3 fake apps found on Google Play Store. Their goal is to steal text messages and set itself as default SMS app. If you have them installed, uninstall them!
Forwarded from The Bug Bounty Hunter
Pentesting Android applications by reversing and finding attack surfaces
https://blog.usejournal.com/an-intro-to-pentesting-an-android-phone-464ec4860f39
https://blog.usejournal.com/an-intro-to-pentesting-an-android-phone-464ec4860f39
Medium
Pentesting Android applications by reversing and finding attack surfaces
In this past semester, I was taking a cybersecurity class. Since our awesome professor believe in the concept that we learn by doing and…
Did You Know These Mobile Fraud Examples?
https://www.linkedin.com/pulse/did-you-know-mobile-fraud-examples-ad-fraud-historian
https://www.linkedin.com/pulse/did-you-know-mobile-fraud-examples-ad-fraud-historian
Linkedin
Did You Know These Mobile Fraud Examples?
Most marketers have heard of mobile ad fraud. Most also assume that fraud detection tech companies are detecting mobile fraud and preventing or reducing it for them.
DEF CON Quals 2019 : VERYANDROIDOSO
#Android #CTF #Writeup #Frida
https://eybisi.run/DEF-CON-Quals-2019-Veryandroidoso/
#Android #CTF #Writeup #Frida
https://eybisi.run/DEF-CON-Quals-2019-Veryandroidoso/
hedgehog's cave
DEF CON Quals 2019 : VERYANDROIDOSO
Here is my writeup for VERYANDROIDOSO task. Ofcourse with frida :D App takes input from us and checks if it is correct flag. Length of flag should be 23 enclosed with OOO{..}. Also inside of brackets
Four Main Mobile Payment Models and their security
https://2muchcoffee.com/blog/paying-with-your-mobile-phone-types-and-models/
https://2muchcoffee.com/blog/paying-with-your-mobile-phone-types-and-models/
Tech News and Discussions | 2muchcoffee
Paying With Your Mobile Phone: Types and Models
Today mobile payment solutions are fast, convenient and secure practice. But what payment type or model to choose? Still confused? Take a look at our approach to classify payment with your mobile phone.
“If you used more than one account on Twitter for iOS and opted into using the precise location feature in one account, we may have accidentally collected location data when you were using any other account(s) on that same device for which you had not turned on the precise location feature,” Twitter said
https://threatpost.com/twitter-leaked-ios-users-location/144687/
https://threatpost.com/twitter-leaked-ios-users-location/144687/
Threat Post
Twitter Leaks Apple iOS Users’ Location Data to Ad Partner
A Twitter glitch "inadvertently" leaked iOS users' location data to an unnamed partner.
Android app "Ever - Capture Your Memories" with 1M+ installs.
What began in 2013 as another cloud storage app has pivoted toward a far more lucrative business known as Ever AI — without telling the app’s millions of users.
https://www.nbcnews.com/tech/security/millions-people-uploaded-photos-ever-app-then-company-used-them-n1003371
What began in 2013 as another cloud storage app has pivoted toward a far more lucrative business known as Ever AI — without telling the app’s millions of users.
https://www.nbcnews.com/tech/security/millions-people-uploaded-photos-ever-app-then-company-used-them-n1003371
NBC News
Millions of people uploaded photos to the Ever app. Then the company used them to develop facial recognition tools.
“The app developers were not clear about their intentions," one Ever user said. "I believe it’s a huge invasion of privacy.”
Update WhatsApp!
WhatsApp just fixed a vulnerability that allowed malicious actors to remotely install spyware on affected phones, and an unknown number reportedly did so with a commercial-grade snooping package usually sold to nation-states.
https://techcrunch.com/2019/05/13/whatsapp-exploit-let-attackers-install-government-grade-spyware-on-phones/
WhatsApp just fixed a vulnerability that allowed malicious actors to remotely install spyware on affected phones, and an unknown number reportedly did so with a commercial-grade snooping package usually sold to nation-states.
https://techcrunch.com/2019/05/13/whatsapp-exploit-let-attackers-install-government-grade-spyware-on-phones/
TechCrunch
WhatsApp exploit let attackers install government-grade spyware on phones | TechCrunch
WhatsApp just fixed a vulnerability that allowed malicious actors to remotely install spyware on affected phones, and an unknown number reportedly did so with a commercial-grade snooping package usually sold to nation-states.
A Korean-speaking hacking group in operation since at least 2016 is expanding its arsenal of hacking tools to include a Bluetooth-device harvester in a move that signals the group’s growing interest in mobile devices.
https://arstechnica.com/information-technology/2019/05/korean-speaking-hackers-add-bluetooth-harvester-to-its-tool-arsenal/
https://arstechnica.com/information-technology/2019/05/korean-speaking-hackers-add-bluetooth-harvester-to-its-tool-arsenal/
Ars Technica
Bluetooth harvester signals hacking group’s growing interest in mobile
ScarCruft's new interest in mobile devices suggests the group's continuing evolution.
Android & iOS app "Call India - IntCall" allows anyone to register any phone number without OTP verification
This means that anyone can make calls spoofing any phone number.
This concerns only users from #India 🇮🇳
The app hasn't been updated since 2014.
https://www.news18.com/amp/news/tech/this-android-calling-app-presents-a-huge-threat-but-is-still-guarded-by-a-high-rating-2140363.html?__twitter_impression=true
This means that anyone can make calls spoofing any phone number.
This concerns only users from #India 🇮🇳
The app hasn't been updated since 2014.
https://www.news18.com/amp/news/tech/this-android-calling-app-presents-a-huge-threat-but-is-still-guarded-by-a-high-rating-2140363.html?__twitter_impression=true
News18
This Android Calling App Presents a Huge Threat, But is Still Guarded by a High Rating
TeleStar's 'Call India - IntCall' app can remotely authorise any random number on your phone, make remote phone calls using your number, and even include voice morphing, hence being a massive threat to security.
[technical analysis of WhatsApp vulnerability]
Vulnerable RTCP module is called before the WhatsApp voice call is answered - 0 click RCE.
https://research.checkpoint.com/the-nso-whatsapp-vulnerability-this-is-how-it-happened/
Vulnerable RTCP module is called before the WhatsApp voice call is answered - 0 click RCE.
https://research.checkpoint.com/the-nso-whatsapp-vulnerability-this-is-how-it-happened/
Check Point Research
The NSO WhatsApp Vulnerability - This is How It Happened - Check Point Research
Earlier today the Financial Times published that there is a critical vulnerability in the popular WhatsApp messaging application and that it is actively being used to inject spyware into victims phones. According to the report, attackers only need to issue…
U.S. immigration cops just spent $1 Million on iPhone hacking equipment.
GrayKey, previously described as the world’s best iPhone hacking tech for police and intelligence agents, allowing them to break passcodes and retrieve information from inside Apple devices.
https://www.forbes.com/sites/thomasbrewster/2019/05/08/immigration-just-spent-a-record-1-million-on-the-worlds-most-advanced-iphone-hacking-tech/
GrayKey, previously described as the world’s best iPhone hacking tech for police and intelligence agents, allowing them to break passcodes and retrieve information from inside Apple devices.
https://www.forbes.com/sites/thomasbrewster/2019/05/08/immigration-just-spent-a-record-1-million-on-the-worlds-most-advanced-iphone-hacking-tech/
Forbes
Immigration Cops Just Spent A Record $1 Million On The World's Most Advanced iPhone Hacking Tech
The GrayKey promises access to locked iPhones. And ICE is its biggest fan.
The simple reality is there are so many 0-day exploits for iOS and the only reason why just a few attacks have been caught in the wild is that iOS phones by design hinder defenders to inspect the phones.
So, if someone says there is no malware on iOS - it's not true - because there is no simple way to prove there was malware.
https://www.vice.com/en_us/article/pajkkz/its-almost-impossible-to-tell-if-iphone-has-been-hacked
So, if someone says there is no malware on iOS - it's not true - because there is no simple way to prove there was malware.
https://www.vice.com/en_us/article/pajkkz/its-almost-impossible-to-tell-if-iphone-has-been-hacked
Vice
It’s Almost Impossible to Tell if Your iPhone Has Been Hacked
A recent vulnerability in WhatsApp shows that there’s little defenders can do to detect and analyze iPhone hacks.
Google Play already scans apps for security issues!
In App Security Improvement program since 2015.
The program has helped more than 300,000 developers to fix more than 1,000,000 apps on Google Play. In 2018 alone, the program helped over 30,000 developers fix over 75,000 apps.
https://developer.android.com/google/play/asi
In App Security Improvement program since 2015.
The program has helped more than 300,000 developers to fix more than 1,000,000 apps on Google Play. In 2018 alone, the program helped over 30,000 developers fix over 75,000 apps.
https://developer.android.com/google/play/asi
Android Developers
App security improvement program | Security | Android Developers
Under the order that will take effect in the coming days, Huawei will need a U.S. government license to buy American technology.
In August, Trump signed a bill that barred the U.S. government itself from using equipment from Huawei and ZTE.
https://www.reuters.com/article/us-usa-china-huaweitech/chinas-huawei-70-affiliates-placed-on-u-s-trade-blacklist-idUSKCN1SL2W4
In August, Trump signed a bill that barred the U.S. government itself from using equipment from Huawei and ZTE.
https://www.reuters.com/article/us-usa-china-huaweitech/chinas-huawei-70-affiliates-placed-on-u-s-trade-blacklist-idUSKCN1SL2W4
Reuters
China's Huawei, 70 affiliates placed on U.S. trade blacklist
WASHINGTON/NEW YORK (Reuters) - The U.S. Commerce Department said on Wednesday it is adding Huawei Technologies Co Ltd and 70 affiliates to its so-called “Entity List” - a move that bans the telecom giant from buying parts and components from U.S. companies…
🤡2