|
Why is "tries to detect Android x86" malicious?
|
# ? Jan 9, 2021 17:09 |
|
|
# ? Mar 28, 2024 20:41 |
|
I assume it's anti-Sandbox which is pretty sus
|
# ? Jan 9, 2021 17:14 |
|
less escape and more evasion, but yeah. android phones are not x86. legitimate apps basically never care if they're being run in an emulator, and indeed want identical behavior in an emulator for debugging and development. malicious poo poo will try to see if someone is monitoring its activity and if so won't do malicious poo poo, won't hit command servers, etc
|
# ? Jan 9, 2021 17:18 |
|
Android App sandbox website looks fun, though I do wonder if any of the common analytics frameworks set off a bunch of those flags.
|
# ? Jan 9, 2021 17:42 |
|
Sassafras posted:Android App sandbox website looks fun, though I do wonder if any of the common analytics frameworks set off a bunch of those flags. No, the system will automatically load either an x86 or arm lib packaged with the app. From the Java layer this is effectively invisible and irrelevant. Analytics frameworks also have no reason to include shared libs; if you really must use the analytics frameworks from the c layer you can just add callbacks to the Java layer. You might be asking "why not include an x86 library that does nothing interesting in your malware for this very reason" and you would be me. Volmarias fucked around with this message at 17:49 on Jan 9, 2021 |
# ? Jan 9, 2021 17:46 |
|
Sassafras posted:Android App sandbox website looks fun, though I do wonder if any of the common analytics frameworks set off a bunch of those flags.
|
# ? Jan 9, 2021 18:19 |
|
haveblue posted:AT&T says my account has been cancelled due to fraudulent activity which, while not wrong, cannot be resolved over the phone. time to go catch covid at a store Do you know what they're after? Bitcoin, desireable twitter handles, and videogame items are common but they could be after anything that allows login or password reset with just SMS, which is like everything these days. Or a rep somewhere just fat-fingered a change for another number and there's no validation of anything anywhere.
|
# ? Jan 9, 2021 18:35 |
|
DuckConference posted:Do you know what they're after? Bitcoin, desireable twitter handles, and videogame items are common but they could be after anything that allows login or password reset with just SMS, which is like everything these days. it was definitely an attack and not a fat finger shortly after my phone fell off the network I started getting a stream of hundreds of bullshit emails signing me up for various things. friend told me this is a common tactic and that somewhere in there is probably a report that a real account I own has been taken over yesterday evening my phone reconnected to imessage (over IP, still no cellular service) and I started getting texts from someone who was apparently selling a watch to whoever has been using my phone number for the past two days. I replied telling him he was being scammed but haven't heard back I doubt I'm important or rich enough to be targeted for anything specific, no twitter handle or bitcoin that I know of. but I do use SMS 2FA for playstation network and credit card so I'm kinda dreading what bullshit I'll find in there once I get back in. I had my bank account locked down before any suspicious activity occurred so at least that's safe AT&T estimated 1-3 days for the port dispute resolution but I'm not sure if that includes weekends or it's business days
|
# ? Jan 9, 2021 19:16 |
|
haveblue posted:it was definitely an attack and not a fat finger
|
# ? Jan 9, 2021 19:41 |
|
does access to your phone number allow someone to take over google voice? ive never had a need or use for google voice but it seems worth signing up now to have a non-carrier phone number i could use to call my carrier if someone fradulently ports my number elsewhere (not that being on the phone from a random google number is likely to be that helpful, as you mentioned having to go to a store anyway, but might be useful compared to having to use my wifes phone to call, etc., and may as well keep that backup number enabled)
|
# ? Jan 9, 2021 19:54 |
|
I'm actually not sure what going to the store contributed because the guy at the store immediately called the company and handed me the phone and then I spent another 20 minutes sorting it out myself while he helped other customers I did get the direct number for the fraud department out of it so there's that a backup phone number would have been very handy as I had to keep borrowing my SO's phone and was not able to receive callbacks
|
# ? Jan 9, 2021 19:59 |
|
Lysidas posted:does access to your phone number allow someone to take over google voice? ive never had a need or use for google voice but it seems worth signing up now to have a non-carrier phone number i could use to call my carrier if someone fradulently ports my number elsewhere However, obviously if you have your phone's phone number set as your recovery phone number for your google account that might mean that getting the number would allow someone to compromise your google account. Also, as I just commented, I'm slightly worried about whether you'd actually be able to get google to help you if someone somehow ported your number out since google isn't known for having good support. I don't like that there's essentially no way to secure this stuff now and everything uses sms for account recovery. mystes fucked around with this message at 20:02 on Jan 9, 2021 |
# ? Jan 9, 2021 19:59 |
|
mystes posted:Google voice just allows you to set up a bunch of phone numbers to forward to and getting access to those phone numbers shouldn't allow an attacker to do anything except receive calls until you unlink the number. There's also an app with additional functionality like making calls but I assume that requires you to be logged into the associated google account so it would only be an issue if someone stole your phone. yeah this is all i was interested in: haveblue posted:a backup phone number would have been very handy as I had to keep borrowing my SO's phone and was not able to receive callbacks e.g. "i need to spend 20 minutes on the phone with verizon, but have no phone service since my number was ported away" and you have to use a real mobile or landline number to set up google voice, so good to have it set up before needing it
|
# ? Jan 9, 2021 20:04 |
|
Lysidas posted:yeah this is all i was interested in: Also, if you switch to a new company for service, you can just switch the number voice is forwarding calls to to the new number rather than having to deal with porting your number from one provider to another*, so it's fantastic in that sense. I just don't feel comfortable saying that it's definitely better for security overall. There may be other issues. I'm not sure that voice supports RCS if anyone is using that. Also, SMS 2fa for some companies like Bank of America sometimes didn't work with voice before for some reason, but that may be fixed now. *: I think the thing that actually got me to port my main number to voice was that around 2016 I was using a really dubious MVNO and it briefly seemed like they might go out of business without warning so I liked the idea of not being affected in that situation. mystes fucked around with this message at 20:19 on Jan 9, 2021 |
# ? Jan 9, 2021 20:11 |
|
mystes posted:Why is "tries to detect Android x86" malicious?
|
# ? Jan 9, 2021 20:30 |
|
evil_bunnY posted:If you're on x86 you're not a phone.
|
# ? Jan 9, 2021 20:35 |
|
evil_bunnY posted:If you're on x86 you're not a phone. the zenfone 1/2 used atom cpus iirc
|
# ? Jan 9, 2021 21:53 |
|
finally talked to credit card once they had control of my phone number, they called customer service and leveraged that into resetting the security passcode on my account. I'm not sure if they actually had my login and password (they might have, it was old and weak and non-unique) or if they used the new password for some kind of fallback recovery, but their next step after that was to try to spend ten grand at cartier. citi agreed that this was fraud and aren't going to hold me responsible for it, and also invalidated my entire online account so I can start over once I have a new card. this is the only fraudulent activity I've been able to positively identify but I should probably freeze my credit reports now
|
# ? Jan 9, 2021 23:42 |
|
kirbysuperstar posted:the zenfone 1/2 used atom cpus iirc evil_bunnY posted:If you're on x86 you're not a phone.
|
# ? Jan 10, 2021 00:01 |
|
haveblue posted:this is the only fraudulent activity I've been able to positively identify but I should probably freeze my credit reports now
|
# ? Jan 10, 2021 00:02 |
|
haveblue posted:finally talked to credit card
|
# ? Jan 10, 2021 00:03 |
|
Achmed Jones posted:android phones are not x86. The Lenovo K80 disagrees.
|
# ? Jan 10, 2021 00:19 |
|
evil_bunnY posted:If you're on x86 you're not a phone. https://www.youtube.com/watch?v=D-v6kyEDCNo
|
# ? Jan 10, 2021 00:29 |
|
what about my struggle? someone in China tried to reset my Steam password, they could have negatively impacted my gamerscore
|
# ? Jan 10, 2021 01:23 |
|
evil_bunnY posted:If you're on x86 you're not a normal phone that normal people use
|
# ? Jan 10, 2021 02:06 |
apparently a laptop was stolen from Pelosi’s office during the failed coup
|
|
# ? Jan 10, 2021 02:14 |
|
cinci zoo sniper posted:apparently a laptop was stolen from Pelosi’s office during the failed coup It only contained plans on how to move the Democratic congressional goals further to the right to "meet the GOP in the middle" before they yank the football away again, so I wouldn't be too worried.
|
# ? Jan 10, 2021 03:48 |
|
i was hoping that nobody would be goofy enough to well ackshually about x86 android. 2020 should have taught me not to hope
|
# ? Jan 10, 2021 04:28 |
|
Achmed Jones posted:i was hoping that nobody would be goofy enough to well ackshually about x86 android. 2020 should have taught me not to hope Lets talk about Android and MIPS!
|
# ? Jan 10, 2021 04:44 |
|
i love mips bc it's the only asm i've ever done anything with outside of binary exploitation junk. i know it's super stereotypical for people who suck at asm to like mips bc that's what they used in their college class but welp i suck at asm and love mips bc that's what i used in my college class so here we are
|
# ? Jan 10, 2021 04:57 |
|
Achmed Jones posted:i was hoping that nobody would be goofy enough to well ackshually about x86 android. 2020 should have taught me not to hope I am sorry but stupid factoids is all I know
|
# ? Jan 10, 2021 06:23 |
|
https://twitter.com/SDWolf/status/1347595158301261825
|
# ? Jan 10, 2021 11:50 |
|
i am not looking forward to trying to convince everyone to switch to something else
|
# ? Jan 10, 2021 12:00 |
|
Achmed Jones posted:i love mips bc it's the only asm i've ever done anything with outside of binary exploitation junk. i know it's super stereotypical for people who suck at asm to like mips bc that's what they used in their college class but welp i suck at asm and love mips bc that's what i used in my college class so here we are mips is really neat I wish risc-v wasn't such a loving shitshow because it has some interesting ideas from a low level point of view but the "engineering politics" behind it keep making it an absolute nightmare to get into. whoever decided that things like atomic instructions needed to be an optional ISA extension should be shot.
|
# ? Jan 10, 2021 12:09 |
|
crepeface posted:i am not looking forward to trying to convince everyone to switch to something else
|
# ? Jan 10, 2021 14:37 |
|
Kazinsal posted:mips is really neat They wanted to get below MMU OSes and suit your MCUPOS needs.
|
# ? Jan 10, 2021 15:03 |
|
crepeface posted:i am not looking forward to trying to convince everyone to switch to something else if you're contacts were using because of privacy, and kept using after facebook acq, they don't actually care about privacy
|
# ? Jan 10, 2021 16:51 |
|
Jenny Agutter posted:if you're contacts were using because of privacy, and kept using after facebook acq, they don't actually care about privacy
|
# ? Jan 10, 2021 20:01 |
evil_bunnY posted:If you're on x86 you're not a phone. i'm sure it wouldn't take much work to be able to setup calls either, if it wasn't blocked on the plan i'm using (because it's cheaper with just a data-sim) now i have a mental image of picking up a thinkpad, holding it up to my head, and going "HELLO?!" like that scene in the tom green show, or whatever the gently caress it was, back in the day
|
|
# ? Jan 10, 2021 20:19 |
|
|
# ? Mar 28, 2024 20:41 |
|
BlankSystemDaemon posted:but op, my thinkpad has a modem that i can interact with through the hayes command set with Fun fact: a lot of tablets have SoCs that are also used for phones, and are perfectly capable of telephony assuming they have a cell connection which allows it.
|
# ? Jan 10, 2021 21:11 |