Normal people spend their nights watching movies, reading articles, socializing or (yes, I know it's odd) sleeping. I spend my nights reading RFCs and pentesting various applications/services.
One night I was randomly reading the tel URI scheme RFC as I am fascinated by old relics that are still used today, their flaws and the way people never read the RFC which leads to RTFM pwnage as I call it. As I finished reading the tel RFC I looked at my iPhone and said: Cool, let's try it out!. I instacoded a small html page and loaded it in Safari. As I clicked the click me link I was prompted with a nice dialog asking me if I really want to call 0000.Read more
Security researchers from MetaIntell have discovered security vulnerability in the new version of Facebook SDK that put millions of Facebook user's Authentication Tokens at risk.
With help of Facebook SDK for Android and iOS it is easy to integrate mobile apps with Facebook platform. The set of program tools gives creators a chance to simplify process of reading and writing to Facebook APIs and other. “Login as Facebook” function is a secure and personalized way for users to sign, because sharing passwords is not needed.Read more
Both mobile operating systems pose risks to the enterprise. A new report about mobile threats in 2014 from Marble Security maintains that neither iOS nor Android is inherently more secure than the other OS.
In spite of the level of protection in iOS is higher, than in Android, none of these platforms are absolutely safe. The risks to enterprises allowing employees to bring in their own devices, whether iOS or Android-based, are not that dissimilar. But iOS has its own advantages, for example, non-jailbroken iOS devices can only download apps from Apple’s App Store which is strictly checked on existence of malicious software by Apple.Read more
Facebok has recently launched a new feature that tries to identify television or music content while using the device's microphone to listen to the environment when posting a status update.
To utilize this option, the user has to click the “mood” icon when starting to create a status update and the app will start listening to identify a song, a movie or a TV show. It is possible to turn off the feature by tapping the microphone icon at the top right of the screen. Facebook assures that none of the sound data is saved and the user is given the choice whether to add it to the post or not, but adding will only be possible if the program identifies the content.Read more
Dutch group of hackers named doulCi can activate blocked by means of Activation Lock function iPhones, using false iCloud servers.
Team DoulCi published a workaround that requires users to plug a bricked device into their computer and alter the "hosts" file inside. The iPhone or iPad is then tricked into connecting to the hacked server, which unlocks the gadget. Then the device is enough to be connected to iTunes and to dump Activation Lock regularly. DoulCi system works only partially: in attempt to unblock iPhone by their method, GSM module remains disconnected because hackers have no corresponding activation keys, however they promise to correct a problem shortly. The user gets access only to device operating system and Wi-Fi.Read more
Apple has the technical ability to disclose a wide range of information about a user upon the request of the authorities – from the person’s name and contact information to their photos and e-mail content.
This refers to the new company policy of cooperation with the law enforcement agencies. If there is a valid search warrant and the serial number of the iPhone, iPod touch or iPad the Cupertino-based company may extract some types of data, even if the device has a password.
In particular, this refers to the user files created with proprietary applications. These include SMS-messages, photos, videos, contacts, and call history records. In case if the iOS-device is password-protected, the Apple cannot disclose the contents of the e-mail, calendar plans or the data of the third party applications.Read more
Researchers have uncovered Android-based malware that disables infected handsets until end users pay a hefty cash payment to settle trumped-up criminal charges involving the viewing of illegal pornography.
To stoke maximum fear, Android-Trojan.Koler.A uses geolocation functions to tailor the warnings to whatever country a victim happens to reside in. The screenshot to the right invoking the FBI, for instance, is the notice that's displayed on infected phones connecting from a US-based IP address. People in Romania and other countries will see slightly different warnings. The malware prevents users from accessing the home screen of their phones, making it impossible to use most other apps installed on the phone.Read more
Apple's Mail app in iOS 7 is failing to encrypt email attachments, leaving user data vulnerable to hackers, a security researcher claims. Andreas Kurtz posted his findings online, saying Apple's email app in the latest version of its iPhone and iPad software is not securing files that are attached to emails.
This makes the files readily available to anyone with the proper software. The researcher said he confirmed this by trying out a method on email stored in an iPhone 4 running the latest version of iOS 7. He said he was able to find the device's email attachments unprotected, and he said he later confirmed the process on an iPhone 5s and an iPad 2. Advertisement "I found all attachments accessible without any encryption/restriction," Kurtz wrote.Read more
Viber, a mobile messenger app that allows users to make phone calls and send text messages and images for free, also gives up plenty of free user data to anyone who wants to listen.
According to researchers from the University of New Haven (UNH) in Connecticut, US, Viber's app sends user messages in unencrypted form - including photos, videos, doodles, and location images.
All of that rich data from users is also stored unencrypted on Viber's servers, rather than being deleted immediately, and is accessible without credentials, just a link, the UNH researchers said.Read more
Now your TV could be infected by computer viruses. Technology security expert warns cyber criminals could infect millions of devices. Televisions could soon be infected by computer viruses, one of the world's top technology security experts has warned.
Eugene Kaspersky is co-founder and chief executive of Russia’s Kaspersky Lab, the world’s fourth largest computer antivirus company. He said threats will spread to the 'home environment' and televisions as internet connections make technology more vulnerable.Televisions could soon be infected by computer viruses, one of the world's top technology security experts has warned In an interview with The Telegraph he said his company's headquarters in Moscow receives 315,000 suspicious activity reports every day.Read more