by jwiley on 5/17/20, 6:52 PM with 24 comments
by londons_explore on 5/17/20, 7:53 PM
The kind of organisations that use these exploits rarely want to use the same one twice. That would link the two uses, which could reveal who was attacking who or why.
However, anti-rooting protections on iOS devices are such that the vast majority of organisations don't have any kind of logging or analysis infrastructure set up which could trace which devices have a specific exploit run against them.
The exploit is probably delivered by an encrypted channel, so even if you did full traffic logging from all employee devices to the internet, you still wouldn't have enough info to know which devices were infected, since the attacker will surely use a different server each time to deliver the exploit.
That suddenly makes it much safer to reuse exploits, so there isn't such a big market for a new exploit for every covert operation.
The same isn't true of Android - there are plenty of apps which will trace syscalls, dump logs, send suspicious files for analysis, etc. That makes reusing an exploit a risky business for three letter agencies, especially if you're attacking another three letter agency who probably has their own custom anti-malware type software just waiting for you to trip a tripwire.
by _0w8t on 5/17/20, 7:37 PM
by saltedonion on 5/17/20, 7:27 PM
And does this mean Android is more secure?
by masnao on 5/17/20, 7:52 PM
by captn3m0 on 5/17/20, 7:59 PM