knowitall

Carnage said:

isidore said:

Obvious Question: Which websites?

Various implant commands enable the attackers to steal the container directories of third-party apps. The implant contains a hardcoded list of apps which will always have their container directories uploaded when the implant starts up. Here’s the pre-populated list of bundle identifiers for third-party apps, which will always have their container directories uploaded if the apps are installed:

com.yahoo.Aerogram

com.microsoft.Office.Outlook

com.netease.mailmaster

com.rebelvox.voxer-lite

com.viber

com.google.Gmail

ph.telegra.Telegraph

com.tencent.qqmail

com.atebits.Tweetie2

net.whatsapp.WhatsApp

com.skype.skype

com.facebook.Facebook

com.tencent.xin

….

CloudTalkin said:

MacPro said:

If iPhones are vulnerable imagine Android phones which in this extract are not mentioned at all ... it sounds like an excellent marketing strategy for Google to me.  Oh wait ... of course this is the very information all Android users hand over to Google to use already, what am I thinking?

Observations:

• You don't know what Project Zero is.  You don't know what they do
• You skimmed the article looking for excuses why these exploits existed and lasted so long.
• Finding none, you decided it would be perfectly fine to inject baseless speculation and disparage the research team

I've always been curious why people do what you did?  I think either you completely misunderstood what you read or you intentionally made up some stuff.  If it's the former, I'd suggest rereading and clicking on the links to gain understanding.  If it's the latter, might I suggest a look in a mirror and ask yourself: what am I thinking?