Recently Samsung published a statement about a vulnerability we uncovered and although we will respond on that later with more details, still one sentence captured my curiousity and that is: “… the exploit uses legitimate Android network functions in an unintended way to intercept …”. It seems like someone is applying moral judgement to the way the exploit works. It starts with the fact that the exploit uses “legitimate Android functions”(hooray:) but wait, the exploit does it in an “unintended way”(wooooo, scary). Exploits are being used by malicious attackers (the bad guys and girls) and criticizing a cyber attack from a moral perspective is definitely a strange angle. Especially the magic words “unintended way” – I have to admit that I have never heard of attackers which had morale issues with using things in an “unintended way”, on the contrary, this is their favorite way, the unintended one.
More details on our experience with the vulnerability disclosure process will be revealed later on this blog.
Stay tuned.
Cyber Security Labs Team – Follow us via @cyberlabsbgu