Analysis of bypassing Android Verified Boot process on the Peloton Bike+
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/a-new-program-for-your-peloton-whether-you-like-it-or-not/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/a-new-program-for-your-peloton-whether-you-like-it-or-not/
McAfee Blog
A New Program for Your Peloton – Whether You Like It or Not | McAfee Blog
Executive Summary The McAfee Advanced Threat Research team (ATR) is committed to uncovering security issues in both software and hardware to help
Google fixes a persistent code execution in their app
https://blog.oversecured.com/Why-dynamic-code-loading-could-be-dangerous-for-your-apps-a-Google-example/
https://blog.oversecured.com/Why-dynamic-code-loading-could-be-dangerous-for-your-apps-a-Google-example/
News, Techniques & Guides
Why dynamic code loading could be dangerous for your apps: a Google example
Almost every Android app dynamically loads code from native .so libraries or .dex files. There are also some special libraries like Google Play Core to simplify this process.
Forwarded from The Bug Bounty Hunter
iOS App Testing Through Burp on Corellium
https://defparam.medium.com/ios-app-testing-through-burp-on-corellium-fe59ed849516
https://defparam.medium.com/ios-app-testing-through-burp-on-corellium-fe59ed849516
Medium
iOS App Testing Through Burp on Corellium
Introduction
Forwarded from The Bug Bounty Hunter
Quick Analysis for the SSID Format String Bug
https://blog.chichou.me/2021/06/20/quick-analysis-wifid/
https://blog.chichou.me/2021/06/20/quick-analysis-wifid/
codecolor.ist
Quick Analysis for the SSID Format String Bug | CodeColorist
A rogue Wi-Fi hotspot can crash your phone.
Teabot : Android Banking Trojan Targets Banks in Europe
https://labs.k7computing.com/?p=22407&s=03
https://labs.k7computing.com/?p=22407&s=03
K7 Labs
Teabot : Android Banking Trojan Targets Banks in Europe
The Teabot (aka ‘Anatsa’) is a new Android Banking Trojan with an array of malicious features that aid in the […]
Android FluBot enters Switzerland
https://securityblog.switch.ch/2021/06/19/android-flubot-enters-switzerland/
https://securityblog.switch.ch/2021/06/19/android-flubot-enters-switzerland/
SWITCH Security-Blog
Android FluBot enters Switzerland
FluBot is a new Android malware first discovered in December 2020. During the first few months, FluBot has been active in Spain, Hungary and Poland. Since then, the development of the malware advan…
Check out Medusa's Flutter Certificate Pinning bypass modules:
verify_cert_chain_bypass_v7a.med
verify_cert_chain_bypass_v8a.med
verify_cert_chain_bypass_x86_64.med
https://github.com/Ch0pin/medusa
verify_cert_chain_bypass_v7a.med
verify_cert_chain_bypass_v8a.med
verify_cert_chain_bypass_x86_64.med
https://github.com/Ch0pin/medusa
GitHub
GitHub - Ch0pin/medusa: Mobile Edge-Dynamic Unified Security Analysis
Mobile Edge-Dynamic Unified Security Analysis. Contribute to Ch0pin/medusa development by creating an account on GitHub.
Google Play store applications laced with Joker malware yet again
https://blogs.quickheal.com/google-play-store-applications-laced-with-joker-malware-yet-again/
https://blogs.quickheal.com/google-play-store-applications-laced-with-joker-malware-yet-again/
Quick Heal Blog
Google Play store applications laced with Joker malware yet again
For the last three years, Joker Trojan is making its way on Google Play Store. Quick Heal Security...
DroidMorph tool generates Android Malware Clones
https://arxiv.org/pdf/2106.09218.pdf
https://arxiv.org/pdf/2106.09218.pdf
Bug Bounty on Android : setup your Genymotion environment for APK analysis
https://blog.yeswehack.com/yeswerhackers/bug-bounty-android-setup-genymotion-environment-apk-analysis/
https://blog.yeswehack.com/yeswerhackers/bug-bounty-android-setup-genymotion-environment-apk-analysis/
Yeswehack
YesWeHack - Global Bug Bounty & Vulnerability Management Platform
YesWeHack is a global Bug Bounty & Vulnerability Management Platform. With a worldwide presence, YesWeHack connects organisations to tens of thousands of bug hunters. The aim is to uncover and patch vulnerabilities in websites, mobile apps, connected devices…
Windows 11 will let you run Android apps directly on the desktop
https://www.bleepingcomputer.com/news/microsoft/windows-11-will-let-you-run-android-apps-directly-on-the-desktop/
https://www.bleepingcomputer.com/news/microsoft/windows-11-will-let-you-run-android-apps-directly-on-the-desktop/
BleepingComputer
Windows 11 will let you run Android apps directly on the desktop
With Microsoft's announcement of Windows 11 today, they also revealed that users would soon be able to run Android apps directly on the desktop.
Android app gives his phone the power to mimic credit card communications and exploit flaws in the NFC systems’ firmware can chain together multiple exploits to crash point-of-sales devices, hack them to collect and transmit card data, change the value of transactions, and even lock the devices with a ransomware message
https://www.xda-developers.com/smartphones-nfc-point-of-sale-atm-hack/
https://www.xda-developers.com/smartphones-nfc-point-of-sale-atm-hack/
XDA Developers
NFC smartphones enabled researchers to hack point of sale systems and ATMs
Smartphones with NFC enabled allowed researchers to hack point of sale systems and ATMs, gaining custom code execution on some of them.
👍1
How to setup Ninjutsu Android Penetration Testing Environment
https://ninjutsu-blog.github.io/2021/06/27/How-to-setup-Ninjutsu-Android-Penetration-Testing-Environment/
https://ninjutsu-blog.github.io/2021/06/27/How-to-setup-Ninjutsu-Android-Penetration-Testing-Environment/
Ninjutsu Project
How to setup Ninjutsu Android Penetration Testing Environment
Ninjutsu Android Penetration Testing EnvironmentThis is a portable android Penetration testing environment that includes specific tools to help you to conduct android applications. List of Tools insta
Android trojans steal Facebook users’ logins and passwords
https://news.drweb.com/show/?i=14244&lng=en&c=5
https://news.drweb.com/show/?i=14244&lng=en&c=5
Dr.Web
Android trojans steal Facebook users’ logins and passwords
Doctor Web’s malware analysts have discovered malicious apps on Google Play that steal Facebook users’ logins and passwords. These stealer trojans were spread as harmless software and were installed more than 5,856,010 times.
Reverse Engineering the M6 Smart Fitness Bracelet
https://rbaron.net/blog/2021/07/06/Reverse-engineering-the-M6-smart-fitness-band.html
https://rbaron.net/blog/2021/07/06/Reverse-engineering-the-M6-smart-fitness-band.html
rbaron.net
Reverse Engineering the M6 Smart Fitness Bracelet
A blog post on hacking the $6 M6 fitness tracker.
Android Crypto Mining Scams - fake apps provide fake cloud cryptocurrency mining
https://blog.lookout.com/lookout-unearths-android-crypto-mining-scams
https://blog.lookout.com/lookout-unearths-android-crypto-mining-scams
👍1
Damn Vulnerable Bank - vulnerable Android application that tests your Android hacking skills
https://rewanthtammana.com/damn-vulnerable-bank/index.html
https://rewanthtammana.com/damn-vulnerable-bank/index.html
Vulnerability in Xiaomi MIUI Powerkeeper App allows an attacker on the same network to write arbitrary files on the device, as the system user
https://bugs.chromium.org/p/apvi/issues/detail?id=50
https://bugs.chromium.org/p/apvi/issues/detail?id=50