The Research Blog

• 18 Apr 2012

HackFu 2012

HackFu 2012 is a cybersecurity event scheduled for June 28-30, set in a futuristic scenario of the year 2139. A select group of invited participants will compete in team challenges. The specific location and challenge details remain a closely guarded secret.

• 16 Apr 2012

Adventures with iOS UIWebviews

This article explores security challenges with iOS UIWebviews, focusing on techniques to mitigate risks when loading remote content. It discusses methods for implementing secure WebView interactions, including using SSL/TLS, implementing URL request inspection, and carefully managing content loading to prevent unauthorized access to local resources.

• 2 Mar 2012

Summer Internship Positions

MWR InfoSecurity offers paid summer internships for computer science students interested in cybersecurity research. Internships are approximately 12 weeks long and based in the UK offices. Candidates from second or third year of university with a strong interest in applied computer security are encouraged to apply.

• 5 Jan 2012

Distributed Hash Cracking on the Web

A distributed hash cracking project explored using WebGL and WebCL technologies to crack password hashes through web browsers. WebGL proved unsuitable for hash computation, but WebCL showed promising performance for parallel processing of hash cracking. The project deployed a distributed system using web advertising to harness browser computing power for password retrieval.

• 14 Dec 2011

veripy: New Project to Support the Migration to IPv6

MWR InfoSecurity launched a new open-source project called veripy to support IPv6 migration. The project aims to develop a tool for testing equipment readiness according to the RIPE 501 specification. The first version of the tool is planned for release in March 2012, with the goal of providing confidence in IPv6 networking hardware and software.

• 12 Dec 2011

Tell Us Your Incognito Ideas and Win One of 5 Lego Ninjas

Incognito, a tool for exploiting Windows access tokens launched in 2007, seeks community input on potential improvements. The project aims to enhance the tool's effectiveness by gathering feature suggestions from the information security community. As an incentive, five Lego Ninjas will be awarded to the best feature ideas submitted.

• 2 Dec 2011

How to find Android 0day in no time

WebContentResolver is an Android assessment tool that exposes Content Providers through a web interface. The tool allows security testing of Android Content Providers by enabling queries and revealing potential vulnerabilities like SQL injection. It provides a simple method to explore and test Content Providers using web application testing techniques.

• Alex Plaskett
• 10 Nov 2011

Blue Hat v11 Executive Briefings: Win Phone 7 OEM Fail

A presentation at Blue Hat v11 executive briefings examined Windows Phone 7 security research. The briefing covered vulnerability trends and potential platform security improvements. It provided a high-level overview of security research findings for the Windows Phone 7 platform.

• Alex Plaskett
• 10 Nov 2011

Windows Pwn 7 OEM - Owned Every Mobile?

Alex Plaskett presented research on Windows Phone 7 security vulnerabilities at multiple cybersecurity conferences. The presentation explored the Windows Phone 7 security model and potential system weaknesses. Technical findings and exploitation techniques were demonstrated during the talks.

• 4 Nov 2011

A taste of Finland - T2 2011

T2 2011 was an intimate Finnish cybersecurity conference featuring technical talks from industry experts. The event covered diverse topics including cyber terrorism, botnet disruption, and emerging security research. Speakers presented innovative technical insights across areas like mobile security, firmware extraction, and cyber threat analysis.

• 14 Jul 2011

USB Fuzzing for the Masses

This article explores USB fuzzing techniques for discovering vulnerabilities in device drivers across different platforms. Multiple approaches to USB fuzzing are discussed, including virtualized fuzzing using Qemu and hardware-based fuzzing methods. The research highlights potential security risks in USB device driver implementations, demonstrating techniques for crash debugging and vulnerability exploitation.

• 7 Jul 2011

Debuggable Apps in Android Market

A security analysis of Android applications revealed that approximately 5% of popular free apps are shipped with debugging enabled. Debuggable applications can be exploited by malicious apps to establish a JDWP connection and gain full access to the Java process. Developers are advised to disable debugging before shipping applications to prevent potential security risks.