FOXTROT/ALFA: Bluetooth Remote Code Execution, iOS Text Bomb, Microsoft Blames Azure Troubles on the ‘Rona

Welcome to issue 108 of FOXTROT/ALFA for Friday, 24 April 2020. This is your final tech news and policy update of the week.

Bluetooth Remote Code Execution Vulnerability Fixed

Great! Just as Apple and Google are preparing to have everyone’s phones run Bluetooth all the time to fight the ‘Rona, another zero-click remote code execution bug in that same protocol crops up.

In the following, we describe a Bluetooth zero-click short-distance RCE exploit against Android 9, which got assigned CVE-2020-0022 . We go through all steps required to establish a remote shell on a Samsung Galaxy S10e, which was working on an up-to-date Android 9 when reporting the issue on November 3 2019. The initial flaw used for this exploit is still present in Android 10, but we utilize an additional bug in Bionic (Android’s libc implementation), which makes exploitation way easier.

The bug was finally fixed in the security patch from 1.2.2020 in A-143894715. This bug was initially sent to the Android Security Team and on November 3 2019, including a PoC. It was fixed on February 1, 2020, and acknowledged by the Android Security Team.

An iOS Text Bomb …Again

After reports of a critical exploit in the iOS mail app yesterday, we are now hearing of a bug in iOS that can be exploited by sending a text message over several messengers and makes phones crash.

A new iOS text bug has been discovered that causes iPhones to crash. The flaw involves several characters from the Sindhi language that cause iOS to lock up and an iPhone to crash. The character string has been circulating this week on Discord servers and Telegram, and The Verge has tested and confirmed that it will crash an iPhone running Apple’s latest iOS 13.4.1 release.

You can forcibly reboot an iPhone to get it back into a working state, or simply wait around a minute for the iOS Springboard to recover. The flaw appears to mainly affect the way iOS handles notifications in apps, and the best way to protect against people sowing mischief on the internet is to disable notifications from messaging apps.

9to5Mac reports that the latest 13.4.5 beta appears to fix the issue, so it’s clear Apple is aware of the problem.

Microsoft Blames Azure Troubles on the ‘Rona

Those Azure problems Microsoft had recently? Who’s fault was that? You know the answer… it was the ‘Rona!

Microsoft has admitted that some Azure regions have experienced coronavirus-triggered capacity constraints, and customers haven’t been able to get all the cloud they want.

“Our data science models are using what we’ve learned from this pandemic to better forecast future demands, including adding more support to handle future global events like a pandemic that drives simultaneous demand usage everywhere in the world,” we’re told.

Sorry… what??? You expect more events like this one? Like what? A world war? Did we all miss a memo? Is there a reason they are thinking this? Weird ass comment, that.

Royal Navy Sub Crew Admonished for Flaunting “Social Distancing” Rules

Imagine you’re on a hunter-killer sub on stealth patrol for nine months and then you emerge into the world to find out it’s gone utterly mad.

A Royal Navy submarine captain is in hot water after returning from a months-long deployment and allowing his crew to have a dockside barbecue to celebrate their return. HMS Trenchant, which previously set a record for the longest patrol ever conducted by an RN submarine, returned to Devonport naval base in the southwest England port city of Plymouth earlier this week. Having been at sea for anything up to nine months, the nuclear-powered attack sub’s crew set off from a very different world where the terms “coronavirus”, “COVID-19” and “lockdown” were of no significance in the UK.

Although senior naval commanders warned Trenchant’s captain that life ashore would be even more different than usual this time, evidently he didn’t quite get the full impact of it. Once the boat was safely tied up alongside terra firma, he gave the crew permission to slack off next to their submarine.

Video originally posted to a military insurance website run by an ex-soldier who runs a popular military-themed Facebook page was picked up by the press. It shows Trenchant’s crew chilling in the sunshine while two of their number run a DJ set from a stand labelled “HMP Trenchant Prison Party”. The boat’s chefs, distinctive in their white overalls, are manning a barbecue on top of the submarine’s casing, just forward of the conning tower. A uniformed lieutenant commander walks past as the shaky cameraphone video is panned around the scene, clearly showing that the sub’s crew had moved all of 15 feet from their floating home.

Nonetheless, naval top brass were apparently furious. UK red top The Sun reported that a senior officer ordered the party to stop, with two sailors being “hauled over the coals” for preferring their captain’s orders to crack on. Trenchant’s captain is said to have been referred to Rear Admiral Submarines, the senior officer in command of all RN submarines.

Can you really blame ‘em?’

Also Noteworthy

A number of other stories I’ve read today:

In reference to that valiant sub crew from the UK, there can really be only one song to play you into the weekend with today. Let them sing!

This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.