IOS Rookit: the sky isn't falling (yet)

• Previous message (by thread): IOS Rookit: the sky isn't falling (yet)
• Next message (by thread): IOS Rookit: the sky isn't falling (yet)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 27 May 2008, Jared Mauch wrote:
>
> On May 27, 2008, at 8:42 AM, Alexander Harrowell wrote:
>
>>> An alternative rootkit ? Privilege level 16 used by the Lawful Intercept
>>> [12] feature could be abused to do some of this too. Or the other way
>>> around: use a "patched" IOS to keep an eye on Law Enforcement's 
>>> >operations
>> on the router as privilege level 15 doesn't allow it and the only
>>> alternative is to sniff the traffic export.
>> 
>> The combination of rootkits and specially privileged Lawful Intercept
>> functions is a very dangerous one. This was precisely what was exploited in
>> the now-legendary and still unsolved Vodafone Greece hack.
>
> Perhaps the above should be simplified.
>
> Running a hacked/modded IOS version is a dangerous prospect.
>
> This seems like such a non-event because what is the exploit path to load the 
> image? There needs to be a primary exploit to load the malware image.
>
> *yawn*

I guess we will wait for the next one before waking up, than.

> - Jared

 	Gadi.

• Previous message (by thread): IOS Rookit: the sky isn't falling (yet)
• Next message (by thread): IOS Rookit: the sky isn't falling (yet)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]