Mobile

Pierluigi Paganini November 06, 2016
How to Exploit Belkin WEMO gear to hack Android devices

Belkin’s WeMo home automation firmware that’s in use in several IoT devices has recently been found vulnerable to an SQL injection. Belkin’s WeMo home automation firmware that’s in use in its light bulbs, switches, security cameras, coffee makers and room heaters has recently been found vulnerable to an SQL injection. The hack allows root privileges […]

Pierluigi Paganini November 05, 2016
One oAuth 2.0 hack, 1 Billion Android App Accounts potentially exposed

Security researchers demonstrated that a Wrong oAuth 2.0 implementation allows a remote simple hack that exposes more than 1 Billion Android App Accounts. A remote simple hack devised by a group of security researchers threatens an amazing number of Android and iOS apps. An attacker can use the technique to sign into any victim’s mobile […]

Pierluigi Paganini October 26, 2016
Pwn2Own 2016 – Keen Team won $215k by hacking Nexus 6p and iPhone 6S

Tencent Team Keen won $215k at PWN2OWN Mobile by hacking Nexus 6p and using two exploits for the iPhone iOS 10.1 … all in just 5 minutes each round. Yesterday I was writing about the possibility to hack an Apple device just by opening an image or a PDF, today I desire to inform you […]

Pierluigi Paganini October 26, 2016
Cellebrite digital forensics tools leaked online by a reseller

The firmware used by the Israeli mobile forensic firm Cellebrite was leaked online by one of its resellers, the McSira Professional Solutions. Do you know Cellebrite? It is an Israeli firm that designs digital forensics tools that are used by law enforcement and intelligence agencies to examine mobile devices in investigations. It became famous when […]

Pierluigi Paganini October 25, 2016
Upgrade your iPhone to iOS 10.1 or you can get hacked by opening a JPEG or a PDF

Viewing a maliciously crafted JPEG may lead to arbitrary code execution, a boobytrapped JPEG could compromise your iPhone. Upgrade to iOS 10.1 Even a simple action such as looking a JPEG image or opening a PDF document could cause serious problems, an attacker, in fact, could hijack your Apple mobile device (iPhone, iPad, and iPod). Yes, it’s correct! […]

Pierluigi Paganini October 25, 2016
Millions of Android smartphones exposed to new Drammer Android attack

A new method of attack dubbed DRAMMER could be exploited to gain ‘root’ access to millions of Android smartphones and take control of affected devices. Earlier last year, security researchers from Google’s Project Zero outlined a way to hijack the computers running Linux by abusing a design flaw in the memory and gaining higher kernel privileges on the system. […]

Pierluigi Paganini October 18, 2016
The ‘Sin’ Card: How criminals unlocked a stolen iPhone 6S

Even if you have an iPhone 6S protected by a 6 digits password plus the touch ID fingerprint it is possible to unlock it. 1. Introduction You have an iPhone 6S protected by a 6 digits password plus the touch ID fingerprint and you may think that nobody can unlock it without the code, right? […]

Pierluigi Paganini October 15, 2016
Android Acecard banking trojan asks users for selfie with an ID card

Experts discovered a new variant of the Android Acecard banking trojan that asks victims to take a selfie while they are holding an ID card. The inventiveness of the criminals is a never ending pit. Recently, a number of organizations announced a new authentication method based on the selfies. For example, HSBC customers can open […]

Pierluigi Paganini October 05, 2016
WiFox mobile app shows names and passwords for Wi-Fi airports networks worldwide

The WiFox mobile app was designed as a huge container of network names and passwords for Wi-Fi airports networks worldwide. Do you travel a lot? Probably you have already read about WiFox, it is a legitimate Android/iOS mobile app that includes indications of thousands of airport Wi-Fi networks and their passwords. We have spoken several times about the […]

Pierluigi Paganini September 29, 2016
CatchApp system can spy on WhatsApp encrypted communications from a backpack

The Israeli surveillance firm Wintego is offering for sale the system called CatchApp that is able to hack WhatsApp encrypted communications. The Israeli surveillance firm Wintego is offering for sale a system that is able to hack WhatsApp encrypted communications from mobile devices within close proximity of a hidden Wi-Fi hacking device in a backpack. The news has been […]