Remote, One-Click, Breaking through Smartphones via a Non Well-Known Remote Attack Surface

Date:

Instant messaging application (such as iMessage and WhatsApp) is an important remote attack surface for smartphones, often used by spyware as the first step in APT attacks, and has received great attention in the past. Carrier Based video calling, as a native video calling feature of mobile phones, is also a major remote attack surface for smartphones. We have discovered fatal 0-day vulnerabilities in some native Carrier Based video calling of mobile phones, which have been present for at least 7 years. As long as the target accepts our video call invitation, we can exploit these vulnerabilities to remotely obtain code execution permissions for the target phone’s system. In this session, we will introduce this remote attack surface we have discovered and provide a few examples to illustrate the potential issues and impacts that may arise within this attack surface.

Slide is available at here.