Search results for hack screen app | Breaking Cybersecurity News | The Hacker News

Yet another Apple vulnerability has been exposed by security researchers, that can be exploited to track your finger's every action on iOS Devices i.e. iPhone , iPad etc. The exploit reportedly targets a flaw in iOS multitasking capabilities to capture user inputs, according to Security researchers at  FireEye . They found a way to bypass the Apple's app review process effectively and created a proof-of-concept Monitoring app for non-jailbroken iOS 7.0.x devices. The " monitoring " app, that runs in the background of the iPhone is a Keylogger Trojan which could allow hackers to monitor user's activities on the mobile device, including - touches on the screen, home button press, volume button press and TouchID press , and send all collected events to any remote server. According to researchers, their proof-of-concept app works on versions 7.0.4, 7.0.5, 7.0.6, and 6.1.x. " Based on the findings, potential attackers can either use phishing to mislead the vi...

A group of security researchers has successfully discovered a method to hack into six out of seven popular Smartphone apps, including Gmail across all the three platforms - Android , Windows, and iOS operating systems - with shockingly high success rate of up to 92 percent. Computer scientists the University of California Riverside Bourns College of Engineering and the University of Michigan have identified a new weakness they believe to exist in Android, Windows, and iOS platforms that could allow possibly be used by hackers to obtain users' personal information using malicious apps. The team of researchers - Zhiyun Qian , of the University of California, Riverside, and Z. Morley Mao and Qi Alfred Chen from the University of Michigan - will present its paper, " Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks " ( PDF ), at the USENIX Security Symposium in San Diego on August 23. The paper detailed a new type of ...

Researchers have discovered a new attack, dubbed 'Cloak and Dagger', that works against all versions of Android, up to version 7.1.2. Cloak and Dagger attack allows hackers to silently take full control of your device and steal private data, including keystrokes, chats, device PIN, online account passwords, OTP passcode, and contacts. What's interesting about Cloak and Dagger attack? The attack doesn't exploit any vulnerability in Android ecosystem; instead, it abuses a pair of legitimate app permissions that is being widely used in popular applications to access certain features on an Android device. Researchers at Georgia Institute of Technology have discovered this attack, who successfully performed it on 20 people and none of them were able to detect any malicious activity. Cloak and Dagger attacks utilise two basic Android permissions: SYSTEM_ALERT_WINDOW ("draw on top") BIND_ACCESSIBILITY_SERVICE ("a11y") The first permissi...

Your device's lock screen PIN is believed to keep your phone's contents safe from others, but sadly not from a new piece of ransomware that is capable of hijacking safety of your Android devices . A group of security researchers has uncovered what is believed to be the first real example of malware that is capable to reset the PIN code on a device and permanently lock the owner out of their own smartphone or tablet. This Android PIN-locking ransomware, identified as Android/Lockerpin.A , changes the infected device's lock screen PIN code and leaves victims with a locked mobile screen, demanding for a $500 (€450) ransom . Here's the Kicker: Since the lock screen PIN is reset randomly, so even paying the ransom amount won't give you back your device access, because even the attackers don't know the changed PIN code of your device , security researchers at Bratislava-based antivirus firm ESET warn . LockerPIN , as dubbed by the researchers,...

A Security researcher and hacker, named John Gordon , has found an easy way to bypass the security of locked smartphones running Android 5.0 and 5.1 (Build LMY48M). Many of us use various security locks on our devices like Pattern lock, PIN lock and Password lock in order to protect the privacy of our devices. However, a vulnerability could now allow anyone to take your Android smartphone ( 5.0 build LMY48I ) with locked screen, perform a " MAGIC TRICK " and as a result crash the user interface (UI) for the password screen and gain access to your device. The vulnerability, assigned CVE-2015-3860 , has been dubbed as " Elevation of Privilege Vulnerability in Lockscreen ". How the Attack Works? The secret behind the researcher's "MAGIC TRICK" is as follows: Get the device and open the Emergency dialer screen. Type a long string of numbers or special characters in the input field and copy-n-paste a long string continuously til...

Pokémon GO launched just two weeks ago, and people have been getting crazy to catch 'em all. Users, on an average, are spending more time engaged with the new Pokémon GO app than any other apps like Snapchat. But, before downloading and playing Nintendo's new location-based augmented reality game, users are required to keep the following points in their minds: 1. Unofficial Pokémon GO app might contain Malware Since Pokémon GO is currently available in only a few countries, many third-party gaming websites are offering tutorials due to huge interest surrounding the app, recommending users to download the APK from a non-Google Play link. Users need to "side-load" the malicious app to install the APK by modifying their Android core security settings, which allows their device's OS to install apps from " untrusted sources ." However, researchers have discovered that many of these online tutorials are linked to malicious versions of the Pokém...

It's not at all surprising that the Google Play Store is surrounded by a large number of malicious apps that has the ability to gain users' attention into falling victim for one, but this time, it is even worse than most people realize. Researchers at Trend Micro have detected a family of malicious apps, dubbed ' Godless ,' that has the capability of secretly rooting almost 90 percent of all Android phones. Well, that's slightly terrifying. The malicious apps are distributed via different methods and variety of app stores, including Google Play Store, which is usually considered as a safe option for downloading apps. Also Read:   Crazy hacker implants NFC Chip in his hand to hack Android phones . The malicious apps packed with Godless contain a collection of open-source or leaked Android rooting exploits that works on any device running Android 5.1 Lollipop or earlier. 90% Android Devices are Vulnerable to Godless Rooting Malware Since Android eco...

Your smartphone is your daily companion. The chances are that most of our activities rely on them, from ordering food to booking medical appointments. However, the threat landscape always reminds us how vulnerable smartphones can be.  Consider the recent  discovery by Oversecured , a security startup. These experts observed the dynamic code loading and its potential dangers. Why is this a problem? Well, the Google app uses code that does not come integrated with the app itself. Okay, this might sound confusing, but it all works in favor of optimizing certain processes. Thus, Google exploits code libraries pre-installed on Android phones to reduce their download size. In fact, many Android apps use this trick to optimize the storage space needed to run.  As revealed by Oversecured, perpetrators could compromise this retrieval of code from libraries. Instead of Google obtaining code from a reliable source, it could be tricked into taking code from malicious apps operatin...

iOS 9.0.1 – Apple's first update to its new iOS 9 mobile operating system, came out on Wednesday, addressed several bugs in its software. However, unfortunately, it seems that the latest update iOS 9.0.1 doesn't fix the lock screen bypass vulnerability reported by iPhone user Jose Rodriguez. Yes, the serious flaw in iOS 9 that allows anyone – with physical access of your iPhone or iPad – to bypass your device's lock screen and get into your contacts and personal photographs, also Works on iOS 9.0.1 . Video Demonstration: Rodriguez published a new video detailing a step-by-step explanation on how to bypass the passcode on iOS 9 and iOS 9.0.1 device, using the benevolent nature of Apple's personal assistant Siri. The lock screen bypass vulnerability works on all iOS versions from iOS 5.1.1 to the latest released iOS 9.0.1 . Mitigation So, until Apple rolls out an update to patch this bug, the only way available to iPhone users to mitiga...

Google Android has been a primary concern of the attackers. Counting from a simple text message that could hack an Android phone remotely to the Stagefright bug making Billion users vulnerable. Now, the latest is the ' Kemoge Malware ' that has made its debut as an Adware on the Android mobile phones, allowing third-party app stores to fetch your device's information and take full control of it. Security researchers from FireEye Labs have discovered that Kemoge malicious adware family is spreading in 20 countries around the globe. Also, the origin of the Adware's attack is suspected from China. What is Kemoge? The name given to the malicious Adware family is because of its command and control (C2) domain: aps.kemoge.net. Kemoge is an Adware in the disguise of popular Apps; it has circulated in such numbers because it takes the name of popular apps and repackages them with the malicious code and make them available to the user. They even use...

Like most iOS lock screen vulnerabilities, the passcode lock screen on iOS 7 also suffers from a bug that allows anyone with direct access to the iPhone or iPad. Although Apple claims to have fixed 80 security vulnerabilities with iOS 7, including the ability to bypass the lock screen in iOS 6.1.3, the same person who found the previous vulnerability has found yet another in iOS 7. Discovered by ' Jose Rodriquez ', an iPhone user reported a security flaw in iOS that lets anyone bypass the lockscreen passcode and access sensitive information stored in photos, Twitter, email and more. The flaw resides on users who lock their devices with a traditional PIN code or password. The security flaw is demonstrated in the video below and it works as follows: Swipe up from the bottom of the Lock screen to open Control Center and Launch the Clock app. Open the Alarm Clock section of the Clock app and Hold down the power button. Quickly tap Cancel the immediately doubl...

With the launch of iOS 9, Apple gave us an ultimate reason to upgrade our Apple devices to its new operating system. The latest iOS 9 includes a security update for a nasty bug that could be exploited to take full control of your iPhone or Macs, forcing most of the Apple users to download the latest update. Australian security researcher Mark Dowd has disclosed a serious vulnerability in AirDrop , Apple's over-the-air file sharing service built into iOS and Mac OS X. How the Attack Works? The vulnerability allows anyone within the range of an AirDrop user to silently install a malicious app on a target Apple device by sending an AirDrop file which involves rebooting of the target device. An attacker can exploit this critical bug even if the victim rejects the incoming file sent over AirDrop. After rebooting takes place, the malicious app gains access to Springboard, Apple's software to manage iOS home screen, allowing the app to fool the victim's iP...

WhatsApp has introduced a new security feature that fixes a loophole in the popular messaging platform, which if exploited, could allow an attacker to hijack victim's account with just knowing the victim's phone number and some hacking skills. The attack does not exploit any vulnerability in WhatsApp; instead, it relies on the way the account setup mechanism works. WhatsApp allows users to sign up to the app using their phone number, so if an attacker wants to hijack your WhatsApp account, they would require an OTP (One time password) send to your phone number. The attacker can grab this OTP by diverting the SMS containing the passcode to their own computer or phone, using either a malicious app or SS7 vulnerability , and then log into the victim's WhatsApp account. The attack even works in case the phone is locked. In August, Iranian state-sponsored hackers reportedly hijacked over dozens of Telegram accounts belonging to activists and journalists by exploiting a ...

Various European customers of different banks are being targeted by an Android banking trojan called  SpyNote  as part of an aggressive campaign detected in June and July 2023. "The spyware is distributed through email phishing or smishing campaigns and the fraudulent activities are executed with a combination of remote access trojan (RAT) capabilities and vishing attack," Italian cybersecurity firm Cleafy  said  in a technical analysis released Monday. SpyNote , also called SpyMax, is similar to other Android banking Trojans in that it requires  Android's accessibility permissions  in order to grant itself other necessary permissions and gather sensitive data from infected devices. What makes the malware strain notable is its dual functions as spyware and perform bank fraud. The attack chains commence with a bogus SMS message urging users to install a banking app by clicking on the accompanying link, redirecting the victim to the legitimate TeamViewer...

The founders over at FixMeStick sent us a pair of their latest devices to check out. The FixMeStick is, in short, a malware removal device for dummies . The FixMeStick is a bootable USB device running Lubuntu and integrates three separate anti-virus scanners from Kaspersky Labs, Sophos, and GFI. While our readers will probably never need it for themselves, we may all wish we had something like this for our non-technical friends and family, or the 9 million PCs infected with ZeroAccess botnet . The FixMeStick does a lot of things that nobody else does on a bootable USB, and let's be real, removing rootkits is never pleasant or easy. Why I Want it For My Parents Linux: the FixMeStick is a Linux-based device that runs before Windows boots enabling it to remove infections without the infection getting stealthy or playing war with my parent's anti-virus software. N-Scanner architecture: contains an integrated multi-scanner composed of three engines: Kaspersky Labs, Sophos, and GFI's VI...

Apple has faced a number challenges over the last year related to software errors and flaws on its flagship iPhone. According to a latest video posted on YouTube  iPhone and iPad users running the latest iOS 6.1 platform can bypass the lock screen, even when a password is set. Basically, he found that by attempting and canceling an emergency call on the iPhone, holding the lock button and then taking a screenshot took him past the stage where he should have had to enter a password to access the phone. The flaw is relatively easy to exploit and this lets you bypass the security code and use the full Phone app. From there you have access to the address book, and the pictures app by trying to change a contacts picture. Apple promised to fix the iOS 6.1 iOS Exchange bug in a forthcoming software update so perhaps they'll fix this annoying glitch as well. Steps to follow: First part: -Go to emergency call, push down the power button and tap cancel. -D...

A Chinese hacking group has been found leveraging a new exploit chain in iOS devices to install a spyware implant targeting the Uyghur Muslim minority in China's autonomous region of Xinjiang. The findings, published by digital forensics firm Volexity , reveal that the exploit — named "Insomnia" — works against iOS versions 12.3, 12.3.1, and 12.3.2 using a flaw in WebKit that was patched by Apple with the release of iOS 12.4 in July 2019. Volexity said the attacks were carried out by a state-sponsored hacking group it calls Evil Eye , the same threat actor that it said was behind a series of attacks against the Uyghurs last September following a bombshell disclosure by Google's Project Zero team . China has long considered Xinjiang a breeding ground for " separatists, terrorists and religious extremists ," with the residents of the region — ethnically Turkic Muslims — thrown into concentration camps , and subjected to persecution and high-tech surv...