Comment by Dylan16807

6 days ago

On phones malware is more restrained by the sandboxing. But now the reboot isn't necessary in the first place.

Exploits break out of the sandbox for higher system access. Rebooting flushes them out because the exploits have abused some memory bug to load custom code in the system, but this can not persist a reboot since everything gets cyrptographically verified on boot.

This is why things like the Nintendo Switch hacks and iphone jailbreaks have to be reloaded every time the system reboots, while they could modify the system files to try to persist the malicious code, it would simply leave the device unbootable since the boot chain attestation process would refuse to boot when the checksum doesn't match. The malware can only come back when the initial bug has been triggered again, through receiving a malicious text message attachment for example.

  • > This is why things like the Nintendo Switch hacks and iphone jailbreaks have to be reloaded every time the system reboots,

    Why is it this particular form of 'malware protection' always seems to involve a 30% fee?

    • It doesn’t. You get exactly the same protections on Graphine OS with Fdroid. It’s just difficult to retroactively sandbox applications on the desktop because it’s a breaking change.

      Mobile platforms just got a clean slate to implement a new security model.

If I remember correctly the Pegasus spyware worked only until a reboot and then the attacker had to reinfect the phone again.