Does Google have an equivalent?
Protection against sms based exploits
[deleted]
That sounds too much like paranoia. What are the chances of remote code execution albeit from an image, apart from clicking on an unknown link in a plain text messenger? Close to none.
- Edited
Mgclabs Indeed!
Another e.g. the notorious Pegasus famously could infect both Android and IOS via "no-click" SMS messages. Victims were totally oblivious to the message and/or the infection.
(I would guess that AOSP has addressed some of the sms design issues allowing Pegasus zero-clicks, and GOS hardened malloc doubled down on that. I would guess that Pegasus gained root - something else likely blocked by GOS. Heh.... don't be quick to "upgrade" SMS (or browsers) with fancy apps from non-GOS sources!!)
SMS and MMS are different types of messaging mechanisms. SMS (Short Message Service) is delivered through the cell radio bearer channel and is just a text string while MMS (Multimedia Messaging Service) is data and can be text, images and sound. It needs APN settings and internet access.
MMS has the greatest potential for exploitation which can be mitigated by not having your Messaging App to auto-download messages and I think this is a good solution for those unexpected MMS messages like spam.
I think you can also disable MMS with a custom APN.
[deleted]
Zara How did you narrow it down to sms? Could it be through another means?
[deleted]
[deleted] I would say it was by tapping on malicious link in an SMS. My guess. Let's wait for the explanation.
[deleted]
[deleted] What kind of malicious link would infect grapheneos just by clicking? Wouldn't that have to be an exploit specifically designed for grapheneos, unless the hardened malloc was disabled? Or am I off base here?
Zara didn't provide any evidence. He didn't even say what device he is using. Look at their profile.
I stumbled upon this ROM on XDA called Jaguar OS. I never heard of it but the pitch contains this:
Another unique feature is protecting the phone from over-the-air attacks. We block responses to Type Zero SMS. Type Zero (not to be confused with Class 0 SMS) is a stealth message sent by an adversary to your phone to determine if it is online - the first step preceding the attack. Type Zero cannot be seen by a user, does not appear on screen and does not get saved. Instead, your regular Android silently acknowledges receipt. As a result, the sender gets a 'phone is online' response. Jaguar does not acknowledge Type Zero SMS resulting in a sender receiving a 'phone is offline' reply.
I couldn't really find much info on these Type zero SMS. Are they actually an attack vector? Has this been addressed in GOS?
[deleted]
DeletedUser28 how is this an exploit?
[deleted]
No idea! Sounds like he's just advertising his ROM. But I have no idea about these details of the technology.