Showing Posts From

Mobile Security

  • 30 Mar 2021

Click here for free TV! - Chaining bugs to takeover Wind Vision accounts

A critical vulnerability was discovered in the Wind Vision mobile app that enables account takeover through chained security flaws. The attack exploits insecure URL schemes, weak device identification, and authentication mechanisms to intercept OAuth tokens. By crafting a malicious app, an attacker can potentially stream content or remove user devices from the Wind Vision account.

Samsung S20 - RCE via Samsung Galaxy Store App

A remote code execution vulnerability was discovered in the Samsung Galaxy Store app for S20 devices. The vulnerability allowed attackers to install applications without user consent by exploiting a WebView JavaScript interface. An attack could be conducted via a man-in-the-middle attack using NFC or WiFi.

How are we doing with Android's overlay attacks in 2020?

Android's Accessibility Services (AAS) can be exploited by malicious apps to perform dangerous actions on a user's device. These actions include keylogging, auto-granting permissions, reading screen content, and performing automated interactions with other apps. The article demonstrates how a malicious app can leverage AAS to potentially steal sensitive information and perform unauthorized actions without user detection.

  • 1 Nov 2019

Automating Pwn2Own with Jandroid

Jandroid is an automated tool designed to help identify potential logic bugs in Android applications. The tool uses configurable templates to analyze APK files, searching for specific patterns in Android manifests and code. By reducing manual analysis effort, Jandroid enables semi-automatic detection of exploitable vulnerabilities in mobile applications.

How Secure is your Android Keystore Authentication?

This article explores vulnerabilities in Android Keystore authentication mechanisms for local device security. Multiple security weaknesses were identified in how developers implement biometric and keystore authentication in Android applications. Frida scripts were developed to help security professionals audit and test the robustness of Android application authentication implementations.

The Mate Escape - Huawei Pwn2Owning

A presentation at Hacktivity 2018 explored vulnerability discovery techniques targeting the Huawei Mate 9 Pro by focusing on logic bugs in Android platforms. The talk highlighted the expanding attack surface of logic vulnerabilities as memory corruption exploitation becomes increasingly challenging. Techniques for rapidly identifying potential remote compromise vulnerabilities across mobile handsets were discussed.

Debugging Released Xamarin Android Applications

A technical investigation revealed debugging techniques for released Xamarin Android applications. By manipulating system properties like 'debug.mono.runtime_args', method tracing can be performed on release builds. Code execution is possible through the Mono log profiler by creating a payload in the '.__override__' directory, allowing analysis of Xamarin applications without modifying the original APK.

  • 23 Jul 2018

A Guide to Repacking iOS Applications

This technical guide details the process of repacking iOS applications for security research purposes. The methodology covers decrypting application binaries, patching with Frida, generating provisioning profiles, and resigning applications across different scenarios. Key techniques are demonstrated for repacking various types of iOS applications, including those with frameworks, app extensions, and WatchOS companion apps.

Chainspotting: Building Exploit Chains with Logic Bugs

A presentation explores the development of an exploit chain involving 11 logic bugs across 6 Android applications. The study demonstrates how logic vulnerabilities can be chained together to achieve malicious actions like silent APK installation. Techniques for discovering and exploiting logic bugs in Android systems are discussed, highlighting the challenges of complex vulnerability chaining.

Huawei Mate 9 Pro Mobile Pwn2Own 2017

A whitepaper details vulnerabilities discovered in the Huawei Mate 9 Pro during Mobile Pwn2Own 2017. The document focuses on security issues found in the Huawei Reader and HIApp applications. Technical details of the vulnerabilities and exploitation methods are presented in the document.

Logic Bug Hunting in Chrome on Android

A methodology for identifying logic flaws in mobile applications is demonstrated through an analysis of Chrome for Android. The approach focuses on finding logic bugs that enable access to user files and emails without memory corruption exploits. A specific logic bug in Chrome for Android is highlighted as allowing attackers to bypass Android Nougat security mechanisms.

Needle: Finding Issues within iOS Applications

Needle is an iOS application security testing tool presented at OWASP AppSec USA 2016. The tool enables comprehensive vulnerability identification in iOS applications through both black-box and white-box testing methodologies. Marco Lancini's presentation detailed Needle's architecture and testing capabilities for finding security issues in mobile applications.

A quick intro to Needle

Needle is an open-source modular framework designed to streamline iOS application security assessments. The tool provides a comprehensive set of modules for binary analysis, storage examination, dynamic analysis, hooking, communications testing, and static code checks. Its modular design allows security professionals to easily conduct thorough iOS app security evaluations.

Mission mPOSsible

A security presentation examined the vulnerabilities of mobile Point-of-Sale (mPOS) devices used with mobile platforms. The study investigated potential risks to sensitive customer payment data in emerging payment technologies. Findings were presented at Syscan 2014 and Blackhat USA 2014 by Nils and Jon.

  • 25 Jun 2015

Set Fire to the Phone

Two security researchers from MWRLabs discovered multiple vulnerabilities in the Amazon Fire Phone's AppStore ecosystem. By chaining three distinct vulnerabilities, they achieved remote code execution without using native or memory-based attacks. The exploit allowed installation of malware, extraction of device data, and demonstrated significant application security risks in the Fire Phone's software.

Android Wear Security Analysis

A security analysis of Android Wear reveals robust security controls in WearableListenerService and WearableService. The research examined how Android Wear applications communicate and found strict checks preventing unauthorized message delivery between applications. Security mechanisms effectively block low-privileged malware from interfering with inter-application communication on wearable devices.

Watch You Lookin' At?

A security presentation at Securi-Tay 2015 examined vulnerabilities in Android Wear wearable devices. The research by Jahmel Harris and Owen Evans revealed potential malware risks for extracting sensitive information from these platforms. Security weaknesses in Android Wear's implementation were discussed as part of the investigation.

  • 28 Nov 2014

My NFC Remains Enabled - Reflections on Mobile Pwn2Own 2014

Mobile Pwn2Own 2014 highlighted zero-day vulnerabilities in mobile devices, particularly those involving NFC technologies. The competition demonstrated the ongoing challenges in mobile device security, emphasizing the importance of careful app store selection for users and proactive security design for developers. Despite potential NFC-related risks, most users are more likely to encounter threats through phishing and malware.

Fracking With Hybrid Mobile Applications

Dave Hartley's presentation explores the security implications of hybrid mobile applications across multiple platforms. The talk examines how hybrid apps combine web and native application features using frameworks like PhoneGap. It highlights security risks introduced by WebView and cross-platform development approaches that allow web code to access local device resources.

Native Bridge's Over Troubled Water

Mobile security research by Dave Hartley explored vulnerabilities in mobile advertising networks across multiple platforms. The study investigated cross-platform exploitation potential in Windows Phone, Android, Blackberry, and iOS operating systems. Findings focused on identifying security issues within popular mobile ad networks.

Putting JavaScript Bridges into (Android) Context

This article explores techniques for obtaining Android Context in WebView JavaScript-to-Java bridge vulnerabilities. Multiple methods for retrieving Context are investigated using reflection and Java Native Interface (JNI) techniques. The research demonstrates approaches to accessing system resources and package information during post-exploitation scenarios in Android applications.

  • 5 Jun 2014

Continued Adventures with iOS UIWebViews

This article explores security vulnerabilities in iOS UIWebViews, specifically focusing on custom NSURLProtocol implementations. The research demonstrates how attackers can bypass naive security checks by manipulating HTTP headers and using techniques like XMLHttpRequest to access restricted resources. A proof-of-concept JavaScript payload is presented to illustrate potential exploitation methods for file access and data exfiltration.

Windows Phone 8 Application Security Slides Syscan 2014

MWR researchers Alex Plaskett and Nick Walker presented slides at Syscan 2014 analyzing Windows Phone 8 application security. The presentation covered novel vulnerabilities in mobile app development. Slides provide programmatic guidance for developers to improve Windows Phone 8 application security.

Windows Phone 8 Application Security Whitepaper Syscan 2014

A whitepaper on Windows Phone 8 application security was presented at Syscan 2014. The research identified common developer mistakes that introduce security vulnerabilities in Windows Phone 8 applications. The whitepaper provides guidance on detecting and mitigating specific application security weaknesses in the platform.

  • 20 Dec 2013

Google AdMob Ad Library - Arbitrary Intent Activity Invocation

A vulnerability was discovered in the Google AdMob SDK for Android that allows attackers to manipulate Intent Activities by injecting JavaScript into a WebView. The vulnerability enables arbitrary activity invocation by controlling multiple parameters passed to the 'startActivity' method. Potential remote exploitation can occur by targeting exposed activities in other Android applications.

  • 20 Dec 2013

PontiFlex Ad Library - Remote JavaScript Command Execution

A critical vulnerability was discovered in the PontiFlex ad library for Android that enables remote JavaScript command execution. The flaw allows attackers to download and execute arbitrary code, perform directory traversal, and potentially steal files from mobile applications through manipulated WebView JavaScript interfaces. The vulnerability impacts Android apps using the PontiFlex ad library, potentially exposing millions of users to remote code execution risks.

  • 29 Nov 2013

Debug All the Android Things

This blog post describes a technique for enabling debugging on Android applications using Cydia Substrate. The method involves hooking the Android process startup method to force debugging flags, allowing developers to use jdb to interact with and manipulate running Android applications, even for apps not marked as debuggable in their manifest.

  • 27 Nov 2013

Millenial Media Ad Library

A critical vulnerability was discovered in the Millenial Media SDK across mobile platforms. The SDK's WebView implementation allows attackers to perform dangerous actions like file manipulation, clipboard access, audio recording, and cross-application exploitation through malicious JavaScript injection. These security flaws could enable comprehensive mobile device compromise and unauthorized access to sensitive user information.

  • 20 Nov 2013

AppLovin Ad Library SDK: Remote Command Execution via Update Mechanism

A critical vulnerability was discovered in the AppLovin Ad Library SDK for Android that enables remote command execution through an insecure update mechanism. The vulnerability allows attackers to inject malicious code into applications by exploiting the SDK's dynamic class loading process during updates. An attacker can craft a malicious SDK update that gets automatically downloaded and executed when an application starts.

  • 24 Sep 2013

WebView addJavascriptInterface Remote Code Execution

A critical remote code execution vulnerability was discovered in Android WebViews using JavaScript interfaces. The vulnerability allows attackers to execute arbitrary system commands by injecting malicious JavaScript into applications using advertising network SDKs. Analysis revealed that a significant number of Android applications could potentially be compromised through this security flaw.

  • 1 Sep 2013

Introducing drozer

Drozer is an open-source mobile security tool for Android exploit development. It enables advanced payload deployment and post-exploitation through multiple "weasel" techniques for gaining device access. The tool allows security researchers to build exploits, create reverse TCP shells, and escalate privileges on target Android devices.

  • 4 Jul 2013

BSides Challenge Walkthrough

The BSides London 2013 challenge involved analyzing the 'Evil Planner' Android application for security vulnerabilities. Multiple critical security flaws were discovered, including directory traversal in content providers, weak PIN encryption using device ID, and SQL injection in database content providers. These vulnerabilities could allow an attacker to access sensitive user data stored within the application.

  • 5 Jun 2013

Mercury v2.2.1

Mercury, an Android security testing tool, released its final version 2.2.1 with significant updates. The release included a new BSD license, improved PATH functionality, and a new Windows installer. The project will transition to its successor drozer at BlackHat Arsenal.

Is Blackberry Dead?

Alex Plaskett from MWR presented an overview of Blackberry 10's security features at the MWR Briefing in 2013. The presentation explored the mobile operating system's security capabilities and potential future. A PDF of the presentation is available for download.

  • 28 Mar 2013

Announcing Mercury v2.2

Mercury v2.2, an Android Security Assessment Framework, introduces enhanced auto-completion features for command suggestions. The update maintains separate command histories for different contexts and improves ContentProvider interaction stability. A vulnerable Android app called Sieve is released to help security practitioners practice using the framework.

  • 11 Mar 2013

BSides Challenge

MWR Labs hosted a cybersecurity challenge focused on analyzing the "Evil Planner" Android application. The challenge invited participants to find vulnerabilities that would allow BigCorp to extract encrypted data from a potentially malicious employee's device. Multiple prizes were offered for discovering and exploiting application security weaknesses.

  • 7 Feb 2013

Announcing Mercury v2.1

Mercury v2.1, an Android security assessment framework, introduces three key improvements. Modules can now be installed directly from an online repository. Connections between the Mercury console and device can be secured with SSL and optional password protection. Performance optimizations have been made to the Mercury Agent to improve efficiency and resource management.

  • 14 Dec 2012

What's New in Mercury v2?

Mercury v2.0 introduces a completely rewritten architecture with modular reflection-based functionality. Infrastructure Mode enables remote device connectivity across firewalls and NAT. The user interface has been streamlined to provide faster, more direct access to Mercury's capabilities.

  • 19 Sep 2012

Mobile Pwn2Own at EuSecWest 2012

MWR Labs demonstrated a critical Android vulnerability at EuSecWest 2012 targeting a Samsung Galaxy S3 running Android 4.0.4. The exploit used NFC to upload a malicious file, enabling code execution and privilege escalation. Through multiple vulnerabilities, the team could exfiltrate user data and compromise the device's security by bypassing Android's exploit mitigation features.

  • 7 Sep 2012

Mercury v1.1 is Released

Mercury v1.1 is an Android security testing framework with enhanced compatibility for newer Android versions. The release introduces a Reflection Interface for dynamic feature addition and includes new modules for comprehensive security scanning of Android devices and applications. Key improvements enable security professionals to more efficiently analyze potential vulnerabilities in Android systems.

  • 1 Sep 2012

A Look at the BlackBerry OS as a Secure Platform for Third Party Applications

This article examines critical security vulnerabilities in the BlackBerry OS for third-party applications running in the BlackBerry Internet Service environment. Key security issues include unprotected data storage, insecure data transmission, and weak application sandboxing that could allow malicious apps to compromise device security. The study reveals multiple attack vectors such as database manipulation, input simulation, and unauthorized screenshots.

  • 23 Aug 2012

Mercury Reflection

Mercury developed a dynamic reflection interface for Android security assessment that enables runtime code execution and plugin creation. The interface allows developers to load Java code dynamically on the server side without modifying the core application. This approach provides flexible functionality for examining and interacting with Android applications through a simple set of reflection methods.

  • 30 Apr 2012

Building Android Java/JavaScript Bridges

This article explores security vulnerabilities in Android WebView implementations, focusing on Java/JavaScript bridges. It examines methods like addJavascriptInterface and method overriding that allow native code exposure to web content. The research highlights potential attack vectors in cross-platform mobile application development frameworks, particularly in PhoneGap.

  • 23 Apr 2012

Adventures with Android WebViews

This article provides guidance on securing Android WebViews by implementing best practices for mobile application security. Key recommendations include disabling JavaScript and plugins, restricting file system access, and implementing resource inspection techniques to prevent potential vulnerabilities. The article details methods for intercepting and controlling resource loading within WebViews to enhance mobile application security.

  • 16 Apr 2012

Adventures with iOS UIWebviews

This article explores security challenges with iOS UIWebviews, focusing on techniques to mitigate risks when loading remote content. It discusses methods for implementing secure WebView interactions, including using SSL/TLS, implementing URL request inspection, and carefully managing content loading to prevent unauthorized access to local resources.

  • 2 Dec 2011

How to find Android 0day in no time

WebContentResolver is an Android assessment tool that exposes Content Providers through a web interface. The tool allows security testing of Android Content Providers by enabling queries and revealing potential vulnerabilities like SQL injection. It provides a simple method to explore and test Content Providers using web application testing techniques.

Blue Hat v11 Executive Briefings: Win Phone 7 OEM Fail

A presentation at Blue Hat v11 executive briefings examined Windows Phone 7 security research. The briefing covered vulnerability trends and potential platform security improvements. It provided a high-level overview of security research findings for the Windows Phone 7 platform.

Windows Pwn 7 OEM - Owned Every Mobile?

Alex Plaskett presented research on Windows Phone 7 security vulnerabilities at multiple cybersecurity conferences. The presentation explored the Windows Phone 7 security model and potential system weaknesses. Technical findings and exploitation techniques were demonstrated during the talks.

  • 7 Jul 2011

Debuggable Apps in Android Market

A security analysis of Android applications revealed that approximately 5% of popular free apps are shipped with debugging enabled. Debuggable applications can be exploited by malicious apps to establish a JDWP connection and gain full access to the Java process. Developers are advised to disable debugging before shipping applications to prevent potential security risks.

  • 18 May 2011

The Google Android Update Dilemma

The Android update process involves multiple parties including Google, device vendors, and carriers, creating a complex and fragmented security update mechanism. This multi-stage update chain introduces significant delays and vulnerabilities, as patches must pass through numerous intermediaries before reaching end-users. Google's recent update initiative fails to comprehensively address the fundamental security challenges in Android's update ecosystem.

Building Android Sandcastles in Android's Sandbox

This paper examines Android's sandbox architecture and security vulnerabilities beyond traditional kernel-level exploits. The study shifts focus to analyzing systemic and third-party application security risks in the Android ecosystem. The research explores potential security weaknesses in Android's application isolation and sandbox implementation.

  • 16 Aug 2010

Recent Palm webOS Vulnerabilities - MWR InfoSecurity Clarification

MWR InfoSecurity identified two vulnerabilities in Palm WebOS in May 2010. One local service vulnerability was fixed in version 1.4.5, while a vCard parsing vulnerability remained unaddressed. The company aimed to highlight smartphone security risks through responsible disclosure.

Palm webOS 1.4.5 fixes security issue found by MWR InfoSecurity

Palm released webOS version 1.4.5 to address a security vulnerability discovered by MWR InfoSecurity. A detailed advisory will be published after most devices have been updated. The update is being distributed by mobile carriers.