Pierluigi Paganini
November 15, 2016
Experts at Kryptowire discovered a mobile phone firmware that transmitted personally identifiable information without user consent due to a backdoor. Security experts from Kryptowire firm have discovered a backdoor in the firmware installed on low-cost Android phones. The backdoor affects mobile phones from BLU Products that are available for sale on both Amazon and Best Buy. […]
Pierluigi Paganini
November 09, 2016
Kaspersky discovered a new strain of the Svpeng Trojan delivered through popular news websites using Google’s AdSense via a zero-day in Chrome. Crooks exploited a Chrome Zero-Day vulnerability to deliver the Android Svpeng Trojan to Android users via Google AdSense. The Svpeng Trojan is not a new threat, it was first spotted by Kaspersky Lab in July 2013 when threat […]
Pierluigi Paganini
November 08, 2016
A group of researchers from Nokia Bell Labs and Aalto University in Finland demonstrated how to hack protocols used in the LTE networks. We discussed several times the rule of the SS7 signaling protocol in mobile communications and how to exploit its flaws to track users. When mobile users travel between countries, their mobile devices connect to the infrastructure of a […]
Pierluigi Paganini
November 06, 2016
Belkin’s WeMo home automation firmware that’s in use in several IoT devices has recently been found vulnerable to an SQL injection. Belkin’s WeMo home automation firmware that’s in use in its light bulbs, switches, security cameras, coffee makers and room heaters has recently been found vulnerable to an SQL injection. The hack allows root privileges […]
Pierluigi Paganini
November 05, 2016
Security researchers demonstrated that a Wrong oAuth 2.0 implementation allows a remote simple hack that exposes more than 1 Billion Android App Accounts. A remote simple hack devised by a group of security researchers threatens an amazing number of Android and iOS apps. An attacker can use the technique to sign into any victim’s mobile […]
Pierluigi Paganini
October 26, 2016
Tencent Team Keen won $215k at PWN2OWN Mobile by hacking Nexus 6p and using two exploits for the iPhone iOS 10.1 … all in just 5 minutes each round. Yesterday I was writing about the possibility to hack an Apple device just by opening an image or a PDF, today I desire to inform you […]
Pierluigi Paganini
October 26, 2016
The firmware used by the Israeli mobile forensic firm Cellebrite was leaked online by one of its resellers, the McSira Professional Solutions. Do you know Cellebrite? It is an Israeli firm that designs digital forensics tools that are used by law enforcement and intelligence agencies to examine mobile devices in investigations. It became famous when […]
Pierluigi Paganini
October 25, 2016
Viewing a maliciously crafted JPEG may lead to arbitrary code execution, a boobytrapped JPEG could compromise your iPhone. Upgrade to iOS 10.1 Even a simple action such as looking a JPEG image or opening a PDF document could cause serious problems, an attacker, in fact, could hijack your Apple mobile device (iPhone, iPad, and iPod). Yes, it’s correct! […]
Pierluigi Paganini
October 25, 2016
A new method of attack dubbed DRAMMER could be exploited to gain ‘root’ access to millions of Android smartphones and take control of affected devices. Earlier last year, security researchers from Google’s Project Zero outlined a way to hijack the computers running Linux by abusing a design flaw in the memory and gaining higher kernel privileges on the system. […]
Pierluigi Paganini
October 18, 2016
Even if you have an iPhone 6S protected by a 6 digits password plus the touch ID fingerprint it is possible to unlock it. 1. Introduction You have an iPhone 6S protected by a 6 digits password plus the touch ID fingerprint and you may think that nobody can unlock it without the code, right? […]
