Profile cover photo
Profile photo
Renato Rodrigues
⌨ G33k/Coder ☠ Security Guy ☂ Don't Like Rain ☺Happy ♬ Music is Everywhere ¿ Like to Think...
⌨ G33k/Coder ☠ Security Guy ☂ Don't Like Rain ☺Happy ♬ Music is Everywhere ¿ Like to Think...
About
Posts

Post has attachment
http://www.kapricasecurity.com/skorpion

They promise a security scan via USB, I didn’t find any tech information but I have some restrictions how Skorpion works:
 - They have Debug Mode On and the charger interact as an normal "PC";
 - They have a special  HID and an application previous installed will recognize and do the stuff;
 - They have some Multiplexer Hack/Trick to enter in "Special Modes" and do the work. (Not likely.)

Others questions raise:
 - How is done the communication for the back-office ?
 - They do all the analysis work by fingerprinting ?

If someone know more or have more details, shout them :D
Kaprica Security - Skorpion
Kaprica Security - Skorpion
kapricasecurity.com

Post has attachment
Nothing New: "Cyanogenmods Updater Vulnerable to MITM Attack"  and it isn't the only one, a lot of Apps build by our community have the same issue. 

This demo was presented at BSides Lisbon, and it's about the same problem in dSploit The Evildroid Demo (Thorn Proxy attack dSploit) 

And yes, shame on me/all of us that know the problem and don't submit a patch to fix this. ;) 

Post has attachment
Vulnerabilities with Custom Permissions

This looks a really nice vector to gain access to the applications resources. 

Some More Information: https://github.com/commonsguy/cwac-security/blob/master/PERMS.md

https://docs.google.com/a/blip.pt/document/d/1tHElG04AJR5OR2Ex-m_Jsmc8S5fAbRB3s4RmTG_PFnw/edit

Quote: "tl;dr Pinkie Pie exploited an integer overflow in V8 when allocating TypedArrays, abusing dlmalloc inline metadata and JIT rwx memory to get reliable code execution. Pinkie then exploited a bug in a Clipboard IPC message where a renderer-supplied pointer was freed to get code execution in the browser process by spraying multiple gigabytes of shared-memory." 

I would say nice article but it is a real challenge understand all the content ;) Happy Research.

Add a comment...

With the introduction of the dm-verify (http://source.android.com/devices/tech/security/dm-verity.html) in 4.4 i remembered the old Evil Maid attack (http://defreez.com/articles/android-evilmaid.html). This new feature is nice for integrity check of the device blocks but since is a Kernel Module nothing will do to protect against the E.M. attack, am i correct ? 

Post has attachment
Quote: "This exploit is using human greed and little magic. 
First, at remote telephone must be enabled "Install apk from unknown sources". 
Second, at some Android devices more than one application, which can install apk files. For the successful execution apk file, target phone must use standart apk installer. 
Third, a bit social engeneering and nothing else! 
************************* 
This exploit isn't contain any viruses or "evil app". If you want to try install any bad program at remote phone, you must edit exploit. But, it's easy."

URL: http://1337day.com/exploits/21214

So the bug/flaw simple trigger this code or similar:

Intent i = new Intent(Intent.ACTION_VIEW);
i.setDataAndType(FILE_APK_URI,"application/vnd.android.package-archive");
i.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
startActivity(intent);

The question is this app taking advantage from the update method of Mozilla FF or any JavaScript can inject this kind of code ?

Post has attachment
Mobile Malware Sources Dump by Mila from http://contagiominidump.blogspot.pt/

Probably everyone knows it but anyway :) 

Post has attachment
Wait while more posts are being loaded