#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
SaaS Security

android smartphones | Breaking Cybersecurity News | The Hacker News

Android Clickjacking Rootkit Demonstrated

Android Clickjacking Rootkit Demonstrated
Jul 04, 2012
Android Clickjacking Rootkit Demonstrated Mobile security researchers have identified an aspect of Android 4.0.4 (Ice Cream Sandwich) and earlier models that clickjacking rootkits could exploit. Researchers at NC State in the US have developed a proof-of-concept prototype rootkit that attacks the Android framework and could be used to steal personal information. What is clickjacking? It is a malicious technique that tricks users and is often used to take over computers, web cams, or snag confidential info that is revealed by users who thinks they are on an innocent webpage. Like most Android malware, the rootkit can be distributed as a malicious app, opening up a host of potential vulnerabilities on any device on which it is installed. However, it functions in a different way. The rootkit, which could be bundled with an app and is said to be undetectable by anti-virus packages, would allow an attacker to replace a smartphone's browser with a version that logs key strokes to cap

RiskRanker : A New malware detection technique

RiskRanker : A New malware detection technique
Jun 29, 2012
RiskRanker : A New malware detection technique For many years, mobile security experts have been fighting an uphill battle against malware, which has been steadily and dramatically increasing in both volume and sophistication. Well, NQ Mobile's Mobile Security Research Center, in collaboration with North Carolina State University disclosed a new way to detect mobile threats without relying on known malware samples and their signatures.  " In the current scenario malicious software is present in the market place, ready to create havoc as soon as it is downloaded onto a device. Malware is discovered only after it has done irreversible damage. Existing mobile anti-virus software are inadequate in their reactive nature by relying on known malware samples for signature extraction. RiskRanker crushes the mean motives of the culprit by detecting any malicious content while it is still in the app market ." RiskRanker  is a unique analysis system that can automatically detect

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl
Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte

zAnti Pentester's Worldcup tournament open for Hackers

zAnti Pentester’s Worldcup tournament open for Hackers
Jun 24, 2012
zAnti Pentester's Worldcup tournament open for Hackers Today is a great day to be a security enthusiastic since Zimperium kicked off the first ever penetration testing tournament. — Welcome to the Pentester's Worldcup ! Zimperium , a mobile security software start-up was founded by Itzhak " Zuk " Avraham, a world-renowned white-hat hacker, in 2011. The Pentester's World Cup is part of Zimperium's efforts to increase awareness about mobile security, and simultaneously enhance the security of its range of award-winning products. You may recall Anti, The first comprehensive Penetration Testing software offered on Smartphones, Zimperium created a killer mobile app that is so simple to use, any technical person is able to perform pentest on his network to get status of which devices that are attached to the network are vulnerable, what ports are opened and additional information that is a must have for anyone who cares about the safety on his network. Last year at DEFCON, Avraham, also

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

Researchers bypass Google Bouncer Android Security

Researchers bypass Google Bouncer Android Security
Jun 05, 2012
Researchers bypass Google Bouncer Android Security Google's Android platform has become the most popular mobile operating system both among consumers and malware writers, and the company earlier this year introduced the Bouncer system to look for malicious apps in the Google Play market. Bouncer, which checks for malicious apps and known malware, is a good first step, but as new work from researchers Jon Oberheide and Charlie Miller shows, it can be bypassed quite easily and in ways that will be difficult for Google to address in the long term. Bouncer is an automated process that scans apps for known malware, spyware, and Trojans, and looks for suspicious behaviors and compares them against previously analyzed apps. If malicious code or behavior is detected, the app is flagged for manual confirmation that it is malware. " This screencast shows our submitted app handing us a connect-back shell on the Bouncer infrastructure so that we can explore and fingerprint its envir

Bogus Facebook apps spreading Android malware

Bogus Facebook apps spreading Android malware
May 20, 2012
Bogus Facebook apps spreading Android malware Third-party Android markets have traditionally been the main source of infection since the Android boom, as they are less strict than the genuine Play when it comes to bouncing malware. Today Gmanetwork reports that, Users of mobile devices running Google's Android OS were warned over the weekend against a new fake app of the social networking giant that may lead to potential Android malware. These duplicated applications have the same behavior as their original counterparts (in terms of functionality), but they perform a http 302 redirect to another link, that's not Facebook-related, when they detect mobile traffic. What's most concerning is that many of the fake app-based malwares in circulation have purported to be legitimate copies of some of the most popular titles around. No sooner were Android users on red alert for a dodgy Angry Birds Space app, were they informed of a phony Instagram app wreaking havoc through some of the

The Revolution from Cyber Terrorist attack to Indian Cyber Security

The Revolution from Cyber Terrorist attack to Indian Cyber Security
May 14, 2012
The Revolution from Cyber Terrorist attack to Indian Cyber Security Cyber attack has put our lives in danger every second. The cyber attacks are becoming the root cause of the mishappenings around us every other day. As the next generation wars are increasing depending on robust and secure information systems networks, it is imperative for a country to invest in building a reliable infrastructure. As the next generation wars are increasing depending on robust and secure information systems networks, it is imperative for a country to invest in building a reliable infrastructure. Increasing attacks on cyberspace in India has brought several professionals and experts from the Industry, in support with the last week, India's Defense Minister, AK Antony,   announced   an additional $1.3 Billion will be invested in the project making the grand total to a $3.1 Billion.  It is observed that many Electronic Notification is usually sent before a major terrorist attack, followed by defacement

'The Hackers Conference 2012' to be held in New Delhi

'The Hackers Conference 2012' to be held in New Delhi
May 08, 2012
' The Hackers Conference 2012 ' to be held in New Delhi The Biggest Hacking Mania has arrived. The Hackers Conference 2012 will be held in New Delhi on July 29. THC 2012 is expected to be the first open gathering of Blackhat hackers in India who will debate latest security issues with the top itelligence echolons in India. The Registrations and Call for papers for the conference are now open. The organizers have deicded to keep the number of seats to limited to ensure quality of the conference. The conference will be held at the India Habitat Center on July 29th. The Hackers Conference will see a galaxy of renowned speakers presenting 0-Day Vulnerabilities, Exploits and Android/Blackberry/iPhone Hacks. Apart from Speakers presenting on WI-FI and Web Application Security the Special invitees from government Intelligence agencies will also speak on National Security Issues emerging from Scada Hacking. The conference has sent special invites to Blackhat hackers to come and

Android Malware and Corporate Networks Security

Android Malware and Corporate Networks Security
May 08, 2012
Android Malware and Corporate Networks Security A new Android Trojan dubbed " NotCompatible " is being spread through compromised Web sites. This may directly affect Android tablets and smartphones, along with being a potential risk hazard to corporate networks and their security. Kevin Mahaffrey is co-founder and CTO of a San Francisco based firm called Lookout Security. The main focus of the company is Android and during their investigations it was found there was a new malware out there. Called " NotCompatible " the Android malware is, according to Mahaffrey, a risk to corporate networks. According to their report, a hacked Web site would contain a hidden iFrame at the bottom of the page. When the Android browser loads the page, it will attempt to load the file in the hidden iFrame. Upon loading the file, the browser would transfer control to the app loader, which would display an application installation screen, with the header com.Security.Update. An unsuspecting us

TapLogger Android Trojan can Determine Tapped Keys

TapLogger Android Trojan can Determine Tapped Keys
Apr 21, 2012
TapLogger Android Trojan cab Determine Tapped Keys Today's smartphones are shipp ed with various embedded motion sensors, such as the accelerometer, gyroscope, and orientation sensors. These motion sensors are useful in supporting the mobile UI innovation and motion-based commands. However, they also bring potential risks of leaking user's private information as they allow third party applications to monitor the motion changes of smart phones. A team of researchers from Pennsylvania State University (PSU) and IBM have devised an Android-based Trojan that can use a handset's onboard movement sensors to crack passwords. The team created an experimental app called TapLogger , which is based on the premise that when you tap on your touch screen, you're not just interacting with the screen, but moving the entire device. So if you hit a button in the upper right corner, your phone will actually move in that direction slightly, and that subtle movement is then read by the accele

zDefender - Enterprise smartphone IDS/IPS released by Zimperium

zDefender - Enterprise smartphone IDS/IPS released by Zimperium
Apr 20, 2012
zDefender - Enterprise smartphone IDS/IPS released by Zimperium Do you recall the security firm Zimperium which came out with ANTI , the killer Android app that allowed even the clueless to hack and pwn like a pentester? Zimperium, an Israeli security start up founded by Zuk Avraham, a world-renowned hacker and security researcher, has debuted its latest product, the zDefender at DEMO in Santa Clara, California. Called zDefender , this product can detect malicious attacks and take proactive measures to reduce threats via automatic preventive traffic filters and a remote management console. With the onslaught of mobile malware, everyone should have antivirus up and running immediately after purchasing a smartphone. You'd think you were protected from various attacks like man in the middle (MITM) attacks ? At DEMO Spring 2012 , Zuk planted 2 Routers, providing 3 Access points, which have claimed about 3,000 mobile device victims so far. zDefender is able to do this by using Zimpe

Phone Phreaking using Bluebox Demonstrated in India

Phone Phreaking using Bluebox Demonstrated in India
Apr 15, 2012
Phone Phreaking  using Bluebox   Demonstrated  in India Christy Philip Mathew , an Indian Information Security Instructor and Hacker demonstrated Phone Phreaking  using Bluebox in his lab. This time we have something really special that would remind us the phone phreaking. Actually Phone Phreaking reminds us about the life of Kevin Mitnick, Steve Wozniak and John Drapper, mean the olden times when they used to play around with the bluebox. What is Blue Box : This device is certainly one of the most unique pieces of electronic equipment that I have been able to collect so far. It is essentially a hacking tool disguised to look like a common 1970's Texas Instruments hand held electronic calculator. Basically a real calculator was sacrificed and modified to produce audio frequency signaling tones which allowed the user to freely (and illegally) access the Bell Telephone System long distance network. The origin of the name " blue box " was due to the fact the some of the

Android Video Malware found in Japanese Google Play Store

Android Video Malware found in Japanese Google Play Store
Apr 15, 2012
Android Video Malware found in Japanese Google Play Store A new Trojan has been found, and removed, from the Google Play/Android Market, McAfee reported on Friday afternoon. The post says applications carrying the Trojan promise, and in some cases deliver, trailers for upcoming video games or anime or adult-oriented clips, but they also request "read contact data" and "read phone state and identity" permissions before being downloaded. McAfee Mobile Security detects these threats as Android/DougaLeaker .A, the company said.McAfee said that the fifteen malicious applications of this sort had been found on Google Play, and that all had been removed from the market. The app gathers the Android ID not the IMEI code that can uniquely identify the device, but the 64-bit number that is randomly generated on the device's first boot and remains with it for the life of the device. The app also harvests the phone's phone number and contact list, along with every n

Legacy Native Malware in Angry Birds Space to pwn your Android !

Legacy Native Malware in Angry Birds Space to pwn your Android !
Apr 12, 2012
Legacy Native Malware in Angry Birds Space to pwn your Android A new malware threatens phones and tablets running Google's OS by hiding inside a copy of the popular game. Researchers at the mobile security firm Lookout identified the reworked malware as Legacy Native (LeNa), which poses as a legitimate app to gain unauthorized privileges on Android phones.  Under the appearance of a legitimate application, LeNa tricked users into allowing it access to information. " By employing an exploit, this new variant of LeNa does not depend on user interaction to gain root access to a device. This extends its impact to users of devices not patched against this vulnerability (versions prior to 2.3.4 that do not otherwise have a back-ported patch), " Lookout said in a blog post. In March, another Trojan appeared pretending to be legitimate Chinese game, The Roar of the Pharaoh . The malicious app appeared on the Google Play store, stealing users' data and money by sending S

TigerBot - SMS Controlled Android Malware Stealing Information

TigerBot - SMS Controlled Android Malware Stealing Information
Apr 10, 2012
TigerBot - SMS Controlled Android Malware Stealing Information A new form of Android malware controlled via SMS messages has been discovered and the malware can record phone calls, upload the device's GPS location, and reboot the phone, among other things. Researchers at NQ Mobile, working alongside researchers at North Carolina State University, have discovered this Android malware called "TigerBot", differs from "traditional" malware in that it is controlled via SMS rather than from a command & control (C&C) server on the Internet. A common aspect of Android malware is the use of a command and control server that tells the malware what to do next and acts as a repository for any captured passwords or banking information. The current information about this malware show that it can execute a range of commands including uploading the phone's current location, sending SMS messages, and even recording phone calls. It works by intercepting SMS messages sent to the

Your Facebook credentials at risk on Android - iOS jailbroken devices

Your Facebook credentials at risk on Android - iOS jailbroken devices
Apr 09, 2012
Your Facebook credentials at risk on Android - iOS jailbroken devices Facebook allows its authentication credentials to be stored in plain text within the Apple iOS version of its mobile app, allowing an attacker complete control over your Facebook account if he knows where to look. Security researcher Gareth Wright noted the vulnerability and alerted Facebook. Wright wrote on his blog that he discovered the issue while exploring the application directories in his iPhone with a free tool and came across a Facebook access token in the Draw Something game on his phone. The simple 'hack' allows a user to copy a plain text file off of the device and onto another one. This effectively gives another user access to your account, profile and all on that iOS device. Facebook's native apps for the two platforms not encrypting your login credentials, meaning they can be easily swiped over a USB connection, or more likely, via malicious apps. Facebook has responded that this issue only appl

POC Android botnet - Command and Control Channel over SMS

POC Android botnet - Command and Control Channel over SMS
Apr 02, 2012
POC Android botnet - Command and Control Channel over SMS To avoid detection, this proof-of-concept code utilizes the Short Messaging Service (SMS) as a command & control channel. This adds fault tolerance because, if a smartphone is not available on the GSM network due to being powered off or out of service range, when an SMS message arrives for delivery, the message is queued and delivered by the network. Download the POC code from Here. Compiling instructions are simple and straight forward. Please follow these: Compile with arm-gcc with the -static flag set Copy to anywhere on the underlying OS that is writable (/data/ is good). Rename /dev/smd0/ to /dev/smd0real/ Start the bot application Kill the radio application (ps | grep rild) The radio will automatically respawn and now the bot proxy will be working The PoC code for smartphone botnet C&C over SMS was presented at the Shmoocon held in January 2011. It seems that the author also has it working for the

Android Malware as Beware of Chinese called "The Roar of the Pharaoh"

Android Malware as Beware of Chinese called "The Roar of the Pharaoh"
Apr 01, 2012
Android Malware as Chinese game " The Roar of the Pharaoh " Security researchers have spotted a bogus Chinese game, that's actually a trojan horse gathering sensitive information from infected devices, next to sending premium-rate SMS messages. It is Chinese game that is original with its rights but on Android it is a fake application that inherits malware Trojan to steal important information from your cell phone. The malware works after an unknowing Android handset owner installs the app, allowing the malware to collect data, such as phone number, IMEI number, phone model, screen size and platform, and recording the OS version and platform used for sending via SMS to the Trojan's authors. But it also noted the new Trojan is unusual as it does not ask for any specific permissions during installation, which is often an indicator an application is up to no good.It added the malware masquerades as a service called " GameUpdateService " a very plausible name for a

DKFBootKit - First Android BootKit Malware

DKFBootKit - First Android BootKit Malware
Mar 30, 2012
DKFBootKit - First Android BootKit Malware NQ Mobile Security Research Center has recently uncovered a new malware DKFBootKit. This malware is identified when monitoring and analyzing the evolution of earlier DroidKungFu variants. What sets DKFBootKit apart from malware like DroidDream, is that DKFBootKit replaces certain boot processes and can begin running even before the system is completely booted up. DKFBootKit repackages legitimate apps by enclosing its own malicious payloads in them. However, the victim apps it chooses to infect are utility apps which require the root privilege to work properly. NQ says the malicious code has already infected 1,657 Android devices in the past two weeks and has appeared on at least 50 different mobile apps. These apps seem to have legitimate reasons to request root privilege for their own functionality. It is also reasonable to believe that users will likely grant the root privilege to these apps. DKFBootKit makes use of the granted root p

Mercury v1.0 - Framework for bug hunters to find Android vulnerabilities

Mercury v1.0 - Framework for bug hunters to find Android vulnerabilities
Mar 20, 2012
Mercury v1.0  - Framework for bug hunters to find Android vulnerabilities A free framework for bug hunters to find vulnerabilities, write proof-of-concept exploits and play in Android. Use dynamic analysis on Android applications and devices for quicker security assessments. Share publicly known methods of exploitation on Android and proof-of-concept exploits for applications and devices. The easy extensions interface allows users to write custom modules and exploits for Mercury Replace custom applications and scripts that perform single tasks with a framework that provides many tools. Mercury allows you to: Interact with the 4 IPC endpoints - activities, broadcast receivers, content providers and services Use a proper shell that allows you to play with the underlying Linux OS from the point of view of an unprivileged application (you will be amazed at how much you can still see) Find information on installed packages with optional search filters to allow for better control Buil

Security holes in Android with apps Advertisements

Security holes in Android with apps Advertisements
Mar 19, 2012
Security holes in Android with apps Advertisements Researchers at North Carolina State University have found privacy and security holes in Android apps because of in-application advertisements. They study the popular Android platform and collect 100,000 apps from the official Android Market in March-May, 2011 and Then they identify the possible 52.1% apps using Advertisements and further developa system called AdRisk to systematically identify potentialrisks. They explain that most of the ad libraries collect private information, some ofthem may be used for legitimate targeting purposes (i.e., the user'slocation) while others are hard to justify by invasively collectingthe information such as the user's call logs, phone number, browserbookmarks, or even the list of installed apps on the phone. The researchers wrote in a paper to be presented at the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks in Tucson on April 17th, [ Read Here ] As one host app may
Cybersecurity Resources