Z Camera Android app that was downloaded over 100,000,000 times from Google Play store contained several vulnerabilities such as server leak, SQLi, intent redirection
https://medium.com/@ostorlab/this-article-is-a-technical-deep-dive-showing-how-a-100m-installation-image-application-can-6343ce8ea076
https://medium.com/@ostorlab/this-article-is-a-technical-deep-dive-showing-how-a-100m-installation-image-application-can-6343ce8ea076
Medium
This article is a technical deep dive, showing how a 100M+ installation image application canβ¦
In 2021, we reported a set of vulnerabilities to the Google AppStore team, which affected a popular Camera application called zCamera.
π13π3β€2
ZIP Exploitation: Critical Vulnerabilities Found in Popular Zip Libraries in Swift and Flutter
https://blog.ostorlab.co/zip-packages-exploitation.html
https://blog.ostorlab.co/zip-packages-exploitation.html
blog.ostorlab.co
Ostorlab: Mobile App Security Testing for Android and iOS
Recent in-depth investigations reveal serious vulnerabilities discovered in widely-used zip packages in Flutter and Swift, posing serious security risks for thousands of developers and applications. Our article delves into the technical aspects of these vulnerabilitiesβ¦
π10β€2
BLE spam but for adult toys
Using Flipper Zero or nRF Connect app, it is possible to send Bluetooth LE advertisement packets (without being paired) to adult toys in vicinity and make them all vibrate. It is also possible to start Denial of Pleasure by continuously broadcasting the stop packet
https://www.whid.ninja/blog/denial-of-pleasure-attacking-unusual-ble-targets-with-a-flipper-zero
Using Flipper Zero or nRF Connect app, it is possible to send Bluetooth LE advertisement packets (without being paired) to adult toys in vicinity and make them all vibrate. It is also possible to start Denial of Pleasure by continuously broadcasting the stop packet
https://www.whid.ninja/blog/denial-of-pleasure-attacking-unusual-ble-targets-with-a-flipper-zero
WHID - We Hack In Disguise
Denial of Pleasure: Attacking Unusual BLE Targets with a Flipper Zero
Become familiar with developing applications for Flipper Zero, which will be capable of activating adult toys all at once or completely inhibit their use for those within your range (i.e. Denial of Pleasure Attack).
π€£37π9π7π₯1
Part 2: Usage of ispw, the Swiss Army Knife for iOS/MacOS security research
https://8ksec.io/ipsw-walkthrough-part-2-the-swiss-army-knife-for-ios-macos-security-research/
https://8ksec.io/ipsw-walkthrough-part-2-the-swiss-army-knife-for-ios-macos-security-research/
π13
Fake Android and iOS apps steal SMS and contacts in South Korea
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-android-and-ios-apps-steal-sms-and-contacts-in-south-korea/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-android-and-ios-apps-steal-sms-and-contacts-in-south-korea/
McAfee Blog
Fake Android and iOS apps steal SMS and contacts in South Korea | McAfee Blog
Authored by Dexter Shin Most people have smartphones these days which can be used to easily search for various topics of interest on the Internet. These
π9π€1
Tablet for kids (Dragon Touch KidzPad Y88X) contains malware
https://www.eff.org/deeplinks/2023/11/low-budget-should-not-mean-high-risk-kids-tablet-came-preloaded-sketchyware
https://www.eff.org/deeplinks/2023/11/low-budget-should-not-mean-high-risk-kids-tablet-came-preloaded-sketchyware
Electronic Frontier Foundation
Low Budget Should Not Mean High Risk: Kids' Tablet Came Preloaded with Sketchyware
Itβs easy to get Android devices from online vendors like Amazon at different price points. Unfortunately, it is also easy to end up with an Android device with malware at these lower budgets. There
π10π±5
Palera1n Jailbreak iOS 15.7.7 for Penetration Testing
https://medium.com/@jcngan97/palera1n-jailbreak-ios-15-7-7-for-penetration-testing-7645abd15724
https://medium.com/@jcngan97/palera1n-jailbreak-ios-15-7-7-for-penetration-testing-7645abd15724
Medium
Palera1n Jailbreak iOS 15.7.7 for Penetration Testing
While performing mobile application penetration testing, the app that you are testing might have a minimum OS version of iOS 15. Withβ¦
π14β€2π2π1
Social engineering attacks lure Indian users to install Android banking trojans
https://www.microsoft.com/en-us/security/blog/2023/11/20/social-engineering-attacks-lure-indian-users-to-install-android-banking-trojans/
https://www.microsoft.com/en-us/security/blog/2023/11/20/social-engineering-attacks-lure-indian-users-to-install-android-banking-trojans/
Microsoft Security Blog
Social engineering attacks lure Indian users to install Android banking trojans | Microsoft Security Blog
Mobile banking trojan campaigns targeting users in India impersonate legitimate orgs and steal usersβ information for financial fraud scams.
π₯14π4π2π1
Nothing Chats app, the Sunbird-based iMessage app, is a privacy nightmare with unencrypted messages and images
https://9to5google.com/2023/11/18/nothing-chats-sunbird-unencrypted-data-privacy-nightmare/
https://9to5google.com/2023/11/18/nothing-chats-sunbird-unencrypted-data-privacy-nightmare/
9to5Google
Nothing Chats, the Sunbird-based iMessage app, is a privacy nightmare with unencrypted messages and images
The Nothing Chats app, powered by Sunbird, promises encrypted iMessage for Android, but it's literally a privacy nightmare.
π₯9π8π1
Intercepting Flutter Based Application Traffic Using iptables
https://krushnalipane.medium.com/intercepting-flutter-based-application-traffic-using-iptables-da0f67064944
https://krushnalipane.medium.com/intercepting-flutter-based-application-traffic-using-iptables-da0f67064944
Medium
Intercepting Flutter Based Application Traffic Using iptables
Flutter, created by Google, has emerged as a popular open-source framework for building natively compiled applications for mobile, web, and desktop from a single codebase. However, with great powerβ¦
π21β€4π₯2
NetHunter Hacker XI: Bluetooth arsenal
https://www.mobile-hacker.com/2023/11/28/nethunter-hacker-xi-bluetooth-arsenal/
https://www.mobile-hacker.com/2023/11/28/nethunter-hacker-xi-bluetooth-arsenal/
Mobile Hacker
NetHunter Hacker XI: Bluetooth arsenal Mobile Hacker
Bluetooth technology has become an integral part of our daily lives, from connecting our smartphones to our cars and headphones to sharing files between devices. However, as with any wireless technology, Bluetooth is vulnerable to hacking attempts. In thisβ¦
π17
Unveiling the Persisting Threat: Iranian Mobile Banking Malware Campaign Extends Its Reach
https://www.zimperium.com/blog/unveiling-the-persisting-threat-iranian-mobile-banking-malware-campaign-extends-its-reach
https://www.zimperium.com/blog/unveiling-the-persisting-threat-iranian-mobile-banking-malware-campaign-extends-its-reach
Zimperium
Iranian Mobile Banking Malware Campaign Threat Continues | Zimperium
true
π13π1
BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses allow certain man-in-the-middle attacks and live injection (CVE-2023-24023)
https://francozappa.github.io/post/2023/bluffs-ccs23/
https://francozappa.github.io/post/2023/bluffs-ccs23/
Daniele Antonioli
BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses | Daniele Antonioli
Breaking and fixing the Bluetooth standard. One More Time.
Paper
Slides
Toolkit
CVE-2023-24023
BT SIG note
Paper
Slides
Toolkit
CVE-2023-24023
BT SIG note
π15
Frida Labs: Series of challenges to learn Frida for Android
https://github.com/DERE-ad2001/Frida-Labs
https://github.com/DERE-ad2001/Frida-Labs
GitHub
GitHub - DERE-ad2001/Frida-Labs: The repo contains a series of challenges for learning Frida for Android Exploitation.
The repo contains a series of challenges for learning Frida for Android Exploitation. - DERE-ad2001/Frida-Labs
π23β€2
How to bypass debugger detection in Android/iOS using IDA Pro
https://medium.com/@shubhamsonani/how-to-bypass-debugger-detection-in-android-ios-native-libraries-using-ida-pro-3e289c2127d6
https://medium.com/@shubhamsonani/how-to-bypass-debugger-detection-in-android-ios-native-libraries-using-ida-pro-3e289c2127d6
Medium
How to bypass debugger detection in Android/iOS native libraries using IDA Pro?
Hello guys, I hope you all are doing well.
π14β€1
Malicious Android SpyLoan apps found on Google Play with over 12 million downloads
https://www.welivesecurity.com/en/eset-research/beware-predatory-fintech-loan-sharks-use-android-apps-reach-new-depths/
https://www.welivesecurity.com/en/eset-research/beware-predatory-fintech-loan-sharks-use-android-apps-reach-new-depths/
Welivesecurity
Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths
ESET researchers describe the growth of deceptive loan apps for Android and techniques they use to circumvent Google Play
π10π1
How to debug Android native libraries using JEB decompiler
https://medium.com/@shubhamsonani/how-to-debug-android-native-libraries-using-jeb-decompiler-eec681a22cf3
https://medium.com/@shubhamsonani/how-to-debug-android-native-libraries-using-jeb-decompiler-eec681a22cf3
Medium
How to debug android native libraries using JEB decompiler?
Hello guys, welcome back to the new blog.
In this blog, again I am going to show you one more method to debug native libraries of anβ¦
In this blog, again I am going to show you one more method to debug native libraries of anβ¦
π8
Unauthenticated Bluetooth keystroke-injection in Android, Linux, macOS and iOS (CVE-2023-45866)
Impact: A nearby attacker can connect to a vulnerable device over unauthenticated Bluetooth and inject keystrokes to install apps, run arbitrary commands, forward messages, etc.
https://github.com/skysafe/reblog/tree/main/cve-2023-45866
Impact: A nearby attacker can connect to a vulnerable device over unauthenticated Bluetooth and inject keystrokes to install apps, run arbitrary commands, forward messages, etc.
https://github.com/skysafe/reblog/tree/main/cve-2023-45866
GitHub
reblog/cve-2023-45866 at main Β· skysafe/reblog
SkySafe Miscellaneous Reverse Engineering Blog. Contribute to skysafe/reblog development by creating an account on GitHub.
π14π€―3π2π―1
Android barcode scanner app with 100K installs exposes user passwords
https://cybernews.com/security/android-barcode-scanner-data-leak/
https://cybernews.com/security/android-barcode-scanner-data-leak/
Cybernews
Android barcode scanner app exposes user passwords
An Android app with over 100k Google Play downloads and a 4.5-star average rating has let an open instance go unchecked, leaving sensitive user data up for grabs.
π8π1
AutoSpill Vulnerability: Your mobile password manager might be exposing your credentials
https://techcrunch.com/2023/12/06/your-mobile-password-manager-might-be-exposing-your-credentials/
https://techcrunch.com/2023/12/06/your-mobile-password-manager-might-be-exposing-your-credentials/
TechCrunch
Your mobile password manager might be exposing your credentials
A number of popular mobile password managers are inadvertently spilling user credentials due to a vulnerability in the autofill functionality of Android apps.
π18π€¬2β€1
5Ghoul: New 5G Modem Flaws Affect iOS Devices and Android Models from Major Brands
https://asset-group.github.io/disclosures/5ghoul/
https://asset-group.github.io/disclosures/5ghoul/
π10π€1