November 13th, 2009

Man-in-the-middle attacks demoed on 4 smartphones

Posted by Dancho Danchev @ 3:22 pm

Categories: Browsers, Complex Attacks, Hackers, Malware, Mobile (In)Security, Passwords, Privacy, Research, Wi-Fi security

Tags: Network, Wi-Fi Network, Smart Phone, SSL, Attack, Wireless LANs, Wi-Fi, Wireless And Mobility, Security, Dancho Danchev

Security researchers from SMobile Systems have released a paper detailing successful man-in-the-middle attacks against several smartphones.

The SSL enabled log in sessions on the tested, Nokia N95, HTC Tilt, Android G1 and iPhone 3GS devices was sniffed using the publicly available SSLstrip tool, with the attack taking place over insecure Wi-Fi network, now prevalent literally everywhere.

Here’s the scenario they used, and possible mitigation approaches:

Read the rest of this entry »

November 10th, 2009

Commercial spying app for Android devices released

Posted by Dancho Danchev @ 2:07 pm

Categories: Anti Virus, Browsers, Hackers, Malware, Mobile (In)Security, Passwords, Privacy, Spyware and Adware

Tags: Mobile, Malware, Mobile Malware, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

A well known commercial provider of spyware applications for numerous mobile platforms, has recently ported its Mobile Spy app to the Android mobile OS.

Just like previous releases of the application, the Android version keeps a detailed log of GPS locations, calls, visited URLs, and incoming/outgoing SMS messages, available at the disposal of the attacker who installed it manually by obtaining physical access to the targeted device.

More details:

Read the rest of this entry »

November 6th, 2009

Code execution hole in BlackBerry Desktop Manager

Posted by Ryan Naraine @ 7:33 am

Categories: Anti Virus, Apple, Arbitrary Code Execution, Browsers, Data theft, Exploit code, Malware, Mobile (In)Security, Passwords, Patch Watch, iPhone

Tags: Desktop, RIM BlackBerry, Handhelds, Hardware, Ryan Naraine

Research in Motion (RIM) has shipped a patch to cover a gaping hole in its BlackBerry Desktop Manager software.

The vulnerability, which exists in a  Lotus Notes Intellisync DLL that the BlackBerry Desktop Manager uses, allows a malicious user to perform an attack that leverages social engineering to achieve remote code execution on the computer running the BlackBerry Desktop Manager. Read the rest of this entry »

October 22nd, 2009

Gaping security hole in Time Warner cable routers

Posted by Ryan Naraine @ 9:11 am

Categories: Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Exploit code, Java, Mobile (In)Security, Passwords, Patch Watch, Pen testing, Phishing, Responsible disclosure

Tags: Security, Time Warner Inc., Router, Network, Time Warner Cable Inc., Chen, Routers & Switches, Network Technology, Networking, Ryan Naraine

A gaping security hole in cable modems distributed to Time Warner/Road Runner customers could potentially be exploited remotely to access private networks and possibly capture and manipulate private data.

That’s the warning issued by David Chen, a blogger and start-up founder who discovered he could trivially access a customer’s  of Time Warner’s SMC8014 series cable modem/Wi-Fi router combo by simply disabling JavaScript in the browser to access hidden features in the router’s admin interface. Read the rest of this entry »

October 9th, 2009

Google patches Android DoS vulnerabilities

Posted by Ryan Naraine @ 11:17 am

Categories: Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Google, Mobile (In)Security, Patch Watch, Pen testing, Phishing, Responsible disclosure, Reverse Engineering, Spam and Phishing, iPhone

Tags: Google Inc., Phone, DOS, Vulnerability, Patch Management, Cell Phone, SMS, SMS Message, Text Messaging/SMS/MMS, Telephony

Google has shipped a new version of the Android open-source mobile phone platform to fix a pair of security flaws that could lead to denial-of-service attacks.

According to an advisory from oCERT, a group that handles vulnerability disclosure for open-source projects, the flaws could allow hackers to render Android-powered devices useless. Read the rest of this entry »

September 30th, 2009

RIM plugs BlackBerry phishing hole

Posted by Ryan Naraine @ 5:48 am

Categories: Browsers, Complex Attacks, Data theft, Hackers, Locally Running Web Servers, Mobile (In)Security, Passwords, Patch Watch, Phishing

Tags: Research In Motion Ltd., RIM BlackBerry, Phishing, Device User, Handhelds, Hardware, Ryan Naraine

Research in Motion (RIM) has shipped a fix for a serious security vulnerability that exposes BlackBerry users to phishing attacks.

The certificate handling vulnerability, which carries a CVSS severity score of 6.8, affects all versions of the BlackBerry device software.  The flaw allows malicious hackers to trick BlackBerry device users into connecting to an attacker-controlled Web site, RIM warned in an advisory.

Read the rest of this entry »

September 8th, 2009

Microsoft patches gaping Windows worm holes

Posted by Ryan Naraine @ 11:29 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Cisco, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Malware, Microsoft, Mobile (In)Security, Open source, Passwords, Patch Watch, Responsible disclosure, Viruses and Worms, Vulnerability research

Tags: Windows Media Format, Windows Media, Vulnerability, Patch Management, Microsoft Corp., Wireless, Microsoft Windows, Security, Operating Systems, Software

Microsoft today released a peck of patches to cover at least seven documented worm holes in the Windows operating system.

The most serious of the vulnerabilities addresses could lead to remote code execution and complete system takeover attacks.  The September batch of patches does not address the FTP in IIS vulnerability that is currently being exploited in the wild.

Read the rest of this entry »

August 3rd, 2009

Black Hat recap podcast: SSL, SMS, BIOS rootkits

Posted by Ryan Naraine @ 2:10 pm

Categories: Anti Virus, Apple, Arbitrary Code Execution, Black Hat, Botnets, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Firefox, Hackers, Mobile (In)Security, Mozilla, Passwords, Patch Watch, Punditocracy, Responsible disclosure, iPhone

Tags: Black Hat, SSL, SMS, Rootkits, BIOS, Text Messaging/SMS/MMS, Podcasts, Ssl/Tls, Authentication/Encryption, Telephony

In this podcast, I chat with Threatpost.com co-editor Dennis Fisher about the big news coming out of the Black Hat security conference.  We discuss the attacks using SMS and MMS, rootkits in keyboards and BIOSes, vulnerabilities in SSL and the response from vendors to these problems. Listen here [mp3].

August 3rd, 2009

Apple patches Black Hat SMS attack flaw

Posted by Ryan Naraine @ 4:37 am

Categories: Apple, Arbitrary Code Execution, Black Hat, Browsers, Denial of Service (DoS), Exploit code, Hackers, Malware, Mobile (In)Security, Open source, Patch Watch, Pen testing, Responsible disclosure, Viruses and Worms, Vulnerability research, Zero-day attacks, iPhone

Tags: Apple iPhone, Black Hat, Flaw, Apple Inc., SMS, Text Messaging/SMS/MMS, Telephony, Smart Phones, Cellular Phones, Consumer Electronics

On the heels of a Black Hat conference demo of an iPhone hijack via text messages, Apple has shipped an iPhone update with patches for the security flaw.

The iPhone OS 3.0.1 update, available only via iTunes, addresses a memory corruption issue in the way the device decodes SMS (text) messages.   Apple warned that a maliciously crafted SMS message may lead to an unexpected service termination or arbitrary code execution.

Read the rest of this entry »

July 23rd, 2009

The future of mobile malware - digitally signed by Symbian?

Posted by Dancho Danchev @ 3:25 am

Categories: Anti Virus, Hackers, Malware, Mobile (In)Security

Tags: Mobile, Malware, Symbian Inc., Symbian Foundation, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

Earlier this month, a mobile malware known as Transmitter.C, Sexy View, Sexy Space or SYMBOS_YXES.B, slipped through Symbian’s mobile code signing procedure, allowing it to act as a legitimate application with access to device critical functions such as access to the mobile network, and numerous other functions of the handset.

Upon notification, the Symbian Foundation quickly revoked the certificate used by the bogus Chinese company XinZhongLi TianJin Co. Ltd, however, due to the fact the revocation check is turned off by default, the effect of the revocation remains questionable.

What are the chances that future malware authors could bypass the code signing procedure again?

Read the rest of this entry »