I guess the point is also, in part, that for iOS you actually need an exploit, as opposed to it being broken from the ground up 
The simple reality is there are so many 0-day exploits for iOS and the only reason why just a few attacks have been caught in the wild is that iOS phones by design hinder defenders to inspect the phones.
-
-
-
So are you saying on android phones you can just ask whatsapp from remote to execute code?
-
No, but I am saying that given a same remote vuln in WA, you are more constrained and need further knowledge on iOS than on Android. YOU are not the average exploiter, my friend :)
-
of course you need iOS and iDevice knowledge for attacking iOS devices. But for Android you need android knowledge and likely need to know about the myriads of differences between different device vendors.
-
Ah yes, heterogeneity is a factor in favor of Android of course.
-
anyway your opinion on difficulty difference between iOS and (latest) Android exploits is not reflected in e.g. prices entities like
@zerodium pay or by what people say who write exploits for both platforms. -
I’d be curious to hear more about that.
-
Well you can just look into the public
@zerodium pricelist. You will see they are willing to pay exactly the same for iOS and Android exploits. And the only thing that they pay premium for is REBOOT PERSISTENCY on iOS because that is much harder. - 1 more reply
New conversation -
-
-
They're both big problems, but which is the bigger threat: inability to investigate 0days in iOS or ability to introduce vulnerabilities relatively easily through the Play store's more permissive process?
-
without the ability to investigate, how do you get an accurate view on how much malware is really inside the iOS store?
-
That's true. It could be just as bad and we'd have to trust Apple's approval process.
-
There is no doubt that Android's App permission model is much more open than iOS. But things like the WhatsApp exploit has very little todo with this. Also it would be easily possible for Apple to offer shell access to iOS without compromising app store security.
- 1 more reply
New conversation -
-
-
That’s very interesting, i follow you since years but sometimes bring some evidence, it would be easier to understand
-
Nobody will show you their 0-day just because you ask. But I can see how many players these days built teams/companies around iOS exploitation.
- 1 more reply
New conversation -
-
-
Interesting thought. Brings me back to the discussion we had a few days ago re obfuscation. How can we proof that there are tons of exploits known. It is difficult to argue in a corporate environment w/o numbers...
-
In general it is hard to argue about unknowns. Especially when one side very religiously claims things do not exist. However people also didn’t see certain western government pwning everyone left and right like ISPs, etc...
End of conversation
New conversation -
-
-
if there are so many exploits, why no public jailbreaks anymore?
-
This is todo with WhatsApp. Not iOS itself. Unless you can create a jailbreak from WhatsApp, good luck. He’s also saying there are probably more 0days, which means people/teams tend to keep it quiet for either money or personal use in the future.
-
thanks, neither Stefan nor I mentioned WhatsApp here. neither do i believe Stefan was talking about "there are so many 0-day exploits" _for_ Whatsapp...
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.