Forwarded from BlackBox (Security) Archiv
How Banks Make Online Banking Insecure Through Apps
1. App obligation
Online banking on the smartphone is generally not a good idea. The reason for this is not necessarily the banking apps, but the update policy of the smartphone manufacturers, the misleading advertising of the banks and the naive behavior of the customers. However, all this does not seem to bother the banks much. True to the motto:
"Digital first - Concerns second"
banking apps are made appealing to loyal customers and any risks are simply pushed aside. The fact is: with smartphone apps, banks have moved to a platform that they cannot control. Nevertheless, banking apps are promoted and security mechanisms such as two-factor authentication (2FA) are simply undermined by ill-considered decisions. In the end, online banking via app is not more secure, but exactly the opposite.
1st problem: Android update policy
Both software and hardware have weaknesses, some of which are so serious that attackers can take complete control of a system. It is therefore essential to import available (system) updates promptly in order to keep the risk for data and the digital identity as low as possible. That's the theory. In practice, the world looks very different again - especially in the Android world.
Most Android devices are usually only neglected by many manufacturers with regard to security updates, and at some point they are even completely violated. This inevitably creates a "vacuum" in the Android world that makes many or most devices vulnerable to critical security vulnerabilities. Such vulnerabilities enable attackers to gain control over the device, spy on the user or allow data to flow off unnoticed. Discovering a critical vulnerability would be enough to make millions of devices vulnerable in one fell swoop. Such serious vulnerabilities are not rare, but occur at regular intervals. In 2018 alone, 611 vulnerabilities were identified in Android - in 2017 even 842.
Full translated article:
https://telegra.ph/How-Banks-Make-Online-Banking-Insecure-Through-Apps-07-09
Source (๐ฉ๐ช):
https://www.kuketz-blog.de/wie-banken-online-banking-durch-apps-unsicher-machen/
#Kuketz #online #banking #smartphone #apps #insecure #vulnerabilities
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_ES
1. App obligation
Online banking on the smartphone is generally not a good idea. The reason for this is not necessarily the banking apps, but the update policy of the smartphone manufacturers, the misleading advertising of the banks and the naive behavior of the customers. However, all this does not seem to bother the banks much. True to the motto:
"Digital first - Concerns second"
banking apps are made appealing to loyal customers and any risks are simply pushed aside. The fact is: with smartphone apps, banks have moved to a platform that they cannot control. Nevertheless, banking apps are promoted and security mechanisms such as two-factor authentication (2FA) are simply undermined by ill-considered decisions. In the end, online banking via app is not more secure, but exactly the opposite.
1st problem: Android update policy
Both software and hardware have weaknesses, some of which are so serious that attackers can take complete control of a system. It is therefore essential to import available (system) updates promptly in order to keep the risk for data and the digital identity as low as possible. That's the theory. In practice, the world looks very different again - especially in the Android world.
Most Android devices are usually only neglected by many manufacturers with regard to security updates, and at some point they are even completely violated. This inevitably creates a "vacuum" in the Android world that makes many or most devices vulnerable to critical security vulnerabilities. Such vulnerabilities enable attackers to gain control over the device, spy on the user or allow data to flow off unnoticed. Discovering a critical vulnerability would be enough to make millions of devices vulnerable in one fell swoop. Such serious vulnerabilities are not rare, but occur at regular intervals. In 2018 alone, 611 vulnerabilities were identified in Android - in 2017 even 842.
Full translated article:
https://telegra.ph/How-Banks-Make-Online-Banking-Insecure-Through-Apps-07-09
Source (๐ฉ๐ช):
https://www.kuketz-blog.de/wie-banken-online-banking-durch-apps-unsicher-machen/
#Kuketz #online #banking #smartphone #apps #insecure #vulnerabilities
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_ES
Forwarded from BlackBox (Security) Archiv
Shodanfy.py
Get ports, vulnerabilities, informations, banners,..etc for any IP with Shodan (no apikey! no rate limit!)
๐ก Usage:
โ ๏ธ Always remember to use these techniques, instructions or hardware only with devices whose owners or users have allowed this !! The unauthorized access to foreign infrastructure is punishable by law.
#shodan #vulnerabilities #pentesting
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@BlackBox_Archiv
Get ports, vulnerabilities, informations, banners,..etc for any IP with Shodan (no apikey! no rate limit!)
๐ก Usage:
# python3 shodanfy.py <ip> [OPTIONS]
e.g:
python3 shodanfy.py 111.111.111.111
python3 shodanfy.py 111.111.111.111 --getports
python3 shodanfy.py 111.111.111.111 --getvuln
python3 shodanfy.py 111.111.111.111 --getinfo
python3 shodanfy.py 111.111.111.111 --getmoreinfo
python3 shodanfy.py 111.111.111.111 --getbanner
python3 shodanfy.py 111.111.111.111 --getports --getvuln
python3 shodanfy.py 111.111.111.111 --proxy 127.0.0.1:8080
# support pipeline, --stdin option is required..
# echo "<ip>" or cat ips.txt | python3 shodanfy.py --stdin [OPTIONS]
e.g:
echo "111.111.111.111"|python3 shodanfy.py --stdin
echo "111.111.111.111"|python3 shodanfy.py --stdin --proxy 127.0.0.1:8080
echo "111.111.111.111"|python3 shodanfy.py --stdin --getvuln
cat ips.txt|python3 shodanfy.py --stdin --getports
dig google.com +short A | grep -oi '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | python3 shodanfy.py --stdin --geports
๐๐ผ https://github.com/m4ll0k/Shodanfy.pyโ ๏ธ Always remember to use these techniques, instructions or hardware only with devices whose owners or users have allowed this !! The unauthorized access to foreign infrastructure is punishable by law.
#shodan #vulnerabilities #pentesting
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@BlackBox_Archiv
Forwarded from BlackBox (Security) Archiv
Backdoors and other vulnerabilities in HiSilicon based hardware video encoders
Update 2020-09-17: Huawei issued a statement saying that none of the vulnerabilities have been introduced by HiSilicon chips and SDK packages. I will update this article as more information comes in.
This article discloses critical vulnerabilities in IPTV/H.264/H.265 video encoders based on HiSilicon hi3520d hardware. The vulnerabilities exist in the application software running on these devices. All vulnerabilities are exploitable remotely and can lead to sensitive information exposure, denial of service, and remote code execution resulting in full takeover of the device. With multiple vendors affected, and no complete fixes at the time of the publication, these encoders should only be used on fully trusted networks behind firewalls. I hope that my detailed write-up serves as a guide for more security research in the IoT world.
๐ ๐๐ผ https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
๐ ๐๐ผ ๐ฉ๐ช https://www.heise.de/news/Backdoors-in-Video-Encodern-auf-Huawei-Chips-entdeckt-Ursprung-unbekannt-4905641.html
#hisilicon #hardware #video #encoder #vulnerabilities #huawei #chips #backdoors
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@BlackBox_Archiv
๐ก@NoGoolag
Update 2020-09-17: Huawei issued a statement saying that none of the vulnerabilities have been introduced by HiSilicon chips and SDK packages. I will update this article as more information comes in.
This article discloses critical vulnerabilities in IPTV/H.264/H.265 video encoders based on HiSilicon hi3520d hardware. The vulnerabilities exist in the application software running on these devices. All vulnerabilities are exploitable remotely and can lead to sensitive information exposure, denial of service, and remote code execution resulting in full takeover of the device. With multiple vendors affected, and no complete fixes at the time of the publication, these encoders should only be used on fully trusted networks behind firewalls. I hope that my detailed write-up serves as a guide for more security research in the IoT world.
๐ ๐๐ผ https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
๐ ๐๐ผ ๐ฉ๐ช https://www.heise.de/news/Backdoors-in-Video-Encodern-auf-Huawei-Chips-entdeckt-Ursprung-unbekannt-4905641.html
#hisilicon #hardware #video #encoder #vulnerabilities #huawei #chips #backdoors
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@BlackBox_Archiv
๐ก@NoGoolag
huawei
Security Notice โ Statement on the Media Reports About the Suspected Security Issues in HiSilicon Video Surveillance Chips
Forwarded from BlackBox (Security) Archiv
Setup for testing Android app vulnerabilities
In the previous article I documented my approach for reverse engineering an Android game. But getting my hands on the code is only one part of security research. Once a potential issue is identified, I need to verify that it is actually exploitable. So there is no way around messing with an actual live app. Ideally that has to happen in a controlled environment with emulated hardware. As before, this is mostly me writing things down for my future self, but it might come useful for other people as well.
๐ก Contents
โ Choosing a virtualization approach
โ Setting up Android SDK
โ Minimal proof of concept Android app
โ Adding debugging output to the target application
https://palant.info/2021/02/22/setup-for-testing-android-app-vulnerabilities/
#setup #testing #android #app #vulnerabilities #guide
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
๐ก@NoGoolag
In the previous article I documented my approach for reverse engineering an Android game. But getting my hands on the code is only one part of security research. Once a potential issue is identified, I need to verify that it is actually exploitable. So there is no way around messing with an actual live app. Ideally that has to happen in a controlled environment with emulated hardware. As before, this is mostly me writing things down for my future self, but it might come useful for other people as well.
๐ก Contents
โ Choosing a virtualization approach
โ Setting up Android SDK
โ Minimal proof of concept Android app
โ Adding debugging output to the target application
https://palant.info/2021/02/22/setup-for-testing-android-app-vulnerabilities/
#setup #testing #android #app #vulnerabilities #guide
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
๐ก@NoGoolag
Almost Secure
Setup for testing Android app vulnerabilities
Documenting my setup: Android emulator, minimal Android app and instrumenting the target app via Soot to get debugging info.
Forwarded from BlackBox (Security) Archiv
This media is not supported in your browser
VIEW IN TELEGRAM
Allow arbitrary URLs, expect arbitrary code execution
We found and reported 1-click code execution vulnerabilities in popular software including Telegram, Nextcloud, VLC, Libre-/OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark and Mumble
Desktop applications which pass user supplied URLs to be opened by the operating system are frequently vulnerable to code execution with user interaction
Code execution can be achieved either when a URL pointing to a malicious executable (.desktop, .jar, .exe, โฆ) hosted on an internet accessible file share (nfs, webdav, smb, โฆ) is opened, or an additional vulnerability in the opened applicationโs URI handler is exploited
Vulnerabilities following this pattern have already been found in other software, with more expected to be revealed going forward
https://positive.security/blog/url-open-rce
#vulnerabilities #url #arbitrary #code #execution #poc #video
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
๐ก@NoGoolag
We found and reported 1-click code execution vulnerabilities in popular software including Telegram, Nextcloud, VLC, Libre-/OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark and Mumble
Desktop applications which pass user supplied URLs to be opened by the operating system are frequently vulnerable to code execution with user interaction
Code execution can be achieved either when a URL pointing to a malicious executable (.desktop, .jar, .exe, โฆ) hosted on an internet accessible file share (nfs, webdav, smb, โฆ) is opened, or an additional vulnerability in the opened applicationโs URI handler is exploited
Vulnerabilities following this pattern have already been found in other software, with more expected to be revealed going forward
https://positive.security/blog/url-open-rce
#vulnerabilities #url #arbitrary #code #execution #poc #video
๐ก@cRyPtHoN_INFOSEC_FR
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@BlackBox_Archiv
๐ก@NoGoolag
How do You Hack #Whatsapp Chats? - 7 #Vulnerabilities Explained
https://hackernoon.com/how-to-hack-whatsapp-chats-9f203tq0
https://hackernoon.com/how-to-hack-whatsapp-chats-9f203tq0
Hackernoon
How do You Hack Whatsapp Chats? - 7 Vulnerabilities Explained | HackerNoon
You can Hack WhatsApp chats by syncing the web version of the app, exporting chat logs, using POCWAPP, WhatsAPP Scan Pro, spoofing, and spy apps.
Leveraging Android Permissions: A Solver Approach โ Thalium - 2022
#Cybersecurity #Vulnerabilities #ApplicationPermissions #Android
The logic of the rules behind this system are mostly implemented in two framework services: PermissionManagerService and PackageManagerService.
Recently, those components have suffered from several vulnerabilities that were found through fuzzing. They led to critical privilege escalation without user consent.
In this blog post, we first present a case study of a permission management vulnerability. Then, we describe the solver approach we followed to help in the vulnerability research. Eventually, we explain a new vulnerability that was discovered thanks to the solver, and which was reported to Google.
#Cybersecurity #Vulnerabilities #ApplicationPermissions #Android
Forwarded from Pegasus NSO & other spyware
Finding You: The Network Effect of Telecommunications Vulnerabilities for Location Disclosure | The Citizen Lab โ
26/10/2023
#Vulnerabilities #mobile #Networks
26/10/2023
The information collected by, and stored within, mobile networks can represent one of the most current and comprehensive dossiers of our life. Our mobile phones are connected to these networks and reveal our behaviours, demographic details, social communities, shopping habits, sleeping patterns, and where we live and work, as well as provide a view into our travel history. This information, in aggregate, is jeopardized, however, by technical vulnerabilities in mobile communications networks
.#Vulnerabilities #mobile #Networks
Forwarded from Pegasus NSO & other spyware
When You Roam, Youโre Not Alone | Lawfare โ
A fix is long overdue for one of the most extensive, yet lesser-known surveillance risks of our age: the technical vulnerabilities at the heart of the worldโs mobile communications networks
Weโve all been there before: Youโre traveling abroad, and as your plane lands and is taxiing to the gate, you reach for your phone, wait for it to connect to the local network, and then you are greeted with a text message: โWelcome abroad, youโre now roaming!โ Beyond the exorbitant fees, few of us are likely to give the matter much thought.
However, hidden within this seemingly routine transaction lies one of the most extensive, yet lesser-known surveillance risks of our age: the technical vulnerabilities at the heart of the worldโs mobile communications networks.
#Mobile #Network #Cellular #Roaming #Vulnerabilities
A fix is long overdue for one of the most extensive, yet lesser-known surveillance risks of our age: the technical vulnerabilities at the heart of the worldโs mobile communications networks
Weโve all been there before: Youโre traveling abroad, and as your plane lands and is taxiing to the gate, you reach for your phone, wait for it to connect to the local network, and then you are greeted with a text message: โWelcome abroad, youโre now roaming!โ Beyond the exorbitant fees, few of us are likely to give the matter much thought.
However, hidden within this seemingly routine transaction lies one of the most extensive, yet lesser-known surveillance risks of our age: the technical vulnerabilities at the heart of the worldโs mobile communications networks.
#Mobile #Network #Cellular #Roaming #Vulnerabilities
Media is too big
VIEW IN TELEGRAM
Physical Attacks Against Smartphones
Android devices are constantly improving their security to protect against attackers with physical access, with new protection techniques being added year-by-year. This talk aims to demonstrate vulnerabilities in modern Android smartphones that are still viable, despite the mitigations in place.
In the first phase of this talk, we will discuss the analysis and exploitation of vendor-customized versions of Android's Recovery mode, demonstrating weaknesses that allow for privilege escalation to root, and traversal from Recovery to Android, without Bootloader access....
By: Christopher Wade
Full Abstract and Presentation Materials:https://www.blackhat.com/us-23/briefings/schedule/#physical-attacks-against-smartphones-32485
#Android #Vulnerabilities #RecoveryMode #Exploit #PrivilegdeEscalation #Root
Android devices are constantly improving their security to protect against attackers with physical access, with new protection techniques being added year-by-year. This talk aims to demonstrate vulnerabilities in modern Android smartphones that are still viable, despite the mitigations in place.
In the first phase of this talk, we will discuss the analysis and exploitation of vendor-customized versions of Android's Recovery mode, demonstrating weaknesses that allow for privilege escalation to root, and traversal from Recovery to Android, without Bootloader access....
By: Christopher Wade
Full Abstract and Presentation Materials:https://www.blackhat.com/us-23/briefings/schedule/#physical-attacks-against-smartphones-32485
#Android #Vulnerabilities #RecoveryMode #Exploit #PrivilegdeEscalation #Root
Media is too big
VIEW IN TELEGRAM
The Most Dangerous Codec in the World: Finding and Exploiting Vulnerabilities in H.264 Decoders
Modern video encoding standards such as H.264 are a marvel of hidden complexity. But with hidden complexity comes hidden #security risk. #Decoding video today involves interacting with dedicated #hardware accelerators and the #proprietary, privileged software components used to drive (#driver) them. The video #decoder ecosystem is obscure, opaque, diverse, highly privileged, largely untested, and highly exposed -- a dangerous combination.
We introduce H26Forge, a framework that carefully crafts #video files to expose edge cases in H.264 decoders....
By: Stephen Checkoway , Hovav Shacham , Willy Vasquez
Full Abstract and Presentation Materials
#VideoEncoding #Vulnerabilities #Security #Codec #H264 #Exploit
Modern video encoding standards such as H.264 are a marvel of hidden complexity. But with hidden complexity comes hidden #security risk. #Decoding video today involves interacting with dedicated #hardware accelerators and the #proprietary, privileged software components used to drive (#driver) them. The video #decoder ecosystem is obscure, opaque, diverse, highly privileged, largely untested, and highly exposed -- a dangerous combination.
We introduce H26Forge, a framework that carefully crafts #video files to expose edge cases in H.264 decoders....
By: Stephen Checkoway , Hovav Shacham , Willy Vasquez
Full Abstract and Presentation Materials
#VideoEncoding #Vulnerabilities #Security #Codec #H264 #Exploit
Forwarded from Pegasus NSO & other spyware
Bypassing the โrun-asโ debuggability check on Android via newline injection | Meta Red Team X โ
#Infosec #Vulnerabilities #CVE #Android #ADB
An attacker with ADB access to an Android device can trick the โrun-asโ tool into believing any app is debuggable. By doing so, they can read and write private data and invoke system APIs as if they were most apps on the systemโincluding many privileged apps, but not ones that run as the system user. Furthermore, they can achieve persistent code execution as Google Mobile Services (GMS) or as apps that use its SDKs by altering executable code that GMS caches in its data directory.
Google assigned the issue CVE-2024-0044 and fixed it in the March 2024 Android Security Bulletin, which becomes public today. Most device manufacturers received an advance copy of the Bulletin a month ago and have already prepared updates that include its fixes.
#Infosec #Vulnerabilities #CVE #Android #ADB
Forwarded from Pegasus NSO & other spyware
Attacking Android
"
#Android #Infosec #Vulnerabilities
"
In this comprehensive guide, we delve into the world of Android security from an offensive perspective, shedding light on the various techniques and methodologies used by attackers to compromise Android devices and infiltrate their sensitive data. From exploiting common coding flaws to leveraging sophisticated social engineering tactics, we explore the full spectrum of attack surfaces present in Android environments."
#Android #Infosec #Vulnerabilities
Media is too big
VIEW IN TELEGRAM
AutoSpill: Zero Effort Credential Stealing from Mobile Password Managers
We will present a novel attack - that we call AutoSpill - to steal users' saved credentials from PMs during an autofill operation on a login page loaded inside an app. AutoSpill violates Android's secure autofill process. We found that the majority of top Android PMs were vulnerable to AutoSpill; even without JavaScript injections. With #JavaScriptInjections enabled, all of them were found vulnerable. We discovered the fundamental reasons for AutoSpill and will propose systematic countermeasures to fix AutoSpill properly. We responsibly disclosed our findings to the affected PMs and Android security team. Different PMs and Google accepted our work as a valid issue.
By: Ankit Gangwal , Shubham Singh , Abhijeet Srivastava
Full Abstract and Presentation Materials
#Android #Vulnerabilities #PasswordManager #AutoSpill
We will present a novel attack - that we call AutoSpill - to steal users' saved credentials from PMs during an autofill operation on a login page loaded inside an app. AutoSpill violates Android's secure autofill process. We found that the majority of top Android PMs were vulnerable to AutoSpill; even without JavaScript injections. With #JavaScriptInjections enabled, all of them were found vulnerable. We discovered the fundamental reasons for AutoSpill and will propose systematic countermeasures to fix AutoSpill properly. We responsibly disclosed our findings to the affected PMs and Android security team. Different PMs and Google accepted our work as a valid issue.
By: Ankit Gangwal , Shubham Singh , Abhijeet Srivastava
Full Abstract and Presentation Materials
#Android #Vulnerabilities #PasswordManager #AutoSpill