Target device hard-reset when connecting MVT adb session #407
Comments
|
Not that I know of. I have seen some spyware check if adb is enable and remove themselves in that case, but I doubt that a hard reset would be a good strategy. Could you do the check with modules one by one and see if a specific module is provoking the hard reset? I have seen some phones reboots in the past because some tools were exhausting their memory but mvt is pretty light generally |
|
BY hard-reset I meant an interaction-free reboot, no userdata loss perceivable. It is definitely something any post-exploitation kit will do (if developed properly). I will check again module by module. This was observed once, and then never again. Afterwards no IOCs were found. How does mvt currently handle things like potential baseband compromise or partition alterations? I haven't gone deep into it, but I think it doesn't handle those cases (per limitations of adb possibly). |
It doesn't really, but some data collected could have information about that (like dumsys or processes running). |
Working with one device I experienced an immediate hard reset (reboot) as soon as mvt established the adb connection and started the collection process.
Has this been experienced under any circumstances by anyone analyzing a real-world compromised device?
The text was updated successfully, but these errors were encountered: