Rich Mingin (PLUG) on 29 Jan 2019 11:12:31 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Facetime


All Facetime calls are potentially Group Facetime and/or Video Facetime. You trigger the monitoring bug by making a normal Facetime call to the victim, then access the context menu and add another user, in this case, yourself, the attacker. This causes the privilege reflection bug that allowed monitoring. You also do not need to be on their contact list (besides entering the info to make the call), and no action on the victim’s side is needed at all.

The LG V20 got their last security rollup for Android 8.0 in December. It was also announced that this would be the last update of any kind for the handset. Considering I bought it just over a year ago, I’m not thrilled.


On Tue, Jan 29, 2019 at 14:07 Michael Leone <turgon@mike-leone.com> wrote:


On Tue, Jan 29, 2019 at 2:02 PM Rich Mingin (PLUG) <plug@frags.us> wrote:
No need. Apple has disabled Group Facetime for everyone, until the updated firmware becomes available later this week.

Also, I thought the bug was only when participating in a Group Facetime chat. One-on-One calls are affected by this bug (although I could be wrong).
 
And if we’re going to take cheap shots, I’ll point out that my LG V20 hasn’t gotten software updates in any meaningful way since late 2018, and it never will, but my much older iPhone 6S Plus will be getting the latest IOS later this week.

My S7 got the Oreo update (Android v8), I seem to recall, but not Pie (v9)., or any point-level OS upgrade (8.1, etc)
It has been getting security patches, thought - I just got the Jan security patch the other day, which for an Android carrier, is like a lightning rollout. :-) 

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug