40562
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Disclosure of 7 Android and Google Pixel Vulnerabilities
https://blog.oversecured.com/Disclosure-of-7-Android-and-Google-Pixel-Vulnerabilities/
Reverse Engineering iOS 18 Inactivity Reboot
https://naehrdine.blogspot.com/2024/11/reverse-engineering-ios-18-inactivity.html
Fake physical letters were sent to potential victims at their address to download "Severe Weather Warning App" via QR code. Coper AKA Octo2 malware is downloaded instead.
https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2024/2024-meteosuisse.html
Apple CarPlay: What's Under the Hood
Slides: https://troopers.de/downloads/troopers24/TR24_Apple_CarPlay-What's_Under_the_Hood_8MCYKG.pdf
Video: https://www.youtube.com/watch?v=cHhxJzavq5I
ToxicPanda: a new banking trojan from Asia hit Europe and LATAM
https://www.cleafy.com/cleafy-labs/toxicpanda-a-new-banking-trojan-from-asia-hit-europe-and-latam
Android G700 spyware: The Next Generation of Craxs RAT
https://www.cyfirma.com/research/g700-the-next-generation-of-craxs-rat/
Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware
https://www.zimperium.com/blog/mishing-in-motion-uncovering-the-evolving-functionality-of-fakecall-malware/
LightSpy: Implant for iOS
https://www.threatfabric.com/blogs/lightspy-implant-for-ios
Nine writeup for some Android specific chromium behavior vulnerabilities
1) intent:// restrictions bypassed via firebase dynamic links (Fixed, Awarded $3000)
2) Bypass to issue 40060327 via market:// URL (Fixed, Awarded $2250)
3) Add to home screen spoof (Fixed, Awarded $1125)
4) Iframe sandbox allow-popups-to-escape-sandbox bypass via intent (Asked, Not fixed)
5) Controlling Google assistant (Asked, Not fixed)
6) Controlling Clock (Accepted, Not fixed)
7) URL Spoof via intent (Fixed, Awarded $3133.70)
8) BROWSABLE intent:// bypass (Fixed, Duplicate)
9) BROWSABLE intent:// bypass (Fixed, Awarded $4500.00)
https://ndevtk.github.io/writeups/2024/08/01/awas/
iOS Forensics Suite: Generates detailed reports from iOS backups (encrypted & unencrypted) with device info, contacts, messages, WiFi, notes, WhatsApp data & more. All done locally.
https://github.com/piotrbania/ios_forensics_suite
I tried to explain how it is possible to locate smartphones using Advertising ID and ad plugins that are part of thousand popular apps without needing any spyware or exploits
https://www.mobile-hacker.com/2024/10/25/locate-smartphones-using-advertising-id-without-spyware-or-exploit/
South Korean Mobile Malware Campaign: A Technical Deep Dive
https://www.linkedin.com/pulse/south-korean-mobile-malware-campaign-technical-deep-dive-rastogi-rma6e
SELinux bypasses
This post aims at giving an overview of what SELinux is, how it is implemented, and how to bypass it, from the point of view of Android kernel exploitation
https://klecko.github.io/posts/selinux-bypasses/
Use Case: Bypassing In-App Purchase By Payment Client-Side Validation
https://secfathy0x1.medium.com/use-case-bypassing-in-app-purchase-by-payment-client-side-validation-e87e2c775a9c
Security Analysis of WeChat’s MMTLS Encryption Protocol
https://citizenlab.ca/2024/10/should-we-chat-too-security-analysis-of-wechats-mmtls-encryption-protocol/
From an Android Hook to RCE: $5000 Bounty
https://blog.voorivex.team/from-an-android-hook-to-rce-5000-bounty
GPUAF - Two ways of Rooting All Qualcomm based Android phones
https://powerofcommunity.net/poc2024/Pan%20Zhenpeng%20&%20Jheng%20Bing%20Jhong,%20GPUAF%20-%20Two%20ways%20of%20rooting%20All%20Qualcomm%20based%20Android%20phones.pdf
Firefox Animation CVE-2024-9680
https://dimitrifourny.github.io/2024/11/14/firefox-animation-cve-2024-9680.html
Triage Insights: TgToxic is back
https://hatching.io/blog/triage-insights-ep3/
From Tracing to Patching using Frida
https://ad2001.com/blog/frida-tracing
Low-Level Development on Retail Android Hardware - Reconnaissance and Prototyping a Bootloader
https://blog.timschumi.net/2024/10/05/lldorah-bootloader-prototype.html
Emulating Android native libraries using unidbg
https://bhamza.me/blogpost/2024/09/10/Emulating-Android-native-libraries-using-unidbg.html
Cracking into a Just Eat / Takeaway.com terminal with an NFC card
https://blog.mgdproductions.com/justeat-takeaway-terminal/
Frida Script Runner - Versatile web-based tool designed for Android and iOS penetration testing purposes
https://github.com/z3n70/Frida-Script-Runner
Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives also using Android malware
https://cloud.google.com/blog/topics/threat-intelligence/russian-espionage-influence-ukrainian-military-recruits-anti-mobilization-narratives/
ShadyShader 2: An Apple bug that could freeze any device or cause crash loops by exploiting how GPUs handle shaders
Similar issue Apple patched last year (CVE-2023-40441)
https://www.imperva.com/blog/shadyshader-crashing-apple-m-series-with-single-click/
Analysis of CVE-2024-26926
A Linux kernel bug in the Binder component primarily affecting Android devices labeled as EoP
https://github.com/MaherAzzouzi/LinuxKernel-nday/blob/main/CVE-2024-26926/CVE_2024_26926_Analysis.pdf
Write-up on 1-click Exploit in South Korea's KakaoTalk mobile chat app allowed to steal access token and remotely exfiltrate all chat messages.
Issue is fixed, but the bug reporter haven't received reward, because only Koreans are eligible to receive bounty
https://stulle123.github.io/posts/kakaotalk-account-takeover/
Analysis of AwSpy spyware that Targets South Korean Android users
https://labs.k7computing.com/index.php/awspy-new-spyware-targets-south-korean-android-users/
Zscalar Threat report 2024: Mobile, IoT, & OT
Mobile remains a top threat vector with 111% spyware growth while IoT attacks rise 45%
Overview: https://www.zscaler.com/blogs/security-research/new-threatlabz-report-mobile-remains-top-threat-vector-111-spyware-growth
Report: https://www.zscaler.com/resources/industry-reports/threatlabz-mobile-iot-ot-report.pdf