40562
Mobile cybersecurity channel Links: https://linktr.ee/mobilehacker Contact: mobilehackerofficial@gmail.com
A curated list of modern Android exploitation conference talks
https://github.com/actuator/Android-Security-Exploits-YouTube-Curriculum
WhatsApp spy mod spreads through Telegram, attacks Arabic-speaking users
https://securelist.com/spyware-whatsapp-mod/110984/
Mobile Malware Analysis Part 3 – Pegasus
https://8ksec.io/mobile-malware-analysis-part-3-pegasus/
Arid Viper (APT-C-23) disguising mobile spyware as updates for non-malicious Android applications
https://blog.talosintelligence.com/arid-viper-mobile-spyware/
Android adware discovered on Google Play with over 2,000,000 installs
https://news.drweb.com/show/review/?lng=en&i=14767
Your printer is not your printer ! - Hacking Printers at Pwn2Own Part I
https://devco.re/blog/2023/10/05/your-printer-is-not-your-printer-hacking-printers-pwn2own-part1-en/
Leveraging a Hooking Framework to Expand Malware Detection Coverage on the Android Platform
https://unit42.paloaltonetworks.com/hooking-framework-in-sandbox-to-analyze-android-apk/
How to increase radio range of Flipper Zero beyond 100 meters | internal vs. external radio module
https://www.mobile-hacker.com/2023/10/24/how-to-increase-radio-range-of-flipper-zero-yourself-beyond-100-meters/
Analysis of Rusty Droid Android RAT
https://labs.k7computing.com/index.php/rusty-droid-under-the-hood-of-a-dangerous-android-rat/
iObfuscate: Unraveling iOS Obfuscation Techniques
Examine multiple examples of Reverse Engineering iOS obfuscation techniques
https://github.com/LaurieWired/ObjectiveByTheSea2023/
Malicious “RedAlert - Rocket Alerts” Application Targets Israeli Phone Calls, SMS, and User Information through fake website
https://blog.cloudflare.com/malicious-redalert-rocket-alerts-application-targets-israeli-phone-calls-sms-and-user-information/
PoC exploit for CVE-2023-41993 where web content may lead to arbitrary code execution affecting iOS before 16.7
https://github.com/po6ix/POC-for-CVE-2023-41993
How to detect Wi-Fi deauthentication attack and even receive notification on your smartphone
https://www.mobile-hacker.com/2023/10/12/detect-wi-fi-deauthentication-attack-using-esp8266-and-receive-notification-on-smartphone/
Unmasking the Godfather - Reverse Engineering the Latest Android Banking Trojan
Talk: https://youtu.be/jNQmc2REwFg
Slides: https://github.com/LaurieWired/StrangeLoop
Get external IP address of the user during Telegram call. Now it works well and returns public instead of local IP
https://twitter.com/androidmalware2/status/1711313647576686621
Vulnerability (CVE-2023-36620) in Boomerang Parental Control Android app (100,000+ installs) allowed an attacker with physical access to device to take over admin control panel and spy on a kid
https://seclists.org/fulldisclosure/2023/Jul/12
Bluetooth LE spam attack is now ported to dedicated Android app to push notifications for Android and Windows
For Android, is can advertise over 170 devices
https://github.com/simondankelmann/Bluetooth-LE-Spam
Car Hacking using Flipper Zero and HackRF
Both blogs present in depth research and testing of common methods of hacking fixed-code and rolling codes of radio frequency locks using replay attacks, brute-force, signal jamming, RollJAM, Rolling-PWN and Keeloq Decryption
part1: https://chaos-lab.blogspot.com/2023/10/grand-theft-auto-rf-locks-hacking.html
part2: https://chaos-lab.blogspot.com/2023/10/grand-theft-auto-rf-locks-hacking_31.html
How to get Wi-Fi password via WPS Button attack using NetHunter
https://www.mobile-hacker.com/2023/10/31/nethunter-hacker-x-wps-attacks/
Discovered XMPP (Jabber) instant messaging protocol encrypted TLS connection wiretapping (Man-in-the-Middle attack) of jabber.ru (aka xmpp.ru) service’s servers on Hetzner and Linode hosting providers in Germany
https://notes.valdikss.org.ru/jabber.ru-mitm/
Bypass Android Applications Debug and Root Detection via debugger.
shubhamsonani/hacking-with-precision-bypass-techniques-via-debugger-in-android-apps-27fd562b2cc0" rel="nofollow">https://medium.com/@shubhamsonani/hacking-with-precision-bypass-techniques-via-debugger-in-android-apps-27fd562b2cc0
Pwn2Own 2023 hacking contest resulted in hacking Samsung Galaxy S23 twice, Xiaomi's 13 Pro smartphone, as well as printers, smart speakers, Network Attached Storage (NAS) devices, and surveillance cameras from Western Digital, QNAP, Synology, Canon, Lexmark, and Sonos
https://www.bleepingcomputer.com/news/security/samsung-galaxy-s23-hacked-twice-on-first-day-of-pwn2own-toronto/
The outstanding stealth of Operation Triangulation
https://securelist.com/triangulation-validators-modules/110847/
Automatically extract URL and IP endpoints from Android app to a text file using apk2url.
Fast and useful tool for pentesters, bug bounty hunters, or malware analyst
https://github.com/n0mi1k/apk2url
BLE Spam allows now to send unwanted notifications to iOS, Android and Windows at once using Flipper Zero.
If you don't have Flipper Zero, in the blog I explained how to trigger popups using any Android smartphone even with custom messages
https://www.mobile-hacker.com/2023/10/17/spam-ios-android-and-windows-with-bluetooth-pairing-messages-using-flipper-zero-or-android-smartphone/
Analysis of SpyNote spyware that logs and steals a variety of information, including key strokes, call logs, information on installed applications etc.
https://blog.f-secure.com/take-a-note-of-spynote/
An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
https://googleprojectzero.blogspot.com/2023/10/an-analysis-of-an-in-the-wild-ios-safari-sandbox-escape.html
iOS Pentesting Series
Learn how to work with useful tools and apps such as Frida, Objection, 3uTools, Cydia, Burp, fsmon, fridump, SSL bypass, reFlutter etc.
Part 1: https://kishorbalan.medium.com/start-your-first-ios-application-pentest-with-me-part-1-1692311f1902
Part 2: https://kishorbalan.medium.com/ios-pentesting-series-part-2-into-the-battlefield-f17ed2778890
Part 3: https://kishorbalan.medium.com/ios-pentesting-series-part-3-the-ceasefire-53fcea3bbd70
Well explained blog on how to find and exploit XSS in Android apps in WebViews and Deep Links
https://securityboulevard.com/2023/10/execution-of-arbitrary-javascript-in-android-application/
Trigger iOS proximity paring messages from over 50 meters using Android phone
The update of the blog explains how to boost transmitted signal from Android nRF Connect app, demonstrates running AppleJuice on iOS17 and using cheap Arduino ESP32 board
https://www.mobile-hacker.com/2023/09/07/spoof-ios-devices-with-bluetooth-pairing-messages-using-android/