Android TV Boxes: AllWinner H616/H618 & RockChip 3328 Android Malware Analysis & Cleanup
https://github.com/DesktopECHO/T95-H616-Malware
https://github.com/DesktopECHO/T95-H616-Malware
GitHub
GitHub - DesktopECHO/T95-H616-Malware: "Pre-Owned" malware in ROM for AllWinner H616/H618 & RockChip RK3328 Android TV Boxes
"Pre-Owned" malware in ROM for AllWinner H616/H618 & RockChip RK3328 Android TV Boxes - DesktopECHO/T95-H616-Malware
👍9🔥1
Android greybox fuzzing with AFL++ Frida mode
https://blog.quarkslab.com/android-greybox-fuzzing-with-afl-frida-mode.html
https://blog.quarkslab.com/android-greybox-fuzzing-with-afl-frida-mode.html
Quarkslab
Android greybox fuzzing with AFL++ Frida mode - Quarkslab's blog
This article is about greybox fuzzing of userland targets that can be encountered in Android using AFL++ and its Frida mode. We also discuss how to target JNI functions, to test the native features invoked by Java code.
👍13
Vulnerabilities identified in Amazon Fire TV Stick
1) Local network PIN brute forcing (CVE-2023-1385)
2) Arbitrary Javanoscript code to execution (CVE-2023-1384)
3) Register services that are only locally accessible (CVE-2023-1383)
https://www.bitdefender.com/files/News/CaseStudies/study/430/Bitdefender-PR-Whitepaper-AMZFr-creat6696-en-EN.pdf
1) Local network PIN brute forcing (CVE-2023-1385)
2) Arbitrary Javanoscript code to execution (CVE-2023-1384)
3) Register services that are only locally accessible (CVE-2023-1383)
https://www.bitdefender.com/files/News/CaseStudies/study/430/Bitdefender-PR-Whitepaper-AMZFr-creat6696-en-EN.pdf
👍7🔥7❤1🤔1
Flutter Hackers: Understand and reverse engineere Flutter APK Release Mode with Frida
Part 1: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-1-6c316be56b13
Part 2: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-2-598a44942b5e
Part 1: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-1-6c316be56b13
Part 2: https://infosecwriteups.com/flutter-hackers-uncovering-the-devs-myopia-part-2-598a44942b5e
Medium
Flutter Hackers: Uncovering the Dev’s Myopia (Part 1)
Life hack for understanding Flutter Application through source code leaks
👍11😁3
Arbitrary code execution discoverd in Android imo-International Calls & Chat with 1B installs up to version 2022.11.1051 (CVE-2022-47757)
A path traversal vulnerability delivered using a deeplink can force the IMO app to write files into its data directory. This allows an attacker to write a library file that the app uses to dynamically load modules
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47757
A path traversal vulnerability delivered using a deeplink can force the IMO app to write files into its data directory. This allows an attacker to write a library file that the app uses to dynamically load modules
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47757
cve.mitre.org
CVE -
CVE-2022-47757
CVE-2022-47757
The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
👍11❤1
FluHorse – Newly Discovered Android Malware Disguised as Popular Android Apps Targeting East Asia to steal victim credentials and 2FA codes
https://research.checkpoint.com/2023/eastern-asian-android-assault-fluhorse/
https://research.checkpoint.com/2023/eastern-asian-android-assault-fluhorse/
Check Point Research
Eastern Asian Android Assault - FluHorse - Check Point Research
Research by: Alex Shamshur, Sam Handelman, Raman Ladutska, Ohad Mana Introduction In the latest research conducted by Check Point Research, we describe a newly discovered malware called FluHorse. The malware features several malicious Android applications…
👍13🤔2❤1
Fleckpe - A new family of Trojan subscribers discovered on Google Play #Jocker #Harly
https://securelist.com/fleckpe-a-new-family-of-trojan-subscribers-on-google-play/109643/
https://securelist.com/fleckpe-a-new-family-of-trojan-subscribers-on-google-play/109643/
Securelist
Subnoscription Trojans on Google Play
The new Trojan family, Fleckpe, spreads via Google Play inside photo editors and wallpapers, subscribing the unaware user to paid services.
👍13
Bypass Tiktok SSL pinning on Android devices
https://github.com/Eltion/Tiktok-SSL-Pinning-Bypass
https://github.com/Eltion/Tiktok-SSL-Pinning-Bypass
GitHub
GitHub - Eltion/Tiktok-SSL-Pinning-Bypass: Bypass Tiktok SSL pinning on Android devices.
Bypass Tiktok SSL pinning on Android devices. Contribute to Eltion/Tiktok-SSL-Pinning-Bypass development by creating an account on GitHub.
👍20🤔2
Meta (Facebook) Adversarial Threat Report for Q1 2023 (Android threats included)
https://about.fb.com/wp-content/uploads/2023/05/Meta-Quarterly-Adversarial-Threat-Report-Q1-2023.pdf
https://about.fb.com/wp-content/uploads/2023/05/Meta-Quarterly-Adversarial-Threat-Report-Q1-2023.pdf
👍8❤1
Analysis of Android SpyNote spyware targeting Indian Railway Catering and Tourism Corporation (IRCTC) users
https://labs.k7computing.com/index.php/spynote-targets-irctc-users/
https://labs.k7computing.com/index.php/spynote-targets-irctc-users/
K7 Labs
SpyNote targets IRCTC users
We at K7 Labs, recently came across an email message as shown in Figure 1, from Indian Railway Catering and […]
👍9
GSMA Mobile Telecommunications Security Landscape in 2022
(ransomware, malware, smsishing, spyware, SIM swap, eSIM fraud, supply chain attacks, critical national infrastructure attacks, human threat...)
https://www.gsma.com/security/wp-content/uploads/2023/02/GSMA-Mobile-Telecommunications-Security-Landscape-2023_v1_for-website.pdf
(ransomware, malware, smsishing, spyware, SIM swap, eSIM fraud, supply chain attacks, critical national infrastructure attacks, human threat...)
https://www.gsma.com/security/wp-content/uploads/2023/02/GSMA-Mobile-Telecommunications-Security-Landscape-2023_v1_for-website.pdf
👍8❤2
Three ways how to dynamically load code into an Android application at runtime
https://erev0s.com/blog/3-ways-for-dynamic-code-loading-in-android/
https://erev0s.com/blog/3-ways-for-dynamic-code-loading-in-android/
Erev0S
3 ways for Dynamic Code Loading in Android
erev0s blog for cyber security and more
👍12👎1
DroidFrida: Android app for executing frida noscripts directly on your android device
https://github.com/ac3ss0r/DroidFrida/
https://github.com/ac3ss0r/DroidFrida/
GitHub
GitHub - ac3ss0r/DroidFrida: Portable frida injector for rooted android devices.
Portable frida injector for rooted android devices. - ac3ss0r/DroidFrida
👍27🤮4
JAMBOREE: Portable all in one tool to install essential Android tools (Java, Android tools, Magisk, BurpSuit, Objection, Root Emulator, Frida etc.)
https://github.com/freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy
https://github.com/freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy
GitHub
GitHub - freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy: Java Android Magisk Burp Objection Root Emulator Easy…
Java Android Magisk Burp Objection Root Emulator Easy (JAMBOREE) - freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy
👍14❤1
I/O 2023: What's new in Android security and privacy
-Safe Browsing: faster more intelligent protection
-Passkeys helps move users beyond passwords
-new API that lets developers limit accessibility services from interacting with their apps
-Data safety section in Google Play last year to help you see how developers collect, share, and protect user data
-Better control and protection over your photos and videos
http://security.googleblog.com/2023/05/io-2023-android-security-and-privacy.html.html
-Safe Browsing: faster more intelligent protection
-Passkeys helps move users beyond passwords
-new API that lets developers limit accessibility services from interacting with their apps
-Data safety section in Google Play last year to help you see how developers collect, share, and protect user data
-Better control and protection over your photos and videos
http://security.googleblog.com/2023/05/io-2023-android-security-and-privacy.html.html
Google Online Security Blog
I/O 2023: What's new in Android security and privacy
Posted by Ronnie Falcon, Product Manager Android is built with multiple layers of security and privacy protections to help keep you, your...
👍16🔥1🥰1😁1
Advanced Frida Usage Part 1 – iOS Encryption Libraries
https://8ksec.io/advanced-frida-usage-part-1-ios-encryption-libraries-8ksec-blogs/
https://8ksec.io/advanced-frida-usage-part-1-ios-encryption-libraries-8ksec-blogs/
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
Advanced Frida Usage Part 1 – iOS Encryption Libraries | 8kSec Blogs
In Advanced Frida Usage Part 1 - Explore how to decrypt EncryptedStore, interact with encrypted databases and perform AES encryption / decryption.
👍12❤1
Converso app: How I accidentally breached a nonexistent database and found every private key in a 'state-of-the-art' encrypted messenger called Converso
https://crnkovic.dev/testing-converso/
https://crnkovic.dev/testing-converso/
crnkovic.dev
Testing a new encrypted messaging app's extraordinary claims
How I breached a nonexistent database and found every private key in a 'state-of-the-art' encrypted messenger.
👍13🔥7
Multiple Vulnerabilities in Kiddoware Kids Place Parental Control Android App (CVE-2023-28153, CVE-2023-29078, CVE-2023-29079)
1) Login and registration returns password as MD5 hash
2) Stored XSS via device name in parent Dashboard
3) Possible CSRF attacks in parent Dashboard
4) Arbitrary File Upload to AWS S3 bucket
5) Disable Child App Restriction without Parent's notice
https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-kiddoware-kids-place-parental-control-android-app/
1) Login and registration returns password as MD5 hash
2) Stored XSS via device name in parent Dashboard
3) Possible CSRF attacks in parent Dashboard
4) Arbitrary File Upload to AWS S3 bucket
5) Disable Child App Restriction without Parent's notice
https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-kiddoware-kids-place-parental-control-android-app/
SEC Consult
Multiple Vulnerabilities in Kiddoware Kids Place Parental Control Android App
Multiple vulnerabilities have been identified in the Kiddoware Kids Place Parental Control Android App. Users of the parent's web dashboard can be attacked via cross site noscripting or cross site request forgery vulnerabilities, or attackers may upload arbitrary…
👍14❤2🤔1
Revisiting Stealthy Sensitive Information Collection from Android Apps [slides] #BlackHatAsia23
https://i.blackhat.com/Asia-23/AS-23-Bai-Stealthy-Sensitive-Information-Collection-from-Android-Apps.pdf
https://i.blackhat.com/Asia-23/AS-23-Bai-Stealthy-Sensitive-Information-Collection-from-Android-Apps.pdf
👍7
Two Bugs With One PoC: Rooting Pixel 6 From Android 12 to Android 13 [slides] #BlackHatAsia23
http://i.blackhat.com/Asia-23/AS-23-WANG-Two-bugs-with-one-PoC-Rooting-Pixel-6-from-Android-12-to-Android-13.pdf
http://i.blackhat.com/Asia-23/AS-23-WANG-Two-bugs-with-one-PoC-Rooting-Pixel-6-from-Android-12-to-Android-13.pdf
👍7