Submitted by khalmagman t3_1176z04 in technology
happyscrappy t1_j9bciws wrote
Reply to comment by Interesting-Month-56 in Samsung adds zero-click attack protection to Galaxy devices by khalmagman
> Or, just spitballing here, they could have designed the kernel so that it doesn’t take root level commands from anything in the application layer…
They already do. The problem is they don't trust it. As there have been privilege escalation bugs before.
This is similar to Apple's "blast door" idea for messages. Neither should be necessary if software is written correctly in the first place.
BTW, Apple's "blast door" was bypassed within a year of introduction. So even that "extra layer" only slowed down the attackers, not stopped them.
first__citizen t1_j9bh6kx wrote
When there is a market.. there is a way. Unfortunately these attacks are not some teenager or a hobbyist doing in their spare time, it’s a whole industry and they make a lot of money.
nicuramar t1_j9bikvw wrote
> BTW, Apple’s “blast door” was bypassed within a year of introduction.
Not really, if you’re referring to “forcedentry” i.e. the Pegasus zero-click exploit. That exploited a part of the flow that was, at the time, outside BlastDoor (and is now inside).
happyscrappy t1_j9bk7kw wrote
I was referring to that. Thanks for the correction.
Viewing a single comment thread. View all comments