The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: mobile hacking

New Mobile Network Vulnerabilities Affect All Cellular Generations Since 2G

New Mobile Network Vulnerabilities Affect All Cellular Generations Since 2G

December 20, 2021Ravie Lakshmanan
Researchers have disclosed security vulnerabilities in handover, a fundamental mechanism that undergirds modern cellular networks, which could be exploited by adversaries to launch denial-of-service (DoS) and man-in-the-middle (MitM) attacks using low-cost equipment. The "vulnerabilities in the handover procedure are not limited to one handover case only but they impact all different handover cases and scenarios that are based on unverified measurement reports and signal strength thresholds," researchers Evangelos Bitsikas and Christina Pöpper from the New York University Abu Dhabi said in a  new paper . "The problem affects all generations since 2G (GSM), remaining unsolved so far." Handover , also known as handoff, is a process in telecommunications in which a phone call or a data session is transferred from one  cell site  (aka base station) to another cell tower without losing connectivity during the transmission. This method is crucial to establishing cellul
Pegasus Spyware Reportedly Hacked iPhones of U.S. State Department and Diplomats

Pegasus Spyware Reportedly Hacked iPhones of U.S. State Department and Diplomats

December 04, 2021Ravie Lakshmanan
Apple reportedly notified several U.S. Embassy and State Department employees that their iPhones may have been targeted by an unknown assailant using state-sponsored spyware created by the controversial Israeli company NSO Group, according to multiple reports from  Reuters  and  The Washington Post . At least 11 U.S. Embassy officials stationed in Uganda or focusing on issues pertaining to the country are said to have  singled out  using iPhones registered to their overseas phone numbers, although the identity of the threat actors behind the intrusions, or the nature of the information sought, remains unknown as yet. The attacks, which were carried out in the last several months, mark the first known time the sophisticated surveillance software has been put to use against U.S. government employees. NSO Group is the maker of Pegasus , military-grade spyware that allows its government clients to stealthily plunder files and photos, eavesdrop on conversations, and track the whereabou
Researchers Warn Iranian Users of Widespread SMS Phishing Campaigns

Researchers Warn Iranian Users of Widespread SMS Phishing Campaigns

December 01, 2021Ravie Lakshmanan
Socially engineered SMS messages are being used to install malware on Android devices as part of a widespread phishing campaign that impersonates the Iranian government and social security services to make away with credit card details and steal funds from victims' bank accounts. Unlike other variants of  banking malware  that bank of overlay attacks to capture sensitive data without the knowledge of the victim, the financially motivated operation uncovered by Check Point Research is designed to trick the targets into handing over their credit card information by sending them a legitimate-looking SMS message that contains a link, which, when clicked, downloads a malware-laced app onto their devices. "The malicious application not only collects the victim's credit card numbers, but also gains access to their 2FA authentication SMS, and turn[s] the victim's device into a bot capable of spreading similar phishing SMS to other potential victims," Check Point resear
Google Warns of New Android 0-Day Vulnerability Under Active Targeted Attacks

Google Warns of New Android 0-Day Vulnerability Under Active Targeted Attacks

November 02, 2021Ravie Lakshmanan
Google has rolled out its monthly security patches for Android with fixes for 39 flaws, including a zero-day vulnerability that it said is being actively exploited in the wild in limited, targeted attacks. Tracked as CVE-2021-1048 , the zero-day bug is described as a  use-after-free vulnerability  in the kernel that can be exploited for local privilege escalation. Use-after-free issues are dangerous as it could enable a threat actor to access or referencing memory after it has been freed, leading to a " write-what-where " condition that results in the execution of arbitrary code to gain control over a victim's system. "There are indications that CVE-2021-1048 may be under limited, targeted exploitation," the company  noted  in its November advisory without revealing technical details of the vulnerability, the nature of the intrusions, and the identities of the attackers that may have abused the flaw. Also remediated in the security patch are two critical re
NYT Journalist Repeatedly Hacked with Pegasus after Reporting on Saudi Arabia

NYT Journalist Repeatedly Hacked with Pegasus after Reporting on Saudi Arabia

October 24, 2021Ravie Lakshmanan
The iPhone of New York Times journalist Ben Hubbard was repeatedly hacked with NSO Group's Pegasus spyware tool over a three-year period stretching between June 2018 to June 2021, resulting in infections twice in July 2020 and June 2021. The University of Toronto's Citizen Lab, which  publicized  the findings on Sunday, said the "targeting took place while he was reporting on Saudi Arabia, and writing a book about Saudi Crown Prince Mohammed bin Salman." The research institute did not attribute the infiltrations to a specific government. In a  statement  shared with Hubbard, the Israeli company denied its involvement in the hacks and dismissed the findings as "speculation," while noting that the journalist was not "a target of Pegasus by any of NSO's customers." To date, NSO Group is believed to have leveraged at least three different iOS exploits — namely an iMessage zero-click exploit in December 2019, a  KISMET  exploit targeting iOS 13
Experts Reveal Over 150 Ways to Steal Control of 58 Android Stalkerware Apps

Experts Reveal Over 150 Ways to Steal Control of 58 Android Stalkerware Apps

May 18, 2021Ravie Lakshmanan
A total of 158 privacy and security issues have been identified in 58 Android stalkware apps from various vendors that could enable a malicious actor to take control of a victim's device, hijack a stalker's account, intercept data, achieve remote code execution, and even frame the victim by uploading fabricated evidence. The new findings, which come from an analysis of 86 stalkerware apps for the Android platform undertaken by Slovak cybersecurity firm ESET, highlight the unintended consequences of a practice that's not only unethical but in the process could also expose private and intimate information of the victims and leave them at risk of cyberattacks and fraud. "Since there could be a close relationship between stalker and victim, the stalker's private information could also be exposed," ESET researcher Lukas Stefanko  said  in a Monday write-up. "During our research, we identified that some stalkerware keeps information about the stalkers using
6 Unpatched Flaws Disclosed in Remote Mouse App for Android and iOS

6 Unpatched Flaws Disclosed in Remote Mouse App for Android and iOS

May 07, 2021Ravie Lakshmanan
As many as six zero-days have been uncovered in an application called Remote Mouse, allowing a remote attacker to achieve full code execution without any user interaction. The unpatched flaws, collectively named ' Mouse Trap, ' were disclosed on Wednesday by security researcher Axel Persinger, who said, "It's clear that this application is very vulnerable and puts users at risk with bad authentication mechanisms, lack of encryption, and poor default configuration." Remote Mouse is a remote control application for Android and iOS that turns mobile phones and tablets into a wireless mouse, keyboard, and trackpad for computers, with support for voice typing, adjusting computer volume, and switching between applications with the help of a Remote Mouse server installed on the machine. The Android app alone has been installed over 10 million times. In a nutshell, the issues, which were identified by analysing the packets sent from the Android app to its Windows ser
New Study Warns of Security Threats Linked to Recycled Phone Numbers

New Study Warns of Security Threats Linked to Recycled Phone Numbers

May 05, 2021Ravie Lakshmanan
A new academic study has highlighted a number of privacy and security pitfalls associated with recycling mobile phone numbers that could be abused to stage a variety of exploits, including account takeovers, conduct phishing and spam attacks, and even prevent victims from signing up for online services. Nearly 66% of the recycled numbers that were sampled were found to be tied to previous owners' online accounts at popular websites, potentially enabling account hijacks by simply recovering the accounts tied to those numbers. "An attacker can cycle through the available numbers shown on online number change interfaces and check if any of them are associated with online accounts of previous owners," the researchers  said . If so, the attacker can then obtain these numbers and reset the password on the accounts, and receive and correctly enter the OTP sent via SMS upon login." The findings are part of an analysis of a sample of 259 phone numbers available to new su
Facebook Busts Palestinian Hackers' Operation Spreading Mobile Spyware

Facebook Busts Palestinian Hackers' Operation Spreading Mobile Spyware

April 21, 2021Ravie Lakshmanan
Facebook on Wednesday said it took steps to dismantle malicious activities perpetrated by two state-sponsored hacking groups operating out of Palestine that abused its platform to distribute malware. The social media giant attributed the attacks to a network connected to the Preventive Security Service ( PSS ), the security apparatus of the State of Palestine, and another threat actor known as Arid Viper (aka Desert Falcon and APT-C-23), the latter of which is alleged to be connected to the cyber arm of Hamas. The two digital espionage campaigns, active in 2019 and 2020, exploited a range of devices and platforms, such as Android, iOS, and Windows, with the PSS cluster primarily targeting domestic audiences in Palestine. The other set of attacks went after users in the Palestinian territories and Syria and, to a lesser extent Turkey, Iraq, Lebanon, and Libya. Both the groups appear to have leveraged the platform as a springboard to launch a variety of social engineering attacks in
New WhatsApp Bugs Could've Let Attackers Hack Your Phone Remotely

New WhatsApp Bugs Could've Let Attackers Hack Your Phone Remotely

April 14, 2021Ravie Lakshmanan
Facebook-owned WhatsApp recently addressed two security vulnerabilities in its messaging app for Android that could have been exploited to execute malicious code remotely on the device and even exfiltrate sensitive information. The flaws take aim at devices running Android versions up to and including Android 9 by carrying out what's known as a "man-in-the-disk" attack that makes it possible for adversaries to compromise an app by manipulating certain data being exchanged between it and the external storage. "The two aforementioned WhatsApp vulnerabilities would have made it possible for attackers to remotely collect TLS cryptographic material for TLS 1.3 and TLS 1.2 sessions," researchers from Census Labs  said  today.  "With the TLS secrets at hand, we will demonstrate how a man-in-the-middle (MitM) attack can lead to the compromise of WhatsApp communications, to remote code execution on the victim device and to the extraction of Noise protocol keys u
New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks

New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks

March 26, 2021Ravie Lakshmanan
New research into  5G architecture  has uncovered a security flaw in its network slicing and virtualized network functions that could be exploited to allow data access and denial of service attacks between different network slices on a mobile operator's 5G network. AdaptiveMobile shared its findings with the GSM Association (GSMA) on February 4, 2021, following which the weaknesses were collectively designated as CVD-2021-0047. 5G is an evolution of current 4G broadband cellular network technology, and is based on what's called a service-based architecture (SBA) that provides a modular framework to deploy a set of interconnected network functions, allowing consumers to discover and authorize their access to a plethora of services. The network functions are also responsible for registering subscribers, managing sessions and subscriber profiles, storing subscriber data, and connecting the users (UE or user equipment) to the internet via a base station (gNB). What's more,
FinSpy Spyware for Mac and Linux OS Targets Egyptian Organisations

FinSpy Spyware for Mac and Linux OS Targets Egyptian Organisations

September 25, 2020Mohit Kumar
Amnesty International today exposed details of a new surveillance campaign that targeted Egyptian civil society organizations with previously undisclosed versions of FinSpy spyware designed to target Linux and macOS systems. Developed by a German company , FinSpy is extremely powerful spying software that is being sold as a legal law enforcement tool to governments around the world but has also been found in use by oppressive and dubious regimes to spy on activists. FinSpy, also known as FinFisher, can target both desktop and mobile operating systems, including Android, iOS, Windows, macOS, and Linux, to gain spying capabilities, including secretly turning on their webcams and microphones, recording everything the victim types on the keyboard, intercepting calls, and exfiltration of data. According to the human rights organization Amnesty International , the newly discovered campaign is not linked to 'NilePhish,' a hacking group known for attacking Egyptian NGOs in a ser
New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices

New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices

September 10, 2020Mohit Kumar
Bluetooth SIG—an organization that oversees the development of Bluetooth standards—today issued a statement informing users and vendors of a newly reported unpatched vulnerability that potentially affects hundreds of millions of devices worldwide. Discovered independently by two separate teams of academic researchers, the flaw resides in the Cross-Transport Key Derivation (CTKD) of devices supporting both — Basic Rate/Enhanced Data Rate (BR/EDR) and Bluetooth Low Energy (BLE) standard. Cross-Transport Key Derivation (CTKD) is a Bluetooth component responsible for negotiating the authenticate keys when pairing two Bluetooth devices together, also known as "dual-mode" devices. Dubbed 'BLURtooth' and tracked as CVE-2020-15802 , the flaw exposes devices powered with Bluetooth 4.0 or 5.0 technology, allowing attackers to unauthorizedly connect to a targeted nearby device by overwriting the authenticated key or reducing the encryption key strength. "Dual-mod
New Attack Lets Hackers Decrypt VoLTE Encryption to Spy on Phone Calls

New Attack Lets Hackers Decrypt VoLTE Encryption to Spy on Phone Calls

August 13, 2020Swati Khandelwal
A team of academic researchers—who previously made the headlines earlier this year for uncovering severe security issues in the 4G LTE and 5G networks —today presented a new attack called ' ReVoLTE ,' that could let remote attackers break the encryption used by VoLTE voice calls and spy on targeted phone calls. The attack doesn't exploit any flaw in the Voice over LTE (VoLTE) protocol; instead, it leverages weak implementation of the LTE mobile network by most telecommunication providers in practice, allowing an attacker to eavesdrop on the encrypted phone calls made by targeted victims. VoLTE or Voice over Long Term Evolution protocol is a standard high-speed wireless communication for mobile phones and data terminals, including Internet of things (IoT) devices and wearables, deploying 4G LTE radio access technology. The crux of the problem is that most mobile operators often use the same keystream for two subsequent calls within one radio connection to encrypt th
Dozens of Android Apps for Kids on Google Play Store Caught in Ad Fraud Scheme

Dozens of Android Apps for Kids on Google Play Store Caught in Ad Fraud Scheme

March 24, 2020Ravie Lakshmanan
More than 50 Android apps on the Google Play Store—most of which were designed for kids and had racked up almost 1 million downloads between them—have been caught using a new trick to secretly click on ads without the knowledge of smartphone users. Dubbed " Tekya ," the malware in the apps imitated users' actions to click ads from advertising networks such as Google's AdMob, AppLovin', Facebook, and Unity, cybersecurity firm Check Point Research noted in a report shared with The Hacker News. "Twenty four of the infected apps were aimed at children (ranging from puzzles to racing games), with the rest being utility apps (such as cooking apps, calculators, downloaders, translators, and so on)," the researchers said. While the offending apps have been removed from Google Play, the find by Check Point Research is the latest in an avalanche of ad fraud schemes that have plagued the app storefront in recent years, with malware posing as optimizer an
New Flaws in Qualcomm Chips Expose Millions of Android Devices to Hacking

New Flaws in Qualcomm Chips Expose Millions of Android Devices to Hacking

August 06, 2019Mohit Kumar
A series of critical vulnerabilities have been discovered in Qualcomm chipsets that could allow hackers to compromise Android devices remotely just by sending malicious packets over-the-air with no user interaction. Discovered by security researchers from Tencent's Blade team, the vulnerabilities, collectively known as QualPwn , reside in the WLAN and modem firmware of Qualcomm chipsets that powers hundreds of millions of Android smartphones and tablets. According to researchers, there are primarily two critical vulnerabilities in Qualcomm chipsets and one in the Qualcomm's Linux kernel driver for Android which if chained together could allow attackers to take complete control over targeted Android devices within their Wi-Fi range. "One of the vulnerabilities allows attackers to compromise the WLAN and Modem over-the-air. The other allows attackers to compromise the Android Kernel from the WLAN chip. The full exploit chain allows attackers to compromise the Andr
Hackers Can Manipulate Media Files You Receive Via WhatsApp and Telegram

Hackers Can Manipulate Media Files You Receive Via WhatsApp and Telegram

July 16, 2019Mohit Kumar
If you think that the media files you receive on your end-to-end encrypted secure messaging apps can not be tampered with, you need to think again. Security researchers at Symantec yesterday demonstrated multiple interesting attack scenarios against WhatsApp and Telegram Android apps, which could allow malicious actors to spread fake news or scam users into sending payments to wrong accounts. Dubbed " Media File Jacking ," the attack leverages an already known fact that any app installed on a device can access and rewrite files saved in the external storage, including files saved by other apps installed on the same device. WhatsApp and Telegram allow users to choose if they want to save all incoming multimedia files on internal or external storage of their device. However, WhatsApp for Android by default automatically stores media files in the external storage, while Telegram for Android uses internal storage to store users files that are not accessible to any othe
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.