Noticed a flaw in my phone and other people's phones where the default browser was not honored (on Android) and SMS links open in `Samsung Internet` which barely gets updates and is a serious vector for attack.
On top of this, why should a link containing a malicious payload be able to speak to other parts of the system? Doesn't Android do a basic security measure called sandboxing and `principle of least privilege'[0]?
I am highly suspicious of every URL in my SMS messages app now thanks to these NSO revelations. I'm not especially interesting, so I doubt I had NSO-grade malware on my phone, but we need to protect the masses, not just those with a high profile threat model (Journalists, Dissidents, Activists, etc).
It's all configurable on a per URL level on Android, it's just hidden deep into settings - it's not so much that it wasn't honored, it's likely someone some time set Samsung Internet top open SMS links - you can go in the app settings/permissions/app defaults to try and reset it or set it to another app.
Go easy on me, I'm new here. I plan to comment a lot more as time goes by. My comment is purely anecdotal. I'm not saying `everyone now has malware`, just stating that classes of attacks can be killed by doing basic security like principle of least privilege & sandboxing (Android and Apple probably already do it, but then how are these attacks possible?)
I think the part of the article that touches on this is:
"(...) iMessage calls the following method in the IMTranscoderAgent process (outside the "BlastDoor" sandbox), (...)"
Looks like they have been decoding GIFs outside of the sandbox, which has been addressed later:
"Apple inform us that they have restricted the available ImageIO formats reachable from IMTranscoderAgent starting in iOS 14.8.1 (26 October 2021), and completely removed the GIF code path from IMTranscoderAgent starting in iOS 15.0 (20 September 2021), with GIF decoding taking place entirely within BlastDoor."
On top of this, why should a link containing a malicious payload be able to speak to other parts of the system? Doesn't Android do a basic security measure called sandboxing and `principle of least privilege'[0]?
I am highly suspicious of every URL in my SMS messages app now thanks to these NSO revelations. I'm not especially interesting, so I doubt I had NSO-grade malware on my phone, but we need to protect the masses, not just those with a high profile threat model (Journalists, Dissidents, Activists, etc).
[0] https://en.wikipedia.org/wiki/Principle_of_least_privilege