40562
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
Xiaomi HyperOS BootLoader Bypass
A PoC that exploits a vulnerability to bypass the Xiaomi HyperOS community restrictions of BootLoader unlocked account bindings
https://github.com/MlgmXyysd/Xiaomi-HyperOS-BootLoader-Bypass#xiaomi-hyperos-bootloader-bypass
Financial Fraud APK Campaign targeting Chinese users
https://unit42.paloaltonetworks.com/malicious-apks-steal-pii-from-chinese-users/
Analysis of iOS Info Stealer malware distributed via phishing website
icebre4ker/analysis-of-an-info-stealer-chapter-2-the-ios-app-0529e7b45405" rel="nofollow">https://medium.com/@icebre4ker/analysis-of-an-info-stealer-chapter-2-the-ios-app-0529e7b45405
MyEstatePoint Property Search app leaked data on nearly half a million of its users, exposing their names and plain-text passwords
https://cybernews.com/security/myestatepoint-property-search-app-data-leak/
Path traversal to RCE in Android — Mobile Hacking Lab ‘Document Viewer’ write-up
https://ajmal-moochingal.medium.com/path-traversal-to-rce-in-android-mobile-hacking-lab-document-viewer-write-up-ef9226aea1ac
Looking at an unfixed iOS vulnerability
https://joshua.hu/apple-ios-patched-unpatched-vulnerabilities
Frinet: Tracing the execution of a specific function in a userland process, on a Frida-compatible system (Tested on Linux/Android/iOS/Windows)
https://github.com/synacktiv/frinet
Exploring Info.plist: Essential Knowledge for iOS Reverse Engineering
https://youtu.be/KL899jMSD8w
Code and hardware for Tamarin-C, the iPhone 15 USB-C exploration tool
https://github.com/stacksmashing/tamarin-c
Operation Triangulation: The last (hardware) mystery
https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/
Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware
https://blog.talosintelligence.com/intellexa-and-cytrox-intel-agency-grade-spyware/
A WSPR Monitor Running on an old Android TV Box with OpenWebRX and RTL-SDR
https://www.rtl-sdr.com/a-wspr-monitor-running-on-an-old-android-tv-box-with-openwebrx-and-rtl-sdr/
Shielding Against Android Phishing in Indian Banking
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/shielding-against-android-phishing-in-indian-banking/
Mobile Malware Analysis Part 6 – Xenomorph
https://8ksec.io/mobile-malware-analysis-part-6-xenomorph/
5Ghoul: New 5G Modem Flaws Affect iOS Devices and Android Models from Major Brands
https://asset-group.github.io/disclosures/5ghoul/
GrapheneOS: Frequent Android auto-reboots block firmware exploits
https://www.bleepingcomputer.com/news/security/grapheneos-frequent-android-auto-reboots-block-firmware-exploits/
Android DeviceVersionFragment.java Privilege Escalation Exploit for Pixel Watch (CVE-2023-48418)
https://0day.today/exploit/description/39237
Portable Flipper Zero detector
Now you can detect any Flipper Zeros and BLE advertisement spam attacks in vicinity using Android Bluetooth LE Spam app
https://www.mobile-hacker.com/2024/01/09/how-to-detect-flipper-zero-and-bluetooth-advertisement-attacks/
A PoC for the CVE-2023-32530, for iOS/MacOS from Operation Triangulation discovered by Kaspersky
- Tested on: iOS 16.3, 16.3.1, 16.4 and 16.5 (iPhone 14 Pro Max) and macOS 13.1 and 13.4 (MacBook Air M2 2022)
- Fixed in iOS 16.5.1 and macOS 13.4.1
https://github.com/felix-pb/kfd/blob/main/writeups/smith.md
Frida Android Helper: Several handy commands to facilitate common Android pentesting tasks
https://github.com/Hamz-a/frida-android-helper
Vooki - Free Android APK & API Vulnerability Scanner(Yaazhini)
https://www.vegabird.com/yaazhini/
Bypass SSL Pinning for Flutter
prasad508/bypass-ssl-pinning-for-flutter-a2f9ae85762e" rel="nofollow">https://medium.com/@prasad508/bypass-ssl-pinning-for-flutter-a2f9ae85762e
Android Deep Links exploitation
https://z4ki.medium.com/android-deep-links-exploitation-4abade4d45b4
Flutter Spy: Explore, analyze, and gain valuable data & insights from reverse engineered Flutter apps.
https://github.com/anasfik/flutter-spy
Owning a company from its mobile app
https://ahmdhalabi.medium.com/the-art-of-chaining-vulnerabilities-e65382b7c627
Stealth Backdoor “Android/Xamalicious” Actively Infecting Devices
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/stealth-backdoor-android-xamalicious-actively-infecting-devices/
Android Banking Trojan Chameleon can now bypass any Biometric Authentication
https://www.threatfabric.com/blogs/android-banking-trojan-chameleon-is-back-in-action
Bad Zip and new Packer for Android/BianLian
https://cryptax.medium.com/bad-zip-and-new-packer-for-android-bianlian-5bdad4b90aeb
Hardening cellular basebands in Android
https://security.googleblog.com/2023/12/hardening-cellular-basebands-in-android.html
AutoSpill Vulnerability: Your mobile password manager might be exposing your credentials
https://techcrunch.com/2023/12/06/your-mobile-password-manager-might-be-exposing-your-credentials/