Working Zero-Day for Samsung Verizon devices is shared on GitHub
Jonathan Scott @jonathandata1 has been working on this exploit for the past few years and revealed this exploit yesterday on his official Twitter account.
Image source – twitter.com
A detailed setup and Discussion have been done at his GitHub Repository, where he established the official Setup for this PoC.
He eventually reduced this technique to only two AT Commands. These AT Commands can be combined into a single string.
This vulnerability may be run on an un-configured Samsung Galaxy device, exposing it to APK injection, binary injection, and RAT injection without the user's knowledge.
- The video he made for Verizon after they requested me is available here. He demonstrated for Blanco Technology Group in January 2019 at a private event in Salt Lake City, Utah.
- Verify that ADB is running in the background.
- There is no additional hardware required.
- There is no need to root the device.
- You must be familiar with how to use AT commands. John has built a tool called ATSEND to allow you to perform these commands on Mac and Linux.
- That tool can be found on his GitHub repository named: jonathandata1/atsend.
- Sending AT commands will also allow you to send coordinated screen presses, allowing you to tap everyone on the screen without the need for ADB. This will enable you to grant RSA Access to the device without ever touching it.
- His proof of concept in the video shows this being achievable for four devices simultaneously, but he tested it on a specialized USB rig that can handle 200 devices at once.
Image source – github.com
- This is compatible with Samsung Galaxy Phones 4.4.4 and above, Tablets, and Watches. At this point, bypassing the setup page is simple.
He states that he is the owner of Zroblack, LLC, a security engineering firm that marketed Zero-Day exploits that are now in use worldwide. John Edward Saenz, his cousin-in-law whom he hadn't seen since he was 11 years old, had stolen all of his exploits.
His company was also robbed of $750,000. He was pressured to sign a release, or John Edward Saenz threatened to "muck up his life." The Texas Western District Court upholds this duress-signed release, allowing John Edward Saenz to take and use the technology that he, Jonathan, produced in any way he sees fit.
Jonathan Scott is one of the top hackers in the United States regarding hacking ethics and the worldwide scenario. He has been quite honest and transparent about everything that has been going on.
Jonathan’s profile on HackerOne is empty today, but it was not always so. We can see this from the screenshot of another HackerOne bounty hunter @sickcodes.
Image source – twitter.com