Category: Mobile Phones

hacking-team-pwn2own
The Tencent Keen Security Lab Team from China has won a total prize money of $215,000 in the 2016 Mobile Pwn2Own contest run by Trend Micro’s Zero Day Initiative (ZDI) in Tokyo, Japan. Despite the implementation of high-security measures in current devices, the famous Chinese hackers crew has successfully hacked both Apple’s iPhone 6S as well as Google’s Nexus 6P phones. For hacking Apple’s iPhone 6S, Keen Lab exploited two iOS vulnerabilities – a use-after-free bug in the renderer and a memory corruption flaw in the sandbox – and stole pictures from the device, for which the team was awarded $52,500.The iPhone 6S exploit successfully worked despite the iOS 10 update rolled out by Apple this week.

Read more at
http://thehackernews.com/2016/10/hacking-team-pwn2own.html

Cyber security concep with lock.Android has Fallen! Yet another set of Android security vulnerabilities has been discovered in Qualcomm chipsets that affect more than 900 Million Android smartphones and tablets worldwide. What’s even worse: Most of those affected Android devices will probably never be patched. Dubbed “Quadrooter,” the set of four vulnerabilities discovered in devices running Android Marshmallow and earlier that ship with Qualcomm chip could allow an attacker to gain root-level access to any Qualcomm device. The chip, according to the latest statistics, is found in more than 900 Million Android tablets and smartphones. That’s a very big number. The vulnerabilities have been disclosed by a team of Check Point researchers at the DEF CON 24 security conference in Las Vegas.

SMS-Two-Factor-AuthenticationSMS-based Two-Factor Authentication (2FA) has been declared insecure and soon it might be a thing of the past. Two-Factor Authentication or 2FA adds an extra step of entering a random passcode sent to you via an SMS or call when you log in to your account as an added layer of protection. For example, if you have 2FA enabled on Gmail, the platform will send a six-digit passcode to your mobile phone every time you sign in to your account. But, the US National Institute of Standards and Technology (NIST) has released a new draft of its Digital Authentication Guideline that says SMS-based two-factor authentication should be banned in future due to security concerns.

Read more at
http://thehackernews.com/2016/07/two-factor-authentication.html

 

Linux-KernelHow to Hack an Android device? It is possibly one of the most frequently asked questions on the Internet. Although it’s not pretty simple to hack Android devices and gadgets, sometimes you just get lucky to find a backdoor access. Thanks to Allwinner, a Chinese ARM system-on-a-chip maker, which has recently been caught shipping a version of Linux Kernel with an incredibly simple and easy-to-use built-in backdoor. Chinese fabless semiconductor company Allwinner is a leading supplier of application processors that are used in many low-cost Android tablets, ARM-based PCs, set-top boxes, and other electronic devices worldwide.

Read more at
http://thehackernews.com/2016/05/android-kernal-exploit.html

 

Encrypted-Smartphone-ServiceOn Tuesday, the Dutch Police arrested a 36-year-old man, Danny Manupassa, on suspicion of money laundering and involvement in selling encrypted smartphones to criminals. Manupassa owns a company called Ennetcom, which provides customized Blackberry Phones with the secure PGP-encrypted network. Reportedly, Ennetcom sold nearly 19,000 encrypted cell phones at 1500 euros each in last few years.Police have seized Ennetcom servers based in the Netherlands and Canada and pulled them offline. The seized servers contain data of encrypted communications belong to a large number of criminals.

Read more at
http://thehackernews.com/2016/04/encrypted-smartphone.html

Apple-iPhone-6-Spoofing-NTP-Server

Do you remember the Apple iOS date bug?

In February, the security community highlighted the existence of the embarrassing problem for Apple iOS mobile devices running 64-bit iOS 8 or higher, the issue affects the Apple iOS date and time system and could be triggered by setting the date to January 1, 1970. The news appeared in Reddit discussions warning users about a flaw that could brick iPhone forever.

“Setting the date of your iPhone to January 1st, 1970 will brick your device, according to users across the web and confirmed by iClarified. The bug will affect any 64-bit iOS device that is powered by the A7, A8, A8X, A9, and A9X. 32-bit iOS devices are reportedly not affected by this issue.” reported iClarified.

Read more at
http://securityaffairs.co/wordpress/46305/hacking/ios-date-bug.html

Hack-iphone-6The FBI didn’t disclose the identity of the third-party company that helped them access the San Bernardino iPhone, but it has been widely believed that the Israeli mobile forensic firm Cellebrite was hired by the FBI to put an end to the Apple vs. FBI case.
For those unfamiliar in the Apple vs. FBI case: Apple was engaged in a legal battle with the Department of Justice over a court order that was forcing the company to write software, which could disable passcode protection on terrorist’s iPhone, helping them access data on it.

Read more at
http://thehackernews.com/2016/04/fbi-hack-iphone-6.html

Blackberry

BlackBerry has long been known for its stance on mobile security, as it was the first mobile phone maker to provide end-to-end encryption. But a new report revealed that the company has provided a master backdoor to law enforcement in its secure devices since 2010.

The Royal Canadian Mounted Police (RCMP) have been in possession of a global decryption key for BlackBerry phones since 2010, according to a new report from Vice News published yesterday.
The report suggests that the Canadian police used the master key to intercept and decrypt over 1 Million messages sent using its own encrypted and allegedly secure BlackBerry Messenger (BBM) service in a criminal investigation over the course of 2 years.

Read more at
http://thehackernews.com/2016/04/blackberry-encryption.html