Forwarded from NoGoolag
Fully-remote (0-click) bug on the Samsung S24 if Google Messages is configured for RCS (the default configuration on this device), as the transcription service decodes incoming audio before a user interacts with the message for transcription purposes. Issue is fixed now.
https://project-zero.issues.chromium.org/issues/368695689
https://project-zero.issues.chromium.org/issues/368695689
Forwarded from NoGoolag
Discovery of 6 vulnerabilities in one Qualcomm driver and one of the used as In-the-Wild exploit
https://googleprojectzero.blogspot.com/2024/12/qualcomm-dsp-driver-unexpectedly-excavating-exploit.html
https://googleprojectzero.blogspot.com/2024/12/qualcomm-dsp-driver-unexpectedly-excavating-exploit.html
Blogspot
The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit
Posted by Seth Jenkins, Google Project Zero This blog post provides a technical analysis of exploit artifacts provided to us by Google's Thr...
Forwarded from NoGoolag
Bluetooth RCE allows to compromise the car to be able to record in-car audio, take screenshots, and download contacts from a Skoda Superb over the Internet
https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf
https://i.blackhat.com/EU-24/Presentations/EU-24-Parnishchev-OverTheAirVW.pdf
Forwarded from NoGoolag
Vulnerabilities in the eSIM download protocol
http://i.blackhat.com/EU-24/Presentations/EU-24-Ahmed-VulnerabilitiesIneSIM.pdf
http://i.blackhat.com/EU-24/Presentations/EU-24-Ahmed-VulnerabilitiesIneSIM.pdf
Forwarded from NoGoolag
How to detect ARP spoofing attack using Android app
https://www.mobile-hacker.com/2024/12/16/detect-arp-spoofing-attack-using-android-app/
https://www.mobile-hacker.com/2024/12/16/detect-arp-spoofing-attack-using-android-app/
Mobile Hacker
Detect ARP spoofing attack using Android app
ARP spoofing attacks are often used in combination with other types of attacks, such as DNS spoofing, SSL stripping, and more. These attacks can be used to steal sensitive information, launch phishing attacks.
Forwarded from NoGoolag
CourtListener
Notice (Other) – #1062 in UNITED STATES OF AMERICA v. GOOGLE LLC (D.D.C., 1:20-cv-03010) – CourtListener.com
NOTICE of Plaintiffs' Initial Proposed Final Judgment by UNITED STATES OF AMERICA (Attachments: # 1 Text of Proposed Order)(Herrmann, Karl) (Entered: 11/20/2024)
Forwarded from Omni Technovič
That doc is 2 years old and says right at the top that it was already outdated.
The situation with Play Integrity has changed dramatically over the last two years.
Google is now extremely aggressive about shutting down workarounds quickly. Remember that there is no guarantee that you will be able to consistently pass it on a non-stock device: this is Play Integrity's core function.
In the meantime microG has finally added PI support, which can make it easier to pass PI, but once again, there are no guarantees of this. It's depends greatly on your device, your ROM and Google's latest countetmeasures.
The situation with Play Integrity has changed dramatically over the last two years.
Google is now extremely aggressive about shutting down workarounds quickly. Remember that there is no guarantee that you will be able to consistently pass it on a non-stock device: this is Play Integrity's core function.
In the meantime microG has finally added PI support, which can make it easier to pass PI, but once again, there are no guarantees of this. It's depends greatly on your device, your ROM and Google's latest countetmeasures.
Forwarded from Omni Technovič
"In a way".
And in other ways, it's just Google doing what Google does, destroying the value of the FOSS base of Android (AOSP) and trying to push every android user to be completely dependent on their proprietary, closed-source "addons" to android which are often presented as "inevitable" and "necessary" when the simple fact is, in many cases they are NOT. Not from any technical standpoint.
And in other ways, it's just Google doing what Google does, destroying the value of the FOSS base of Android (AOSP) and trying to push every android user to be completely dependent on their proprietary, closed-source "addons" to android which are often presented as "inevitable" and "necessary" when the simple fact is, in many cases they are NOT. Not from any technical standpoint.
Forwarded from Omni Technovič
Fun fact:
In order to support Safetynet, microG had to actually include a proprietary Google blob ("Droidguard") in GmsCore to perform the "secret" Googly things that allowed microG to add support for that function.
I suspect the same is true of Play Integrity.
That code is, for obvious reasons, not open source and not publicly documented.
In order to support Safetynet, microG had to actually include a proprietary Google blob ("Droidguard") in GmsCore to perform the "secret" Googly things that allowed microG to add support for that function.
I suspect the same is true of Play Integrity.
That code is, for obvious reasons, not open source and not publicly documented.
Forwarded from Omni Technovič
Privacy + Secure Tech Corner Channel 🛡️
Fun fact: In order to support Safetynet, microG had to actually include a proprietary Google blob ("Droidguard") in GmsCore to perform the "secret" Googly things that allowed microG to add support for that function. I suspect the same is true of Play Integrity.…
Needless to say, a lot of people in the FOSS world, both devs and users, are wary of having such proprietary/secret Google code on their devices.
But it's an optional feature and a tradeoff, just like installing official Play Store with all it's malware-like behaviour: to get features you can no longer get on a pure FOSS android device.
Google has for over 10 years now been moving more and more core OS functions out of AOSP and into their proprietary GMS, GSF and Gplay frameworks, to try to "marry" its android users to those things.
It's one of the main motivations for Marvin to found the microG project ~12 years ago.
But it's an optional feature and a tradeoff, just like installing official Play Store with all it's malware-like behaviour: to get features you can no longer get on a pure FOSS android device.
Google has for over 10 years now been moving more and more core OS functions out of AOSP and into their proprietary GMS, GSF and Gplay frameworks, to try to "marry" its android users to those things.
It's one of the main motivations for Marvin to found the microG project ~12 years ago.
Forwarded from Omni Technovič
Yep, just control in general and maximizing their revenue opportunies.
At a time when there are movements around the world to force both Google and Apple to stop forcing all users of their platforms to get software via their proprietary stores.
Google's answer to that is to ramp up harassment of customized android devices and demonize both those users and 3rd-party app stores by trying to convince their user base that horrible things will happen if they allow people more freedom in where they get their software.
At a time when there are movements around the world to force both Google and Apple to stop forcing all users of their platforms to get software via their proprietary stores.
Google's answer to that is to ramp up harassment of customized android devices and demonize both those users and 3rd-party app stores by trying to convince their user base that horrible things will happen if they allow people more freedom in where they get their software.
Forwarded from Hacker News
This media is not supported in your browser
VIEW IN TELEGRAM
Look at what is possible with just a WiFi router…
Remember all the people who called us conspiracy theorists for saying 5G was going to be used as a catastrophically invasive surveillance ₩eapon?**
Join us now: Before Our Time📜
Remember all the people who called us conspiracy theorists for saying 5G was going to be used as a catastrophically invasive surveillance ₩eapon?**
Join us now: Before Our Time📜