Forwarded from BlackBox (Security) Archiv
How Banks Make Online Banking Insecure Through Apps
1. App obligation
Online banking on the smartphone is generally not a good idea. The reason for this is not necessarily the banking apps, but the update policy of the smartphone manufacturers, the misleading advertising of the banks and the naive behavior of the customers. However, all this does not seem to bother the banks much. True to the motto:
"Digital first - Concerns second"
banking apps are made appealing to loyal customers and any risks are simply pushed aside. The fact is: with smartphone apps, banks have moved to a platform that they cannot control. Nevertheless, banking apps are promoted and security mechanisms such as two-factor authentication (2FA) are simply undermined by ill-considered decisions. In the end, online banking via app is not more secure, but exactly the opposite.
1st problem: Android update policy
Both software and hardware have weaknesses, some of which are so serious that attackers can take complete control of a system. It is therefore essential to import available (system) updates promptly in order to keep the risk for data and the digital identity as low as possible. That's the theory. In practice, the world looks very different again - especially in the Android world.
Most Android devices are usually only neglected by many manufacturers with regard to security updates, and at some point they are even completely violated. This inevitably creates a "vacuum" in the Android world that makes many or most devices vulnerable to critical security vulnerabilities. Such vulnerabilities enable attackers to gain control over the device, spy on the user or allow data to flow off unnoticed. Discovering a critical vulnerability would be enough to make millions of devices vulnerable in one fell swoop. Such serious vulnerabilities are not rare, but occur at regular intervals. In 2018 alone, 611 vulnerabilities were identified in Android - in 2017 even 842.
Full translated article:
https://telegra.ph/How-Banks-Make-Online-Banking-Insecure-Through-Apps-07-09
Source (π©πͺ):
https://www.kuketz-blog.de/wie-banken-online-banking-durch-apps-unsicher-machen/
#Kuketz #online #banking #smartphone #apps #insecure #vulnerabilities
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
1. App obligation
Online banking on the smartphone is generally not a good idea. The reason for this is not necessarily the banking apps, but the update policy of the smartphone manufacturers, the misleading advertising of the banks and the naive behavior of the customers. However, all this does not seem to bother the banks much. True to the motto:
"Digital first - Concerns second"
banking apps are made appealing to loyal customers and any risks are simply pushed aside. The fact is: with smartphone apps, banks have moved to a platform that they cannot control. Nevertheless, banking apps are promoted and security mechanisms such as two-factor authentication (2FA) are simply undermined by ill-considered decisions. In the end, online banking via app is not more secure, but exactly the opposite.
1st problem: Android update policy
Both software and hardware have weaknesses, some of which are so serious that attackers can take complete control of a system. It is therefore essential to import available (system) updates promptly in order to keep the risk for data and the digital identity as low as possible. That's the theory. In practice, the world looks very different again - especially in the Android world.
Most Android devices are usually only neglected by many manufacturers with regard to security updates, and at some point they are even completely violated. This inevitably creates a "vacuum" in the Android world that makes many or most devices vulnerable to critical security vulnerabilities. Such vulnerabilities enable attackers to gain control over the device, spy on the user or allow data to flow off unnoticed. Discovering a critical vulnerability would be enough to make millions of devices vulnerable in one fell swoop. Such serious vulnerabilities are not rare, but occur at regular intervals. In 2018 alone, 611 vulnerabilities were identified in Android - in 2017 even 842.
Full translated article:
https://telegra.ph/How-Banks-Make-Online-Banking-Insecure-Through-Apps-07-09
Source (π©πͺ):
https://www.kuketz-blog.de/wie-banken-online-banking-durch-apps-unsicher-machen/
#Kuketz #online #banking #smartphone #apps #insecure #vulnerabilities
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
Forwarded from BlackBox (Security) Archiv
Shodanfy.py
Get ports, vulnerabilities, informations, banners,..etc for any IP with Shodan (no apikey! no rate limit!)
π‘ Usage:
β οΈ Always remember to use these techniques, instructions or hardware only with devices whose owners or users have allowed this !! The unauthorized access to foreign infrastructure is punishable by law.
#shodan #vulnerabilities #pentesting
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
Get ports, vulnerabilities, informations, banners,..etc for any IP with Shodan (no apikey! no rate limit!)
π‘ Usage:
# python3 shodanfy.py <ip> [OPTIONS]
e.g:
python3 shodanfy.py 111.111.111.111
python3 shodanfy.py 111.111.111.111 --getports
python3 shodanfy.py 111.111.111.111 --getvuln
python3 shodanfy.py 111.111.111.111 --getinfo
python3 shodanfy.py 111.111.111.111 --getmoreinfo
python3 shodanfy.py 111.111.111.111 --getbanner
python3 shodanfy.py 111.111.111.111 --getports --getvuln
python3 shodanfy.py 111.111.111.111 --proxy 127.0.0.1:8080
# support pipeline, --stdin option is required..
# echo "<ip>" or cat ips.txt | python3 shodanfy.py --stdin [OPTIONS]
e.g:
echo "111.111.111.111"|python3 shodanfy.py --stdin
echo "111.111.111.111"|python3 shodanfy.py --stdin --proxy 127.0.0.1:8080
echo "111.111.111.111"|python3 shodanfy.py --stdin --getvuln
cat ips.txt|python3 shodanfy.py --stdin --getports
dig google.com +short A | grep -oi '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | python3 shodanfy.py --stdin --geports
ππΌ https://github.com/m4ll0k/Shodanfy.pyβ οΈ Always remember to use these techniques, instructions or hardware only with devices whose owners or users have allowed this !! The unauthorized access to foreign infrastructure is punishable by law.
#shodan #vulnerabilities #pentesting
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
Forwarded from BlackBox (Security) Archiv
Backdoors and other vulnerabilities in HiSilicon based hardware video encoders
Update 2020-09-17: Huawei issued a statement saying that none of the vulnerabilities have been introduced by HiSilicon chips and SDK packages. I will update this article as more information comes in.
This article discloses critical vulnerabilities in IPTV/H.264/H.265 video encoders based on HiSilicon hi3520d hardware. The vulnerabilities exist in the application software running on these devices. All vulnerabilities are exploitable remotely and can lead to sensitive information exposure, denial of service, and remote code execution resulting in full takeover of the device. With multiple vendors affected, and no complete fixes at the time of the publication, these encoders should only be used on fully trusted networks behind firewalls. I hope that my detailed write-up serves as a guide for more security research in the IoT world.
π ππΌ https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
π ππΌ π©πͺ https://www.heise.de/news/Backdoors-in-Video-Encodern-auf-Huawei-Chips-entdeckt-Ursprung-unbekannt-4905641.html
#hisilicon #hardware #video #encoder #vulnerabilities #huawei #chips #backdoors
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Update 2020-09-17: Huawei issued a statement saying that none of the vulnerabilities have been introduced by HiSilicon chips and SDK packages. I will update this article as more information comes in.
This article discloses critical vulnerabilities in IPTV/H.264/H.265 video encoders based on HiSilicon hi3520d hardware. The vulnerabilities exist in the application software running on these devices. All vulnerabilities are exploitable remotely and can lead to sensitive information exposure, denial of service, and remote code execution resulting in full takeover of the device. With multiple vendors affected, and no complete fixes at the time of the publication, these encoders should only be used on fully trusted networks behind firewalls. I hope that my detailed write-up serves as a guide for more security research in the IoT world.
π ππΌ https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
π ππΌ π©πͺ https://www.heise.de/news/Backdoors-in-Video-Encodern-auf-Huawei-Chips-entdeckt-Ursprung-unbekannt-4905641.html
#hisilicon #hardware #video #encoder #vulnerabilities #huawei #chips #backdoors
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
huawei
Security Notice β Statement on the Media Reports About the Suspected Security Issues in HiSilicon Video Surveillance Chips
Forwarded from BlackBox (Security) Archiv
Setup for testing Android app vulnerabilities
In the previous article I documented my approach for reverse engineering an Android game. But getting my hands on the code is only one part of security research. Once a potential issue is identified, I need to verify that it is actually exploitable. So there is no way around messing with an actual live app. Ideally that has to happen in a controlled environment with emulated hardware. As before, this is mostly me writing things down for my future self, but it might come useful for other people as well.
π‘ Contents
β Choosing a virtualization approach
β Setting up Android SDK
β Minimal proof of concept Android app
β Adding debugging output to the target application
https://palant.info/2021/02/22/setup-for-testing-android-app-vulnerabilities/
#setup #testing #android #app #vulnerabilities #guide
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
In the previous article I documented my approach for reverse engineering an Android game. But getting my hands on the code is only one part of security research. Once a potential issue is identified, I need to verify that it is actually exploitable. So there is no way around messing with an actual live app. Ideally that has to happen in a controlled environment with emulated hardware. As before, this is mostly me writing things down for my future self, but it might come useful for other people as well.
π‘ Contents
β Choosing a virtualization approach
β Setting up Android SDK
β Minimal proof of concept Android app
β Adding debugging output to the target application
https://palant.info/2021/02/22/setup-for-testing-android-app-vulnerabilities/
#setup #testing #android #app #vulnerabilities #guide
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
Almost Secure
Setup for testing Android app vulnerabilities
Documenting my setup: Android emulator, minimal Android app and instrumenting the target app via Soot to get debugging info.
Forwarded from BlackBox (Security) Archiv
This media is not supported in your browser
VIEW IN TELEGRAM
Allow arbitrary URLs, expect arbitrary code execution
We found and reported 1-click code execution vulnerabilities in popular software including Telegram, Nextcloud, VLC, Libre-/OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark and Mumble
Desktop applications which pass user supplied URLs to be opened by the operating system are frequently vulnerable to code execution with user interaction
Code execution can be achieved either when a URL pointing to a malicious executable (.desktop, .jar, .exe, β¦) hosted on an internet accessible file share (nfs, webdav, smb, β¦) is opened, or an additional vulnerability in the opened applicationβs URI handler is exploited
Vulnerabilities following this pattern have already been found in other software, with more expected to be revealed going forward
https://positive.security/blog/url-open-rce
#vulnerabilities #url #arbitrary #code #execution #poc #video
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
We found and reported 1-click code execution vulnerabilities in popular software including Telegram, Nextcloud, VLC, Libre-/OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark and Mumble
Desktop applications which pass user supplied URLs to be opened by the operating system are frequently vulnerable to code execution with user interaction
Code execution can be achieved either when a URL pointing to a malicious executable (.desktop, .jar, .exe, β¦) hosted on an internet accessible file share (nfs, webdav, smb, β¦) is opened, or an additional vulnerability in the opened applicationβs URI handler is exploited
Vulnerabilities following this pattern have already been found in other software, with more expected to be revealed going forward
https://positive.security/blog/url-open-rce
#vulnerabilities #url #arbitrary #code #execution #poc #video
π‘@cRyPtHoN_INFOSEC_FR
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_DE
π‘@BlackBox_Archiv
π‘@NoGoolag
How do You Hack #Whatsapp Chats? - 7 #Vulnerabilities Explained
https://hackernoon.com/how-to-hack-whatsapp-chats-9f203tq0
https://hackernoon.com/how-to-hack-whatsapp-chats-9f203tq0
Hackernoon
How do You Hack Whatsapp Chats? - 7 Vulnerabilities Explained | HackerNoon
You can Hack WhatsApp chats by syncing the web version of the app, exporting chat logs, using POCWAPP, WhatsAPP Scan Pro, spoofing, and spy apps.
Leveraging Android Permissions: A Solver Approach β Thalium - 2022
#Cybersecurity #Vulnerabilities #ApplicationPermissions #Android
The logic of the rules behind this system are mostly implemented in two framework services: PermissionManagerService and PackageManagerService.
Recently, those components have suffered from several vulnerabilities that were found through fuzzing. They led to critical privilege escalation without user consent.
In this blog post, we first present a case study of a permission management vulnerability. Then, we describe the solver approach we followed to help in the vulnerability research. Eventually, we explain a new vulnerability that was discovered thanks to the solver, and which was reported to Google.#Cybersecurity #Vulnerabilities #ApplicationPermissions #Android
Forwarded from Pegasus NSO & other spyware
Finding You: The Network Effect of Telecommunications Vulnerabilities for Location Disclosure | The Citizen Lab β
26/10/2023
#Vulnerabilities #mobile #Networks
26/10/2023
The information collected by, and stored within, mobile networks can represent one of the most current and comprehensive dossiers of our life. Our mobile phones are connected to these networks and reveal our behaviours, demographic details, social communities, shopping habits, sleeping patterns, and where we live and work, as well as provide a view into our travel history. This information, in aggregate, is jeopardized, however, by technical vulnerabilities in mobile communications networks.#Vulnerabilities #mobile #Networks
Forwarded from Pegasus NSO & other spyware
When You Roam, Youβre Not Alone | Lawfare β
A fix is long overdue for one of the most extensive, yet lesser-known surveillance risks of our age: the technical vulnerabilities at the heart of the worldβs mobile communications networks
Weβve all been there before: Youβre traveling abroad, and as your plane lands and is taxiing to the gate, you reach for your phone, wait for it to connect to the local network, and then you are greeted with a text message: βWelcome abroad, youβre now roaming!β Beyond the exorbitant fees, few of us are likely to give the matter much thought.
However, hidden within this seemingly routine transaction lies one of the most extensive, yet lesser-known surveillance risks of our age: the technical vulnerabilities at the heart of the worldβs mobile communications networks.
#Mobile #Network #Cellular #Roaming #Vulnerabilities
A fix is long overdue for one of the most extensive, yet lesser-known surveillance risks of our age: the technical vulnerabilities at the heart of the worldβs mobile communications networks
Weβve all been there before: Youβre traveling abroad, and as your plane lands and is taxiing to the gate, you reach for your phone, wait for it to connect to the local network, and then you are greeted with a text message: βWelcome abroad, youβre now roaming!β Beyond the exorbitant fees, few of us are likely to give the matter much thought.
However, hidden within this seemingly routine transaction lies one of the most extensive, yet lesser-known surveillance risks of our age: the technical vulnerabilities at the heart of the worldβs mobile communications networks.
#Mobile #Network #Cellular #Roaming #Vulnerabilities
Media is too big
VIEW IN TELEGRAM
Physical Attacks Against Smartphones
Android devices are constantly improving their security to protect against attackers with physical access, with new protection techniques being added year-by-year. This talk aims to demonstrate vulnerabilities in modern Android smartphones that are still viable, despite the mitigations in place.
In the first phase of this talk, we will discuss the analysis and exploitation of vendor-customized versions of Android's Recovery mode, demonstrating weaknesses that allow for privilege escalation to root, and traversal from Recovery to Android, without Bootloader access....
By: Christopher Wade
Full Abstract and Presentation Materials:https://www.blackhat.com/us-23/briefings/schedule/#physical-attacks-against-smartphones-32485
#Android #Vulnerabilities #RecoveryMode #Exploit #PrivilegdeEscalation #Root
Android devices are constantly improving their security to protect against attackers with physical access, with new protection techniques being added year-by-year. This talk aims to demonstrate vulnerabilities in modern Android smartphones that are still viable, despite the mitigations in place.
In the first phase of this talk, we will discuss the analysis and exploitation of vendor-customized versions of Android's Recovery mode, demonstrating weaknesses that allow for privilege escalation to root, and traversal from Recovery to Android, without Bootloader access....
By: Christopher Wade
Full Abstract and Presentation Materials:https://www.blackhat.com/us-23/briefings/schedule/#physical-attacks-against-smartphones-32485
#Android #Vulnerabilities #RecoveryMode #Exploit #PrivilegdeEscalation #Root
Media is too big
VIEW IN TELEGRAM
The Most Dangerous Codec in the World: Finding and Exploiting Vulnerabilities in H.264 Decoders
Modern video encoding standards such as H.264 are a marvel of hidden complexity. But with hidden complexity comes hidden #security risk. #Decoding video today involves interacting with dedicated #hardware accelerators and the #proprietary, privileged software components used to drive (#driver) them. The video #decoder ecosystem is obscure, opaque, diverse, highly privileged, largely untested, and highly exposed -- a dangerous combination.
We introduce H26Forge, a framework that carefully crafts #video files to expose edge cases in H.264 decoders....
By: Stephen Checkoway , Hovav Shacham , Willy Vasquez
Full Abstract and Presentation Materials
#VideoEncoding #Vulnerabilities #Security #Codec #H264 #Exploit
Modern video encoding standards such as H.264 are a marvel of hidden complexity. But with hidden complexity comes hidden #security risk. #Decoding video today involves interacting with dedicated #hardware accelerators and the #proprietary, privileged software components used to drive (#driver) them. The video #decoder ecosystem is obscure, opaque, diverse, highly privileged, largely untested, and highly exposed -- a dangerous combination.
We introduce H26Forge, a framework that carefully crafts #video files to expose edge cases in H.264 decoders....
By: Stephen Checkoway , Hovav Shacham , Willy Vasquez
Full Abstract and Presentation Materials
#VideoEncoding #Vulnerabilities #Security #Codec #H264 #Exploit