe since 2016 for IOS and 2017 for Android, have protected against this. You know how people have been saying they like their five year old phone, and the updates slow it down? This is why you update your phone. Update your phone. Get a phone that get's regular security patches. Newer iphones, Pixels, newer Samsungs. Update, update, update.

TL;DR - Unless you are someone like Glenn Greenwald, AND don't update your phones, you probably don't need to worry about this.
 
  • Like
Reactions: Me.
Take a look into TikTok.
https://www.forbes.com/sites/zakdof...ing-on-millions-of-iphone-users/#1a52379634ef

As I reported on June 23, Apple has fixed a serious problem in iOS 14, due in the fall, where apps can secretly access the clipboard on users’ devices. Once the new OS is released, users will be warned whenever an app reads the last thing copied to the clipboard. As I warned earlier this year, this is more than a theoretical risk for users, with countless apps already caught abusing their privacy in this way.

Worryingly, one of the apps caught snooping by security researchers Talal Haj Bakry and Tommy Mysk was China’s TikTok. Given other security concerns raised about the app, as well as broader worries given its Chinese origins, this became a headline issue. At the time, TikTok owner Bytedance told me the problem related to the use of an outdated Google advertising SDK that was being replaced.
 
@pinkbunny

Are you talking about a system update on the phone? Mine was last updated a little over two years ago but also says no new updates available.

I have a S6 because of the poors.
 
That explains a lot. :p My uncle and two cousins were state officers out of Charlotte.
You a member?
Nothing wrong with a fraternity of good men with morals etc
 
You a member?
Nothing wrong with a fraternity of good men with morals etc
I have thought about it a few times but never "asked". I have been told by tons of people I should ask but I'm not the super outgoing type in real life.
 
  • Like
Reactions: HMP
I have thought about it a few times but never "asked". I have been told by tons of people I should ask but I'm not the super outgoing type in real life.
Brother, its not as 'bad' as you might think.
I, too, am not outgoing, but doing a meeting about once a month, typically with a VERY good meal before or after, makes for a nice evening.
 
@pinkbunny

Are you talking about a system update on the phone? Mine was last updated a little over two years ago but also says no new updates available.

I have a S6 because of the poors.
https://www.digitaltrends.com/mobile/galaxy-s6-and-s6-edge-reach-end-of-life/

Operating System updates are nice and all, but it's Security updates that I specifically mean. I think I read that the last one the S6 got was January 2019.
Think of it like this. Let's say there is a evil vulnerability found in 2018. Here's an example of one:
https://nvd.nist.gov/vuln/detail/CVE-2018-9465

That one has the potential to allow a bad guy to escalate privileges, in other words, give the malicious user root access to run code without your permission, and Android version 7-9 are vulnerable. Did anyone turn that vulnerability into something usable, an exploit with a payload? No idea, the potential of a danger doesn't actually mean someone has acted on it.

So, you got security fixes through January 2019, and will be protected against it. What that means, is what if an exploit is found February 2019 or later? You wouldn't have any patches to protect you against it. That's why regular security updates are important. That's why, even though people don't like that Windows 10 forces updates, it's an important, good step in the right direction.
For example, this vulnerability:
https://nvd.nist.gov/vuln/detail/CVE-2019-2176#vulnCurrentDescriptionTitle
Was discovered after you got your last security patch, meaning, if someone was to turn this vulnerability into an exploit and make a payload for it, you'd be vulnerable. Mitre is always difficult to read, I know some of those guys, real nerds, but it sounds like a buffer overflow attack allowing remote code execution. Again, just because a vulnerability exists, does not mean it's been weaponized, just that the potential exists.

That's why it's important to stay up to date with newer phones. Not for the bells and whistles, but for security and patching.
Believe me, I know, I'm a poor too. Just graduated, waiting to see if job offers go through. I buy used phones off Swappa.
https://swappa.com/listing/view/LUGM79959 <-relatively cheap at $125, and will get security updates for years to come.

-------
Here's a famous example:
https://en.wikipedia.org/wiki/Shellshock_(software_bug)
This was discovered in 2014, and meant that basically any linux system was vulnerable to having code run on it. I could be on your system, write some malicious code, but I can't run it, because I'm not root. But, if I typed a few keystrokes in, it would trick the system into letting it run. Just hours after this was released, people were pwning boxes with it. But it was quickly patched, because of just how dangerous it is.
But lots of companies never patched it, because, well, patching is not on their list of priorities, and are still vulnerable to this day. And think of those small devices in your home, like smart thermometers and refrigerators, digital picture frames, printers, etc. A lot of those run linux, because it's free. And, because older versions of linux require less computing power, a lot of them have the old, unpatched versions of linux running.
That's why patching is important. Your patch is only as good as the next vulnerability found, which is why continuous patching is important.
 
Last edited:
Back
Top Bottom