TL;DR: some guys bought a bunch of WebKit zero-days, gained root on an Android 2.x device, installed a surveillance app and demoed it at RSA conf.

It would be nice to get hold of some more of the technical details involved.

It would have been nicer still if they had helped to patch the holes in WebKit after showing their demo.

Given the ancient versions of Android they're exploiting, it wouldn't surprise me if the holes were already fixed.

It'd be pretty silly to classify these as 0-day exploits that they paid for then!

I suppose so. The article does say "The attackers spent $1,400 on the black market for the details of 14 known, but not patched, bugs in WebKit." Yet it also explicitly mentions specific, old versions of Android which have the holes. This seems like something of a contradiction.

Maybe I'm not sure about how tech-savvy most people are, but when I get a text message from an unknown number claiming to be my provider asking me to click a web link to update my phone, I know something's up.

It doesn't have to be an unknown number. Certainly in the UK, it's pretty easy to send an SMS with any name (text or number) you want in place of the phone number. And I suspect that most people aren't that tech-smart to realise that a text claiming to be from T-Mobile isn't actually from them.

It's not that clear, but apparently this requires the pre-installation of a malicious app.

Quote: "The CrowdStrike team reverse engineered a Remote Access Tool (RAT) called Nickispy (a RAT from China that successfully disguised itself as a Google+ app)."

from http://blogs.computerworld.com/19803/mobile_rat_attack_makes...

I'm curious if they used any Flash exploits in addition to the webkit vulnerabilities.