#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

mobile hacking | Breaking Cybersecurity News | The Hacker News

Insecure Apps that Open Ports Leave Millions of Smartphones at Risk of Hacking

Insecure Apps that Open Ports Leave Millions of Smartphones at Risk of Hacking

Apr 29, 2017
A team of researchers from the University of Michigan discovered that hundreds of applications in Google Play Store have a security hole that could potentially allow hackers to steal data from and even implant malware on millions of Android smartphones. The University of Michigan team says that the actual issue lies within apps that create open ports — a known problem with computers — on smartphones. So, this issue has nothing to do with your device's operating system or the handset; instead, the origin of this so-called backdoor is due to insecure coding practices by various app developers. The team used its custom tool to scan over 100,000 Android applications and found 410 potentially vulnerable applications — many of which have been downloaded between 10 and 50 Million times and at least one app comes pre-installed on Android smartphones. Here I need you to stop and first let's understand exactly what ports do and what are the related threats. Ports can be eit
Phone-Hacking Firm Cellebrite Got Hacked; 900GB Of Data Stolen

Phone-Hacking Firm Cellebrite Got Hacked; 900GB Of Data Stolen

Jan 12, 2017
The company that sells digital forensics and mobile hacking tools to others has itself been hacked. Israeli firm Cellebrite , the popular company that provides digital forensics tools and software to help law enforcement access mobile phones in investigations, has had 900 GB of its data stolen by an unknown hacker. But the hacker has not yet publicly released anything from the stolen data archive, which includes its customer information, user databases, and a massive amount of technical data regarding its hacking tools and products. Instead, attackers are looking for possible opportunities to sell the access to Cellebrite system and data on a few selected IRC chat rooms, the hacker told Joseph Cox, contributor at Motherboard , who was contacted by the hacker and received a copy of the stolen data. Meanwhile, Cellebrite also admitted that it recently experienced "unauthorized access to an external web server," and said that it is "conducting an investigation
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
More Firmware Backdoor Found In Cheap Android Phones

More Firmware Backdoor Found In Cheap Android Phones

Dec 13, 2016
Here's some bad news for Android users again. Certain low-cost Android smartphones and tablets are shipped with malicious firmware, which covertly gathers data about the infected devices, displays advertisements on top of running applications and downloads unwanted APK files on the victim's devices. Security researchers from Russian antivirus vendor Dr.Web have discovered two types of downloader Trojans that have been incorporated in the firmware of a large number of popular Android devices operating on the MediaTek platform, which are mostly marketed in Russia. The Trojans, detected as Android.DownLoader.473.origin and Android.Sprovider.7 , are capable of collecting data about the infected devices, contacting their command-and-control servers, automatically updating themselves, covertly downloading and installing other apps based on the instructions it receives from their server, and running each time the device is restarted or turned on. The list of Android devic
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Hacking Firmware from Mobile Phone Hacking Company Leaked Online

Hacking Firmware from Mobile Phone Hacking Company Leaked Online

Oct 26, 2016
The Israeli firm Cellebrite , which provides digital forensics tools and software to help law enforcement access mobile phones in investigations, has had its firmware and software leaked online. Yes, you heard that right. Cellebrite's most sensitive in-house capabilities have been made public by one of its products' resellers, who is now distributing copies of Cellebrite's firmware and software for anyone to download. The apparent reseller is McSira Professional Solutions , which hosts software for various versions of Cellebrite's Universal Forensic Extraction Device (UFED). UFED is one of the company's key products that help investigators bypass the security mechanisms of mobile phones, especially iPhones, and extract all data and passwords from them. For the Cellebrite's hand on iOS devices, you can watch the 2015 YouTube video (below), which demonstrates one of the company's products that unlocked the iPhone device in few hours. Download  L
Tonight Mr. Robot is Going to Reveal ‘Dream Device For Hackers’

Tonight Mr. Robot is Going to Reveal 'Dream Device For Hackers'

Sep 01, 2016
Mr. Robot is the rare show that provides a realistic depiction of hacks and vulnerabilities that are at the forefront of cyber security. This is the reason it's been the most popular TV show of its kind. Throughout season 1 and season 2, we have seen that connected devices are the entry point of choice of Elliot and fsociety to breach networks and traditional security controls. Pwn Phone On Mr. Robot Show In this week's episode, Elliot uses a Pwnie Express Pwn Phone, which he describes as " a dream device for pentester ," to run a custom script he has written to take over someone else's phone. Security pros have long know about the Pwn Phone as a powerful mobile platform for penetration testing and security assessments, so it is not surprising to see it on Mr. Robot. The coolest part is that Pwnie Express is giving away a Pwn Phone , just like the one used in the show. The Pwn Phone is a mobile pentesting device that makes it incredibly easy to evaluate wired, wirel
Google has also been Ordered to Unlock 9 Android Phones

Google has also been Ordered to Unlock 9 Android Phones

Mar 30, 2016
The legal battle between Apple and the FBI (Federal Bureau of Investigation) over a locked iPhone that belonged to one of the San Bernardino shooters may be over, but the Department of Justice (DoJ) are back in front of a judge with a similar request. The American Civil Liberties Union (ACLU) has discovered publicly available court documents that revealed the government has asked Google's assistance to help the Feds hack into at least nine locked Android smartphones citing the All Writs Act . Yes, Apple is not the only company facing government requests over privacy and security — Google is also in the list. The Google court documents released by the ACLU show that many federal agencies have been using the All Writs Act – the same ancient law the DoJ was invoking in the San Bernardino case to compel Apple to help the FBI in the terrorist investigation. Additionally, the ACLU also released 54 court cases in which the federal authorities asked Apple for assistance to help t
Today NSA has Stopped its Bulk Phone Surveillance Program

Today NSA has Stopped its Bulk Phone Surveillance Program

Nov 30, 2015
Rejoice! From this morning, you can call freely to anyone, talk anything without any fear of being spied by the United States National Security Agency (NSA), as the agency is not allowed to collect bulk phone records . Until now we all are aware of the NSA's bulk phone surveillance program – thanks to former NSA employee Edward Snowden , who leaked the very first top secret documents of the agency in 2013. However, more than two years later of the first revelation, that bulk phone surveillance program has finally come to an end. End of Bulk Phone Surveillance Program The White House announced Friday evening on the intelligence community's official Tumblr that the NSA will officially be shutting down its bulk phone surveillance program by Sunday, November 29. Under this program, the US intelligence agency collected only the " metadata " that reveals data related to the called phone numbers (i.e. which numbers are calling and what time they
Backdoor in Baidu Android SDK Puts 100 Million Devices at Risk

Backdoor in Baidu Android SDK Puts 100 Million Devices at Risk

Nov 03, 2015
The China's Google-like Search Engine Baidu is offering a software development kit (SDK) that contains functionality that can be abused to give backdoor-like access to a user's device, potentially exposing around 100 Million Android users to malicious hackers . The SDK in question is Moplus , which may not be directly available to the public but has already made its way into more than 14,000 Android apps, of which around 4,000 are actually created by Baidu. Overall, more than 100 Million Android users, who have downloaded these apps on their smartphones, are in danger. Security researchers from Trend Micro have discovered a vulnerability in the Moplus SDK, called Wormhole , that allows attackers to launch an unsecured and unauthenticated HTTP server connection on affected devices, which works silently in the background, without the user's knowledge. Also Read:   More than 26 Android Phone Models Shipped with Pre-Installed Spyware This unsecured serv
Stagefright Bug 2.0 — One Billion Android SmartPhones Vulnerable to Hacking

Stagefright Bug 2.0 — One Billion Android SmartPhones Vulnerable to Hacking

Oct 01, 2015
Attention Android users! More than 1 Billion Android devices are vulnerable to hackers once again – Thanks to newly disclosed two new Android Stagefright vulnerabilities . Yes, Android Stagefright bug is Back… …and this time, the flaw allows an attacker to hack Android smartphones just by tricking users into visiting a website that contains a malicious multimedia file, either MP3 or MP4. In July, Joshua Drake, a Security researcher at Zimperium revealed the first Stagefright bug that allowed hackers to hijack Android smartphones with just a simple text message ( exploit code ). How Stagefright Bug 2.0 Works Both newly discovered vulnerabilities ( CVE-2015-6602 and CVE-2015-3876 ) also reside in the Android Media Playback Engine called ' Stagefright ' and affects all Android OS version from 1 to latest release 5.1.1. Reportedly, merely previewing a maliciously crafted song or video file would execute the Stagefright Bug 2.0 exploit , allowing h
iOS Sandbox Vulnerability Puts Enterprise Data at Risk

iOS Sandbox Vulnerability Puts Enterprise Data at Risk

Aug 26, 2015
" Change is the only constant thing ," as it is known could be now modified as " Change is the only constant thing* ," where the * means Terms and conditions apply ! A change ( Mobile Device Management solutions-MDM , Bring Your Own Device-BYOD ) was brought to the organizations, (which later became necessities) for smooth workflow and management of an organization; where resides mobile and other computing devices in masses. The devices, as well as the MDM solutions, are at risk , as reported. Security researchers at Appthority Mobile Threat Team, have found a vulnerability in the sandbox app within the Apple's iOS versions prior to 8.4.1, which makes the configuration settings of managed applications to be openly accessed by anyone. QuickSand – Loophole in Sandbox The vulnerability is assigned CVE-2015-5749 and is named as ' QuickSand ' because of the loophole being present in the Sandbox. Mobile Device Management (MDM) refe
Samsung Flaw Lets Hacker Easily Take Control of Your Galaxy Mobile Remotely

Samsung Flaw Lets Hacker Easily Take Control of Your Galaxy Mobile Remotely

Jun 19, 2015
More than 600 Million users of Samsung Galaxy smartphones, including the newly released Galaxy S6, are potentially vulnerable to a software bug that allows hackers to secretly monitor the phone's camera and microphone, read text messages and install malicious apps. The vulnerability is due to a problem with the Samsung built-in keyboard app that enables easier predictive text. One of the keyboard app version, SwiftKey IME , that comes prepackaged with Samsung's latest Galaxy smartphones could allow a malicious hacker to remotely execute code on user's phone even when if they are not using the keyboard app. Users cannot get rid of this Flaw The app cannot be uninstalled or disabled by the users of the Samsung smartphone devices, so it is up to Samsung to fix the critical bug. The vulnerability was discovered by NowSecure mobile security researcher Ryan Welton, who notified Samsung about the bug in December last year. The keyboard app periodic
Espionage Campaign targets iOS devices with Malware apps

Espionage Campaign targets iOS devices with Malware apps

Feb 05, 2015
A malware campaign has been found targeting iOS devices linked to a wide range of entities, including European defense organizations, governments, and media sectors with dangerous espionage spyware capable of breaching non-jailbroken devices, a recent report claims. The spyware campaign, dubbed " Operation Pawn Storm " by security experts, was first detected on Windows computers late last year, but has now made its way to iOS devices , a report by security researchers at TrendLabs noted. The researchers linked the campaign to the Russian government. XAGENT SPYWARE APP One of the two spywares used in the campaign is actually an application, the firm dubbed the app XAgent, that attempts to install and run on iOS devices. " The XAgent app is fully functional malware ," the researchers noted . " The exact methods of installing these malware is unknown; however, we do know that the iOS device doesn't have to be jailbroken ... We have seen one in
AirHopper — Hacking Into an Isolated Computer Using FM Radio Signals

AirHopper — Hacking Into an Isolated Computer Using FM Radio Signals

Nov 01, 2014
In order to secure sensitive information such as Finance, many companies and government agencies generally use totally secure computer systems by making sure it aren't connected to any network at all. But the most secure systems aren't safe anymore. Security researchers at the Cyber Security Labs at Ben Gurion University in Israel have found a way to snoop on a personal computer even with no network connection. STEALING DATA USING RADIO SIGNALS Researchers have developed a proof-of-concept malware that can infiltrate a closed network to lift data from a machine that has been kept completely isolated from the internet or any Wi-Fi connection by using little more than a mobile phone's FM radio signals. Researcher Mordechai Guri , along with Professor Yuval Elovici of Ben Gurion University, presented the research on Thursday in the 9th IEEE International Conference on Malicious and Unwanted Software ( MALCON 2014 ) held at Denver. This new technology is kno
Xiaomi Phones Secretly Sending Users' Sensitive Data to Chinese Servers

Xiaomi Phones Secretly Sending Users' Sensitive Data to Chinese Servers

Aug 10, 2014
Chinese telecoms equipment suppliers have previously been criticized by some countries due to suspected backdoors in its products, and if United States has banned its several major government departments, including NASA, Justice and Commerce Departments, from purchasing Chinese products and computer technology, then they are not wrong at all. In the latest claim against Chinese smartphone manufacturers is the allegation that the popular Chinese smartphone brand, Xiaomi has been suspected of "secretly" stealing users' information — including SMS messages and photos —from the device without the user's permissions and sending it back to a server in Beijing, despite of turning off the data backup functions, according to Apple Insider . Security Researchers from  F-Secure Antivirus firm  has shown that the Xiaomi phones (RedMi 1S handset) send quite a lot of personal and sensitive data to " api.account.xiaomi.com "  server located in China, including following information
Android Vulnerability Allows Applications to Make Unauthorized Calls without Permissions

Android Vulnerability Allows Applications to Make Unauthorized Calls without Permissions

Jul 08, 2014
A major vulnerability believed to be present in most versions of Android can allow a malicious Android applications on the Android app store to make phone calls on a user's device, even when they lack the necessary permissions. The critical vulnerability was identified and reported to Google Inc. late last year by researchers from German security firm Curesec. The researchers believe the virus was first noticed in Android version 4.1, also known as " Jelly Bean ." APPS CAN MAKE CALLS FROM YOUR PHONE " This bug can be abused by a malicious application. Take a simple game which is coming with this code. The game won't ask you for extra permissions to do a phone call to a toll number – but it is able to do it ," Curesec's CEO Marco Lux and researcher Pedro Umbelino said Friday in a blog post. " This is normally not possible without giving the app this special permission. " By leveraging these vulnerabilities, malicious applications could initiate unauthorized phone call
Facebook SDK Vulnerability Puts Millions of Smartphone Users' Accounts at Risk

Facebook SDK Vulnerability Puts Millions of Smartphone Users' Accounts at Risk

Jul 03, 2014
Security researchers from MetaIntell, the leader in intelligent led Mobile Risk Management (MRM), have discovered a major security vulnerability in the latest version of Facebook SDK that put millions of Facebook user's Authentication Tokens at risk. Facebook SDK for Android and iOS is the easiest way to integrate mobile apps with Facebook platform, which provides support for Login with Facebook authentication, reading and writing to Facebook APIs and many more. Facebook OAuth authentication or ' Login as Facebook ' mechanism is a personalized and secure way for users to sign into 3rd party apps without sharing their passwords. After the user approves the permissions as requested by the application, the Facebook SDK implements the OAuth 2.0 User-Agent flow to retrieve the secret user's access token required by the apps to call Facebook APIs to read, modify or write user's Facebook data on their behalf. ACCESSING UNENCRYPTED ACCESS TOKEN It is important that
Backdoor found in Samsung Galaxy Devices, allows Hackers to remotely access/modify Data

Backdoor found in Samsung Galaxy Devices, allows Hackers to remotely access/modify Data

Mar 13, 2014
Google's Android operating system may be open source, but the version of Android that runs on most phones, tablets, and other devices includes proprietary, closed-source components. Phone makers, including Samsung ships its Smartphones with a modified version of Android, with some pre-installed proprietary software and because of lack in independent code review of those closed-source apps, it is complex to authenticate its integrity and to identify the existence of backdoors . Paul Kocialkowski , the developers of the  Replicant OS  has uncovered a backdoor pre-installed on Samsung Galaxy devices and the Nexus S, that provides remote access to all the data in the device. Replicant OS is an open source operating system based on the Android mobile platform, which aims to replace all proprietary Android components with their free software counterparts. In a blog post , He explained that Samrtphones come with two separate processors, one for general-purpose application
iOS vulnerability allows to disable 'Find My iPhone' without password

iOS vulnerability allows to disable 'Find My iPhone' without password

Feb 09, 2014
Smartphone manufacturers are adding ways for owners to track and manage their phones if they ever get lost or stolen. Find My iPhone is a service that comes with every iOS device that allows you to track your iPhone, whether it was lost or stolen. Normally, the iPhone requires a password if you want to deactivate " Find My iPhone ", but it isn't entirely perfect and thieves are now smart enough to disable ' Find My iPhone ' on devices running iOS 7.0.4 and lower version, without having to enter a password. The exploit was discovered and demonstrated security researcher ' Bradley Williams ' and performing a successful bypass means you won't be able to locate, make sound and wipe out. The vulnerability could put the devices at risk, and the exploitation method involves a few simple steps that involve making changes in the iCloud settings, even if they don't know the password. Steps to hack 'Find My iPhone': Navigate to iCloud in the settin
Cybersecurity Resources