smartphone hacking | Breaking Cybersecurity News | The Hacker News

Hardly two month ago we reported about the first widely spread Android Bootkit malware , dubbed as ' Oldboot.A ', which infected more than 500,000 Smartphone users worldwide with Android operating system in last eight months, especially in China. Oldboot is a piece of Android malware that's designed to re-infect Mobile devices even after a thorough cleanup. It resides in the memory of infected devices;  It modify the devices' boot partition and booting script file to launch system service and extract malicious application during the early stage of system's booting. Yet another alarming report about Oldboot malware has been released by the Chinese Security Researchers from ' 360 Mobile Security '. They have discovered a new variant of the Oldboot family, dubbed as ' Oldboot.B ', designed exactly as Oldboot.A, but new variant has advance stealth techniques. Especially, the defense against with antivirus software, malware analyzer, and automatic a

The use of unmanned aerial vehicles (UAVS) called Drones is rapidly transforming the way we go to war. Drones were once used for land surveillance, Delivering Pizza's, then equipped with bombs that  changed the way nations conduct war and  now these hovering drones are ready to hack your Smartphones. London-based Sensepoint security researchers have developed a drone called ' Snoopy ' that can intercept data from your Smartphones using spoofed wireless networks, CNN Money reported. The Drone will search for WiFi enabled devices and then using its built-in technology, it will see what networks the phones have accessed in the past and pretends to be one of those old network connections. Spoofing WiFi networks that device has already accessed allows Snoopy Drone to connect with targeted Smartphone without authentication or interaction. In technical terms, The Drone will use ' Wireless Evil Twin Attack ' to hack Smartphones. Once connected, Snoopy

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Google's Android operating system may be open source, but the version of Android that runs on most phones, tablets, and other devices includes proprietary, closed-source components. Phone makers, including Samsung ships its Smartphones with a modified version of Android, with some pre-installed proprietary software and because of lack in independent code review of those closed-source apps, it is complex to authenticate its integrity and to identify the existence of backdoors . Paul Kocialkowski , the developers of the  Replicant OS  has uncovered a backdoor pre-installed on Samsung Galaxy devices and the Nexus S, that provides remote access to all the data in the device. Replicant OS is an open source operating system based on the Android mobile platform, which aims to replace all proprietary Android components with their free software counterparts. In a blog post , He explained that Samrtphones come with two separate processors, one for general-purpose application

Smartphones are always ready to connect to the Internet and contains sensitive information such as Contacts, SMS, Photos, and GPS information and this sensitive information is always in danger of leakage. According to a report, Cyber criminals and state-sponsored hackers are developing 55,000 new malware variants, each and every day; and many of them try to elevate privileges for unfettered control of the user device. North Carolina State University Researchers have developed a new software, called Practical Root Exploit Containment ( PREC ) , with the sole purpose of detecting mobile malware that attempts to run Root exploits in Android devices. Root exploits take control of system administration functions of the operating system that gives the hacker an unrestricted control of user's Smartphone. That means, an application has not permission to read your messages or contacts or the GPS location, but after getting root access it will be able to steal any data from your d

Snapchat , a Smartphone application that lets users share snapshots with friends is catching fire among teenagers. It was first hacked in December when 4.6 million Snapchat users were exposed in a database breach. Later, the denial-of-service attack and CAPTCHA Security bypass were discovered by other researchers within last two-three weeks. Snapchat has no Vulnerability Reward Program, but still many penetration testers are working hard and free of cost to make the application more secure by disclosing flaws. Interestingly, this is not the end of vulnerabilities, Mohamed Ramadan , a security researcher with Attack-Secure from Egypt, has spotted a new vulnerability on Snapchat that allow an attacker to brute-force login credentials of the users. Brute-force is a process of trying multiple passwords against a username until you get a correct password. " This vulnerability allows anyone who knows your SnapChat email to brute force your account's password without any

Smartphone manufacturers are adding ways for owners to track and manage their phones if they ever get lost or stolen. Find My iPhone is a service that comes with every iOS device that allows you to track your iPhone, whether it was lost or stolen. Normally, the iPhone requires a password if you want to deactivate " Find My iPhone ", but it isn't entirely perfect and thieves are now smart enough to disable ' Find My iPhone ' on devices running iOS 7.0.4 and lower version, without having to enter a password. The exploit was discovered and demonstrated security researcher ' Bradley Williams ' and performing a successful bypass means you won't be able to locate, make sound and wipe out. The vulnerability could put the devices at risk, and the exploitation method involves a few simple steps that involve making changes in the iCloud settings, even if they don't know the password. Steps to hack 'Find My iPhone': Navigate to iCloud in the settin

In the era of Smartphones, Apple's iPhone is the most popular device that exists, which itself gives the reason to target it. According to leaked documents shared by Security researcher  Jacob Appelbaum , a secret NSA program code named DROPOUTJEEP has nearly total access to the Apple's iPhones, which uses " modular mission applications to provide specific SIGINT functionality. " While giving the presentation at the Chaos Communications Congress (30C3) in Hamburg, Germany on Monday, Appelbaum revealed that NSA reportedly sniffing out every last bit of data from your iPhone. DROPOUTJEEP is a software implant for the Apple iPhone that utilizes modular mission applications to provide specific SIGINT functionality. This functionality includes the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, hot mic, camera capture, cell tower location, etc. Command, control and data exfiltration can occur over SMS messaging or a GPRS

Firefox OS is a mobile operating system based on Linux and Mozilla 's Gecko technology, whose environment is dedicated to apps created with just HTML, CSS, and JavaScript. After almost two years of development, a few months back Mozilla officially launched their Firefox OS devices in stores and now the first Malware for the brand new platform is available. Shantanu Gawde , 17-years-old, an Independent Security Researcher is going to demonstrate the very first known malware for Firefox OS at the upcoming Information Security Summit - The Ground Zero (G0S) 2013, to be held on November 7th - 10th, 2013 at The Ashok, New Delhi. Firefox OS is different - Every app in Firefox OS including the Camera and the Dialer is a web app, i.e. a website in the form of an app. Simple! Mozilla has developed Web APIs so that HTML5 apps can communicate with the device's hardware and Shantanu has used the same APIs intentionally to exploit the device for malicious purpose. Basically,

Researchers at the University of Alabama at Birmingham (UAB) presented the research that it is possible to trigger malware hidden in mobile devices using music, lighting, or vibration. In a research paper titled " Sensing-Enabled Channels for Hard-to-Detect Command and Control of Mobile Devices ", the researchers reported that they triggered malware hidden in mobile devices using music from 17 meters away in a crowded hallway. Malware once activated would carry out programmed attacks either by itself or as part of a wider botnet of mobile devices. Presenting their findings at a conference earlier this month, the researchers explained how sensors in ubiquitous mobile devices have opened the door to a new generation of mobile malware that unsuspecting users unwittingly downloaded onto their devices. Since the trigger needs to be relatively close to the smartphone to active any hidden malware, any threats would be limited to the local environment. " We showed that these sensory channe

More than 50 millions of Smartphone users worldwide are facing a risk posed by a critical flaw in Viber app. The security company Bkav announced that it has found a way to gain full access to Android phones using the popular Viber messaging app. Unlike the Samsung lockscreen issue we reported on earlier, this attack doesn't take any fancy finger work. Instead, all it needs is two phones, both running Viber, and a phone number. " The way Viber handles to popup its messages on smartphones' lock screen is unusual, resulting in its failure to control programming logic, causing the flaw to appear, " said Mr. Nguyen Minh Duc, Director of Bkav's Security Division. Steps to exploit: Send Viber message to victim Combine actions on Viber message popups with tricks like using victim's notification bar, sending other Viber messages, etc. to make Viber keyboard appear Once Viber keyboard has appeared, to fully access the device, create misse

It appears as if another malware scare has come to Android . Lookout Security said on Friday that it has discovered a new family of malware called BadNews .  Malware that avoided detection and made its way onto the Google Play store has been downloaded around 9 million times by users from all over the world. The company uncovered the malware in 32 applications listed by four different developer accounts on Google Play. Google was notified and the company removed the affected apps and killed the developer accounts associated with them. In their report, firm describes the malware: " BadNews masquerades as an innocent, if somewhat aggressive advertising network. This is one of the first times that we've seen a malicious distribution network clearly posing as an ad network. Because it's challenging to get malicious bad code into Google play, the authors of Badnews created a malicious advertising network, as a front, that would push malware out to infected devices

After a series of security issues, it appears that Apple still has not been able to resolve all the issue in iOS . Last week, Apple rolled out its iOS 6.1.2 update to owners of the iPhone, iPad and iPod touch in an effort to fixing the 3G connectivity and an Exchange calendar bugs. Hackers found an iOS 6 bug two weeks ago that allowed thieves into your phone, but only the Phone app and the features contained within could be accessed. Just after that, recently another screen lock bypass vulnerability  reported  in iOS 6.1 by Vulnerability Lab . This vulnerability allows users to bypass the lock screen pass code and access the phones photos and contacts. Researchers say the vulnerable device can be plugged into a computer via USB and access data like voice mails, pictures, contacts, etc.  This particular vulnerability was shared in detail over in a YouTube video for the masses, you can see the video tutorial as shown below: Steps to Follow: Connect your device

Apple has faced a number challenges over the last year related to software errors and flaws on its flagship iPhone. According to a latest video posted on YouTube  iPhone and iPad users running the latest iOS 6.1 platform can bypass the lock screen, even when a password is set. Basically, he found that by attempting and canceling an emergency call on the iPhone, holding the lock button and then taking a screenshot took him past the stage where he should have had to enter a password to access the phone. The flaw is relatively easy to exploit and this lets you bypass the security code and use the full Phone app. From there you have access to the address book, and the pictures app by trying to change a contacts picture. Apple promised to fix the iOS 6.1 iOS Exchange bug in a forthcoming software update so perhaps they'll fix this annoying glitch as well. Steps to follow: First part: -Go to emergency call, push down the power button and tap cancel. -Dial 112 and tap gre