| > Oh man, you have no idea what the state of security is, or how persistent attackers are. It is only my day job... You also forgot to explain why, if you had a link which auto-infects a mobile device, that you wouldn't just post the link on Twitter/Reddit/HK/etc rather than infect PCs and then "trick" users into going to the link. If you're going to spend the time and money it takes to create PC malware, you're going to want specific value from that infection in and of itself. Meaning information theft, botnet member, spam proxy, etc, by using this BSOD route you're likely to expose your PC implant and lose the value there. > Putting a QR code that takes your phone to some unpredictable site on the internet is a really, really bad idea. So is clicking a link on Hacker News, but I bet you've done it dozens of times in the last hour. > Even if you think your mobile platform is secure today, there will be zero-day exploits in the future, and malware authors will use this vector. And by "this vector" you mean a link, on the internet? Again explain why this is a bigger threat than email/Reddit/Hacker News/Twitter/etc. Or heck explain why AD redirects aren't a threat? |
>>explain why this is a bigger threat than email/Reddit/Hacker News/Twitter/etc.
Trust. A fake email that looks like its from your bank directing you to a website that looks like your bank's site is usually successful
In the same vein, an attacker utilizing trust and habit can gain access to your email account or/and get you to install anything
Of course "you" won't be fooled but many others will be