Wednesday, July 23, 2014
Wednesday, June 4, 2014
Wednesday, April 2, 2014
Damn Vulnerable iOS Application - Mobile Security Research Labs | Mobile Security Research Labs
Damn Vulnerable iOS App (DVIA)
is an iOS application that is damn vulnerable. Its main goal is to
provide a platform to mobile security enthusiasts/professionals or
students to test their iOS penetration testing skills in a legal
environment. This application covers all the common vulnerabilities
found in iOS applications (following OWASP top 10 mobile risks) and
contains several challenges that the user can try. This application also
contains a section where a user can read various articles on iOS
application security. This project is developed and maintained by @prateekg147. The vulnerabilities and solutions covered in this app are tested upto iOS 7.0.4 .
Vulnerabilities and Challenges Include …
The app also contains a section on iOS Application Security Tutorials
for those who want to learn iOS Application Pentesting. Every
challenge/vulnerability has a link for a tutorial that users can read to
learn more on that topic.
This app will only run on devices running iOS 7 or later. Users can
download the source code and run the application on previous versions of
iOS as well.
The app itself is free and can be downloaded from here but the solutions can be purchased for a cost of $19.
Damn Vulnerable iOS Application - Mobile Security Research Labs | Mobile Security Research Labs
is an iOS application that is damn vulnerable. Its main goal is to
provide a platform to mobile security enthusiasts/professionals or
students to test their iOS penetration testing skills in a legal
environment. This application covers all the common vulnerabilities
found in iOS applications (following OWASP top 10 mobile risks) and
contains several challenges that the user can try. This application also
contains a section where a user can read various articles on iOS
application security. This project is developed and maintained by @prateekg147. The vulnerabilities and solutions covered in this app are tested upto iOS 7.0.4 .
Vulnerabilities and Challenges Include …
- Insecure Data Storage
- Jailbreak Detection
- Runtime Manipulation
- Transport Layer Security
- Client Side Injection
- Information Disclosure
- Broken Cryptography
- Security Decisions via Untrusted input
- Side channel data leakage
- Application Patching
The app also contains a section on iOS Application Security Tutorials
for those who want to learn iOS Application Pentesting. Every
challenge/vulnerability has a link for a tutorial that users can read to
learn more on that topic.
This app will only run on devices running iOS 7 or later. Users can
download the source code and run the application on previous versions of
iOS as well.
The app itself is free and can be downloaded from here but the solutions can be purchased for a cost of $19.
Damn Vulnerable iOS Application - Mobile Security Research Labs | Mobile Security Research Labs
Vulnerabilities in Android Update Make All Android Devices Vulnerable | Mobile Security Research Labs
Android upgrade mechanism brings to light a whole new set of
vulnerabilities pervasively existing in almost all Android versions,
which allow a seemingly harmless malicious app (“unprivileged app” in
the security term) running on a version of Android to automatically
acquire significant capabilities without users’ consent once they upgrade to newer versions!
Such capabilities include automatically obtaining all new permissions
added by the newer version OS, replacing system-level apps with
malicious ones, injecting malicious scripts into arbitrary webpages,
etc.
We call these vulnerabilities Pileup flaws (privilege escalation through updating). In total, we discovered six Pileup flaws in the code
of Android OS. We further confirmed the
presence of the issues in all AOSP (Android Open Source Project)
versions and 3,522 source code versions customized by Samsung, LG and
HTC across the world. Those flaws affect all the Android devices
worldwide, posing serious threats to billions of Android users who are
actually encouraged to update their systems.
A distinctive feature of the threat is that the attack is not aimed at a vulnerability in the current system. Instead, it exploits the flaws in the updating mechanism of the “future” OS, which the current system will be upgraded to.
More specifically, through the app running on a lower version Android,
the adversary can strategically claim a set of carefully selected
privileges or attributes only available on the higher OS version. For
example, the app can define a new system permission such as
android.permission.READ_PROFILE (read the user’s personal profile data)
on Android 2.3.6, which is to be added on 4.0.x. It can also use the
shared user ID (UID) (a string specified within an app’s manifest file)
of a new system app on 4.0.x, its package name and other attributes.
Since these privileges and attributes do not exist in the old system
(2.3.6 in the example), the malicious app can silently acquire them
(self-defined permission, shared UID and package name, etc.). When the
system is being updated to the new one, the Pileup flaws within the new
Package Manager will be automatically exploited. Consequently, such an
app can stealthily obtain related system privileges, resources or
capabilities. In the above example, once the phone is upgraded to 4.0.x,
the app immediately gets android.permission.READ_PROFILE without the
user’s consent and even becomes its owner, capable of setting its
protection level and description. Also, the preempted shared UID enables
the malicious app to substitute for system apps such as Google
Calendar, and the package name trick was found to work on the Android
browser, allowing the malicious app to contaminate its cookies, cache,
security configurations and bookmarks, etc.
The consequences of the attacks are dire, depending on the exploit opportunities on different Android devices,
that is, the natures of the new resources on the target version of an
update. As examples, on various versions of Android, an upgrade allows
the unprivileged malware to get the permissions for accessing
voicemails, user credentials, call logs, notifications of other apps,
sending SMS, starting any activity regardless of permission protection
or export state, etc.; the malware can also gain complete control of new
signature and system permissions, lowering their protection levels to
“normal” and arbitrarily changing their descriptions that the user needs
to read when deciding on whether to grant them to an app; it can even
replace the official Google Calendar app with a malicious one to get the
phone user’s events, drop Javascript code in the data directory to be
used by the new Android browser so as to steal the user’s sensitive
data, or prevent her from installing critical system apps such as Google
Play Services. We performed a measurement on those exploit
opportunities, which shows how they are distributed across Android
versions and vendors. Figure 1 compares the average numbers of the
exploit opportunities provided by AOSP, Google and Samsung, when the
system is upgraded from 2.3.X to 4.0.X, then to 4.1.X, 4.2.X, 4.3.X and
4.4.X consecutively. As we can see from the figure, not only do the
manufacturers introduce more opportunities than AOSP, but Samsung adds
more than Google. Also interestingly, though Google and AOSP apparently
make the biggest system overhaul from 2.3.X to 4.0.X and show a trend of
less aggressive updating afterwards, Samsung continues to bring in more
new stuffs from 4.1.X to 4.2.X and to 4.3.X, at the cost of increased
security risks.
mSeclabs - Smartphones at risk of malicious code injection through HTML5-based apps | Mobile Security Research Labs
Only a fraction of mobile apps are currently written in HTML5 – but
if 50 percent of applications are written in the markup language by
2016, as experts predict, then a whole lot of smartphones could soon be
at risk of a new Cross-Device Scripting (XDS) attack that researchers
have been investigating.
In the paper, “XDS: Cross-Device Scripting Attacks on Smartphones through HTML5-based Apps,”Xing Jin, Tongbo Luo, Derek G. Tsui, and Wenliang Du, researchers with
Syracuse University, explore how anyone running vulnerable HTML5-based
apps on their smartphones – including iPhones, Blackberry’s and
Android-based devices – is at risk of malicious code injection.
Attackers can inject the malicious code through a number of different
commonly used channels, including Wi-Fi scanning, SMS messaging,
scanning of 2D barcodes, Bluetooth pairing, and even through the playing
of MP3 audio or MP4 videos, Du told SCMagazine.com on Monday.
So, if a compromised 2D barcode was scanned using an HTML5-based app,
then that app would be compromised. However, playing a compromised MP3
file in an app running in the device’s native programming language –
Android-based devices use JavaScript and iOS devices use Objective-C –
would result in no compromise.
The injection via Wi-Fi scanning is particularly interesting because
it does not require a user to connect to the attacker’s network, just to
locate it using a vulnerable HTML5-based app, Du said, explaining an
attacker can circumvent the 32 byte length limitation and inject more
effective malicious code by using multiple Wi-Fi access points.
Another particularly nasty element to the attack is that it will send
malicious code to contacts via SMS if granted access to a user’s
address book, Du said, explaining that any of those contacts running an
HTML5-based SMS app will become at risk of being compromised.
After injecting the malicious code, an attacker has access to just
about anything the compromised mobile application has access to, Du
said. Right now that may really only include access to SMS messages,
location data and address books, given the HTML5-based apps currently in
use, but that is bound to change as the programming language is more
widely adopted.
“HTML5 allows [developers] to write one version of code that can be
used across platforms,” Du said, explaining that the time-saving
technology has already proven attractive to developers and is being
taught in schools. “Today [it may not be as] relevant, but two years
from now, if many people have these kinds of [HTML5-based] apps, it’s
likely that this will spread, and that’s where the problems will come.”
Du could not reveal the name of one vulnerable app that he said has
been downloaded by more than a million users, but he explained that his
team has alerted the app developer of the HTML5 issues and that the
company is exploring a fix.
Meanwhile, the Syracuse University researchers are also still
exploring ways to mitigate this threat, Du said, but as of now, he
suggested using one of the safer application programming interfaces
(API) listed in the research as a good start.
Download the advisory : XDS attacks Advisory by Syracuse University Research Team
mSeclabs - Smartphones at risk of malicious code injection through HTML5-based apps | Mobile Security Research Labs
Monday, March 31, 2014
Tuesday, February 25, 2014
Apple release patch for a SSL security vulnerability - mSecLabs - MOBIQUANT Mobile Security Labs | mSecLabs - MOBIQUANT Mobile Security Labs
The vulnerability occurs in the logic some iOS applications use toApple
has recently pushed an emergency update for iOS (7.0.6) that fixes a
critical vulnerability that could allow hackers to intercept the user’s
traffic (email, messages etc) and other communications that is meant to
be encrypted.
authenticate themselves to the server over SSL (Secure Socket Layer).
Because of this flaw, an attacker who is present on the same wired or
wireless network can perform a man in the middle (MITM) attack and
bypass the initial authentication check during the connection handshake.
Once this is done, the attacker can see all the traffic going to and
fro from your device to the server. He can modify the data over the air
and also eavesdrop over all the user’s information.
More details about the vulnerability can be found here.
It is recommended to update to the latest version of iOS (7.0.6) that
patches this vulnerability. Until then, it is advisable not to use any
untrusted WiFi networks as your information might be eavesdropped upon.
After reverse engineering the patch, several security researchers
have found out that the flaw exists in the current versions of Mac OSX
as well. No patch is available yet for that operating system, though one
is expected soon.
Read Article on mSeclabs Team website: Apple release patch for a SSL security vulnerability
Blog Mobiquant : Apple's 'Gotofail' Security Mess Extends To Mail, Twitter, iMessage, Facetime And More
encryption in iOS, requiring an emergency patch. Then researchers found
the same bug is also included in Apple’s desktop OSX operating system, a
gaping Web security hole that leaves users of Safari at risk of having their traffic hijacked.
Now one researcher has found evidence that the bug extends beyond
Apple’s browser to other applications including Mail, Twitter, Facetime,
iMessage and even Apple’s software update mechanism.
On Sunday, privacy researcher Ashkan Soltani posted a list of OSX applications on Twitter
that he says he’s determined use Apple’s “secure transport” framework,
the coding library that developers depend on to build programs that
securely communicate online using the common encryption protocols TLS
and SSL. The full list, which isn’t comprehensive given that Soltani
only analyzed the programs on his own PC, is shown below. (Soltani has
underlined the vulnerable application names in red.)
Privacy researcher Ashkan Soltani’s list of
OSX applications that use Apple’s vulnerable implementation of SSL and
TLS encryption. (Click to enlarge.)
OSX applications that use Apple’s vulnerable implementation of SSL and
TLS encryption. (Click to enlarge.)
Soltani, an independent researcher whose recent work has
included analyzing the surveillance documents leaked by NSA contractor
Edward Snowden on behalf of the Washington Post, warns that the security
of several applications on that list are severely compromised,
including Apple’s email program Mail, scheduling app Calendar and the
its official Twitter desktop client. The bug affects how Apple devices
authenticate their secure connection with servers, allowing an
eavedropper to fake that verification and hijack or corrupt traffic
using what’s known as a “man-in-the-middle” attack. ”All these apps
would be vulnerable to the same man-in-the-middle vulnerability outlined
on Friday,” Soltani says.
Some of the affected apps such as iMessage and Facetime have added
security that could reduce the effects of the security vulnerability,
though Soltani warns that for the iMessage instant messaging application
the initial login at Apple’s me.com website may be compromised, even if
the messages themselves remain encrypted, and that similar problems may
exist for Facetime. “There are going to be parts of the protocol like
the initial ‘handshake’ that rely on TLS, and those will be vulnerable
to man-in-the-middle attacks,” Soltani says.
Equally troubling is the notion that Apple’s Software Update
application is affected, which means that Apple’s mechanism for pushing
new code to OSX machines, including security updates, could be
compromised. Soltani notes that in addition to SSL and TLS, Software
Update also checks for Apple’s signature on any code that it asks users
to install. But he adds that the code-signing protection hasn’t stopped
malware from spoofing those updates in the past to install spying tools on victims’ machines.
I’ve reached out to Apple for comment on Soltani’s findings, and I’ll update this post if I hear from the company.
Apple’s newly discovered security flaw, dubbed “gotofail” by the
security community due to a single improperly used “goto” command in
Apple’s code that triggered it, initially came to light Friday when
Apple issued a security update for iOS. Researchers at the security firm
Crowdstrike and Google quickly reverse engineered that patch to show
how it affected OSX as well, and initially recommended that users stay away from untrusted networks and avoid Safari, which is more dependent on Apple’s implementation of SSL and TLS than other browsers such as Chrome or Firefox.
Soltani’s work, however, shows that the problem extends further,
leaving many users with few options for secure communications until
Apple issues a fix for its desktop software. The company promised in a statement to Reuters
Saturday to make that fix available “very soon.” Given the widening
gaps in Apple’s security the flaw exposes, it can’t come soon enough.
Read article on Forbes Magazine:
Apple's 'Gotofail' Security Mess Extends To Mail, Twitter, iMessage, Facetime And More - Forbes
http://www.mobiquant.com
Website Mobiquant
Sunday, February 2, 2014
iH8sn0w ANNOUNCES A PERMANENT BOOTROM EXPLOIT JAILBREAK FOR A5/A5X IOS DEVICES
iH8sn0w , the author of numerous jailbreak softwares, announced on Twitter that he has discovered a bootrom exploit for all Apple devices with A5/A5X processors.
In 2010, the hacker Geohot (aka George Hotz) had found a bootrom exploit called Limera1n, which formed the base for untethered jailbreak for devices running A4 processors.
Unlike a security flaw in the ‘User Space’, which can easily be fixed
by Apple through a simple software update in a fairly quick time,
exploits targeting the BootRom address the physical layer (physical ROM,
NAN storage L3/L2 baseband, GEM and kernel). These are particularly
complicated to fix by Apple as this requires a hardware update and hence
cannot be pushed to existing users.
.../...
Read full article on Mobiquant website and Mobiquant Facebook:
iH8sn0w ANNOUNCES A PERMANENT BOOTROM EXPLOIT JAILBREAK FOR A5/A5X IOS DEVICES
- iH8sn0w Twitter message about his jailbreak new exploit
Unlike a security flaw in the ‘User Space’, which can easily be fixed
by Apple through a simple software update in a fairly quick time,
exploits targeting the BootRom address the physical layer (physical ROM,
NAN storage L3/L2 baseband, GEM and kernel). These are particularly
complicated to fix by Apple as this requires a hardware update and hence
cannot be pushed to existing users.
.../...
Read full article on Mobiquant website and Mobiquant Facebook:
iH8sn0w ANNOUNCES A PERMANENT BOOTROM EXPLOIT JAILBREAK FOR A5/A5X IOS DEVICES
Wednesday, January 29, 2014
Mobiquant Blog : FBI Has Tor Mail's Entire Email Database
FBI Has Tor Mail's Entire Email Database
was an anonymized email service run over Tor. It was operated by a
company called Freedom Hosting, which was shut down by the FBI last August. The owner was arrested for 'enabling child porn,' and the Tor Mail servers suddenly began hosting FBI malware that attempted to de-anonymize users. Now, Wired reports on a new court filing which indicates that the FBI was also able to grab Tor Mail's entire email database.
'The filings show the FBI built its case in part by executing a search
warrant on a Gmail account used by the counterfeiters, where they found
that orders for forged cards were being sent to a TorMail e-mail
account: "platplus@tormail.net." Acting on that lead in September, the
FBI obtained a search warrant for the TorMail account, and then accessed
it from the bureau's own copy of "data and information from the TorMail
e-mail server, including the content of TorMail e-mail accounts,"
according to the complaint (PDF) sworn out by U.S. Postal Inspector Eric Malecki.'"
Read Slashdot article :
FBI Has Tor Mail's Entire Email Database - Slashdot
Tuesday, January 28, 2014
Les applications de téléphone comme Angry Birds vous surveillent pour la NSA
La NSA, l'agence américaine de renseignement chargée des
interceptions de communications, et son homologue britannique du GCHQ
collectent quantité de données sur les utilisateurs d'applications sur
téléphones intelligents, que ce soit Facebook, Angry Birds ou Google
Maps, a révélé lundi le New York Times.
Après les révélations sur la collecte des métadonnées téléphoniques,
la récupération des SMS ou encore la surveillance des plateformes de
jeux en ligne, de nouveaux documents fournis par l'ancien consultant
Edward Snowden dévoilent encore un peu plus la portée des activités de
surveillance de la NSA.
Selon le Times, qui s'appuie sur ces documents, à chaque fois que
quelqu'un utilise une application sur son smartphone, ce programme fait
apparaître quantité de données sur la localisation de l'utilisateur ou
encore la liste de ses contacts, des données que la NSA et le GCHQ
britannique récupèrent dans le cadre de leurs vastes programmes de
collecte.
Un rapport cité par le quotidien note ainsi que toute mise à jour du
système d'exploitation Android envoie sur le réseau 500 lignes de
données sur l'historique du téléphone et son utilisation, des données
captées par les agences de renseignement.
Lire l article :
Les applications de téléphone comme Angry Birds vous surveillent pour la NSA
interceptions de communications, et son homologue britannique du GCHQ
collectent quantité de données sur les utilisateurs d'applications sur
téléphones intelligents, que ce soit Facebook, Angry Birds ou Google
Maps, a révélé lundi le New York Times.
Après les révélations sur la collecte des métadonnées téléphoniques,
la récupération des SMS ou encore la surveillance des plateformes de
jeux en ligne, de nouveaux documents fournis par l'ancien consultant
Edward Snowden dévoilent encore un peu plus la portée des activités de
surveillance de la NSA.
Selon le Times, qui s'appuie sur ces documents, à chaque fois que
quelqu'un utilise une application sur son smartphone, ce programme fait
apparaître quantité de données sur la localisation de l'utilisateur ou
encore la liste de ses contacts, des données que la NSA et le GCHQ
britannique récupèrent dans le cadre de leurs vastes programmes de
collecte.
Un rapport cité par le quotidien note ainsi que toute mise à jour du
système d'exploitation Android envoie sur le réseau 500 lignes de
données sur l'historique du téléphone et son utilisation, des données
captées par les agences de renseignement.
Lire l article :
Les applications de téléphone comme Angry Birds vous surveillent pour la NSA
Friday, January 24, 2014
Monday, January 20, 2014
Mobiquant News: iPad and iPhone users urged to switch to Android by Eric Schmidt ~ Blog Mobiquant Technologies
Mobiquant Technologies - Mobile Security Management :
Google executive chairman issues how to leave Apple guide for new Android users. Google executive chairman Eric Schmidt has authored a guide to help Apple iPhone users make the switch to the Android mobile operating system. Mobiquant News: iPad and iPhone users urged to switch to Android by Eric Schmidt ~ Blog Mobiquant Technologies.
The post Mobiquant News: iPad and iPhone users urged to switch to Android by Eric Schmidt ~ Blog Mobiquant Technologies appeared first on Mobiquant Technologies.
from WordPress http://ift.tt/1mly8i2
via IFTTT
Thursday, January 16, 2014
Thursday, December 12, 2013
Wednesday, December 11, 2013
Mobile Security Management
Mobiquant Technologies flagship product - Mobile NX Defender Suite™ empowers enterprises, governments and end-users in manageing security vulnerabilities of their mobile devices and applications in real-time. Mobile NX™ opens up potential for new use cases that will improve productivity & increase returns on mobile fleet & IT investments.
Monday, December 2, 2013
▶ LG G Flex, first Self Healing Phone from scratches and fully flexible !
At Mobiquant, we got the new LG G flex, and were impressed .
South Korean electronics company LG has launched its Flex smartphone with an intriguing “self-healing” coating that supposedly allows it to recovers from accidental scratches.
To put this claim to the test, YouTube tech personality Marques Brownlee has deliberately scratched his LG Flex phone with his keys, mimicking the way they would rub up against the phone in his pocket.
Surprisingly, after just a few minutes, the light scratches were already mostly cleared up and barely noticeable, thus demonstrating the self-healing power of LG’s special cover coating.
Brownlee also took a knife to his LG Flex—while its self-healing feature was less effective in this case, the knife cut did become far less obvious than it would have been with a regular phone.
Whatch Bronwlee demo:
South Korean electronics company LG has launched its Flex smartphone with an intriguing “self-healing” coating that supposedly allows it to recovers from accidental scratches.
To put this claim to the test, YouTube tech personality Marques Brownlee has deliberately scratched his LG Flex phone with his keys, mimicking the way they would rub up against the phone in his pocket.
Surprisingly, after just a few minutes, the light scratches were already mostly cleared up and barely noticeable, thus demonstrating the self-healing power of LG’s special cover coating.
Brownlee also took a knife to his LG Flex—while its self-healing feature was less effective in this case, the knife cut did become far less obvious than it would have been with a regular phone.
Whatch Bronwlee demo:
mPROAPPSTORE SMEAP : Mobile Enterprise Application, Write once, securely run anywhere
Centralized management enabling administrators to control which users can access an application and what enterprise databases that application can exploit data from.
simplify cross-platform development.
Subscribe to:
Posts (Atom)
Stay updated, Subscribe
Posts
All Comments