Firefox and Chromium - Madaidans-Insecurities (Last edited: April 26, 2021)
Chromium is vastly more secure than Firefox. Firefox's sandboxing and exploit mitigations are much weaker than Chromium's. This article is not blindly hating on Firefox but is a factual analysis of its weaknesses.
https://madaidans-insecurities.github.io/firefox-chromium.html
💡 read this as well:
https://t.iss.one/BlackBox_Archiv/831
#madaidan #insecurities #information #android #linux #ff #chrome #chromium #bsd #vpn #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
Chromium is vastly more secure than Firefox. Firefox's sandboxing and exploit mitigations are much weaker than Chromium's. This article is not blindly hating on Firefox but is a factual analysis of its weaknesses.
https://madaidans-insecurities.github.io/firefox-chromium.html
💡 read this as well:
https://t.iss.one/BlackBox_Archiv/831
#madaidan #insecurities #information #android #linux #ff #chrome #chromium #bsd #vpn #thinkabout
📡 @nogoolag 📡 @blackbox_archiv
Experiencing the /e/ OS: The Open Source De-Googled Android Version (updated April 29, 2021)
/e/ Android operating system is a privacy oriented, Google-free mobile operating system, fork of Lineage OS and was founded in mid-2018 by Gaël Duval, creator of Mandrake Linux (now Mandriva Linux).
Despite making Android an open source project in 2007, Google replaced some OS elements with proprietary software when Android gained popularity. /e/ Foundation has replaced the proprietary apps and services with MicroG, an open source alternative framework which minimizes tracking and device activity.
https://itsfoss.com/e-os-review/
#foss #eOS #opensource #degoogled #android #microg
📡 @nogoolag 📡 @blackbox_archiv
/e/ Android operating system is a privacy oriented, Google-free mobile operating system, fork of Lineage OS and was founded in mid-2018 by Gaël Duval, creator of Mandrake Linux (now Mandriva Linux).
Despite making Android an open source project in 2007, Google replaced some OS elements with proprietary software when Android gained popularity. /e/ Foundation has replaced the proprietary apps and services with MicroG, an open source alternative framework which minimizes tracking and device activity.
https://itsfoss.com/e-os-review/
#foss #eOS #opensource #degoogled #android #microg
📡 @nogoolag 📡 @blackbox_archiv
It's FOSS
Experiencing the /e/ OS: The Open Source De-Googled Android Version
/e/ Android operating system is a privacy oriented, Google-free mobile operating system, fork of Lineage OS and was founded in mid-2018 by Gaël Duval, creator of Mandrake Linux (now Mandriva Linux).
Despite making Android an open source project in 2007…
Despite making Android an open source project in 2007…
Brave — Stealing your cookies remotely
Brave for Android had a vulnerability that allowed a malicious web page to steal your cookies remotely. The vulnerability was reported through HackerOne and took 5 months to fix.
Introduction
During my research with Android applications, I found a few vulnerabilities in some of the most used browsers. When researching Brave, I noticed that it was using a Content Provider that was exposing all files from the public directory as well as its private files.
https://infosecwriteups.com/brave-stealing-your-cookies-remotely-1e09d1184675
#brave #browser #android #cookies #vulnerability
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Brave for Android had a vulnerability that allowed a malicious web page to steal your cookies remotely. The vulnerability was reported through HackerOne and took 5 months to fix.
Introduction
During my research with Android applications, I found a few vulnerabilities in some of the most used browsers. When researching Brave, I noticed that it was using a Content Provider that was exposing all files from the public directory as well as its private files.
https://infosecwriteups.com/brave-stealing-your-cookies-remotely-1e09d1184675
#brave #browser #android #cookies #vulnerability
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Medium
Brave — Stealing your cookies remotely
Brave for Android had a vulnerability that allowed a malicious webpage to steal your cookies remotely.
Android spy impersonates Spanish shipping company MRW
From infected device it steals contact list, SMS messages, location and sends them to C&C server at
via Twitter
#android #malware #mrw #stefanko
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
From infected device it steals contact list, SMS messages, location and sends them to C&C server at
85.220.103[.]7
https://nitter.pussthecat.org/LukasStefanko/status/1402648145394294788via Twitter
#android #malware #mrw #stefanko
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
iodéOS – does the data saving Android operating system fulfill its promise?
We took a close look at iodéOS, which is based on LineageOS. Can the privacy friendly operating system fulfill its promises? Read our test!
As already mentioned, iodéOS is an Android operating system based on LineageOS with a special focus on privacy. The manufacturer claims that the user can use the full comfort of Android without being spied on by Google and other data octopuses all the way. At least that is what the founder of iodé, Antoine Maurino, promises us.
The increasingly frequent data scandals at Google or Facebook, to name just the two most important ones, usually seem „far away„. But more and more people seem to be slowly realizing that they, too, are a small but important part of this constantly expanding data collection.
Most of the time, it starts out small. An app here, another one there. And then, before you know it, you have countless apps installed on your Android phone.
But all these apps have one thing in common. That’s right, they collect data. Your data! And mostly behind your back. Did you know that Google alone requests location information and other data from your Android smartphone 340 times in a 24-hour period?
https://tarnkappe.info/iodeos-does-the-data-saving-android-operating-system-fulfill-its-promise/
#android #iodéOS #DeleteGoogle #aurora #microG
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
We took a close look at iodéOS, which is based on LineageOS. Can the privacy friendly operating system fulfill its promises? Read our test!
As already mentioned, iodéOS is an Android operating system based on LineageOS with a special focus on privacy. The manufacturer claims that the user can use the full comfort of Android without being spied on by Google and other data octopuses all the way. At least that is what the founder of iodé, Antoine Maurino, promises us.
The increasingly frequent data scandals at Google or Facebook, to name just the two most important ones, usually seem „far away„. But more and more people seem to be slowly realizing that they, too, are a small but important part of this constantly expanding data collection.
Most of the time, it starts out small. An app here, another one there. And then, before you know it, you have countless apps installed on your Android phone.
But all these apps have one thing in common. That’s right, they collect data. Your data! And mostly behind your back. Did you know that Google alone requests location information and other data from your Android smartphone 340 times in a 24-hour period?
https://tarnkappe.info/iodeos-does-the-data-saving-android-operating-system-fulfill-its-promise/
#android #iodéOS #DeleteGoogle #aurora #microG
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Tarnkappe.info
iodéOS - does the data saving Android operating system fulfill its promise?
We took a close look at iodéOS, which is based on LineageOS. Can the privacy friendly operating system fulfill its promises? Read our test!
The FBI’s honeypot Pixel 4a gets detailed in new report
FBI honeypot phones are now public—and showing up on the secondary market.
Last month, authorities disclosed that the FBI and Australian Federal Police secretly operated an "encrypted device company" called "Anom." The company sold 12,000 smartphones to criminal syndicates around the world. These were pitched as secure devices but were actually honeypot devices that routed all messages to an FBI-owned server. The disclosure was light on details, but now that it's public, Anom phones are being unloaded on the secondary market. That means us normal people are finally getting a look at them, starting with this Vice article detailing one of the devices.
The FBI has basically weaponized what the Android modding community has been doing for years. Some Android phones have unlockable bootloaders, which let you wipe out the original operating system and replace it with your own build of an OS, called a custom ROM. The Anom device Vice got was a Google Pixel 4a, one of the most developer-friendly devices out there. The FBI's custom ROM shows an "ArcaneOS" boot screen, and it replaced the normal Google Android distribution with the FBI's skin of Android 10.
https://arstechnica.com/gadgets/2021/07/how-the-fbi-weaponized-android-modding-with-anom-devices/
#fbi #honeypot #android #anom #report
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
FBI honeypot phones are now public—and showing up on the secondary market.
Last month, authorities disclosed that the FBI and Australian Federal Police secretly operated an "encrypted device company" called "Anom." The company sold 12,000 smartphones to criminal syndicates around the world. These were pitched as secure devices but were actually honeypot devices that routed all messages to an FBI-owned server. The disclosure was light on details, but now that it's public, Anom phones are being unloaded on the secondary market. That means us normal people are finally getting a look at them, starting with this Vice article detailing one of the devices.
The FBI has basically weaponized what the Android modding community has been doing for years. Some Android phones have unlockable bootloaders, which let you wipe out the original operating system and replace it with your own build of an OS, called a custom ROM. The Anom device Vice got was a Google Pixel 4a, one of the most developer-friendly devices out there. The FBI's custom ROM shows an "ArcaneOS" boot screen, and it replaced the normal Google Android distribution with the FBI's skin of Android 10.
https://arstechnica.com/gadgets/2021/07/how-the-fbi-weaponized-android-modding-with-anom-devices/
#fbi #honeypot #android #anom #report
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Ars Technica
The FBI’s honeypot Pixel 4a gets detailed in new report
FBI honeypot phones are now public—and showing up on the secondary market.
S.O.V.A. - A new Android Banking trojan with fowl intentions
Intro
In the beginning of August 2021, during our daily threat hunting, ThreatFabric researchers came across a new Android banking trojan. Based on the login panel of the C2 server, we could see that it was called S.O.V.A. by its own creators.
Sova is the Russian word for owl. This name was chosen by the threat actor himself/herself possibly because of owl’s nature as nocturnal birds of prey, quiet but efficient in stalking and capturing their victims. This identifies a completely new, to the best of our knowledge, Android banking trojan. The trojan is currently in development and testing phase, and has the objective to add to his overlay and keylogging mechanisms, other higly dangerous features like DDoS and Ransomware in future versions. There are a few interesting aspects that differentiate this trojan to already existing ones, both in features as well as in development.
S.O.V.A. contains features that are usually available in current Android malware, including:
Overlay attacks;
Keylogging;
Notification manipulation.
In addition, it stands out for a feature that is not as common in Android malware:
Session cookies theft
This functionality allows the criminals to have access to valid logged in sessions from the users without the need of knowing the banking credentials.
https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html
💡 Read as well: 👇🏽
This is the first S. O. V. A. / SOVA sample that I saw ITW...
https://nitter.pussthecat.org/malwrhunterteam/status/1436246552465616896
via Twitter
#sova #android #banking #trojan #fowl
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Intro
In the beginning of August 2021, during our daily threat hunting, ThreatFabric researchers came across a new Android banking trojan. Based on the login panel of the C2 server, we could see that it was called S.O.V.A. by its own creators.
Sova is the Russian word for owl. This name was chosen by the threat actor himself/herself possibly because of owl’s nature as nocturnal birds of prey, quiet but efficient in stalking and capturing their victims. This identifies a completely new, to the best of our knowledge, Android banking trojan. The trojan is currently in development and testing phase, and has the objective to add to his overlay and keylogging mechanisms, other higly dangerous features like DDoS and Ransomware in future versions. There are a few interesting aspects that differentiate this trojan to already existing ones, both in features as well as in development.
S.O.V.A. contains features that are usually available in current Android malware, including:
Overlay attacks;
Keylogging;
Notification manipulation.
In addition, it stands out for a feature that is not as common in Android malware:
Session cookies theft
This functionality allows the criminals to have access to valid logged in sessions from the users without the need of knowing the banking credentials.
https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html
💡 Read as well: 👇🏽
This is the first S. O. V. A. / SOVA sample that I saw ITW...
https://nitter.pussthecat.org/malwrhunterteam/status/1436246552465616896
via Twitter
#sova #android #banking #trojan #fowl
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
ThreatFabric
S.O.V.A. - A new Android Banking trojan with fowl intentions
A new Android trojan was advertised on hacking forums, featuring overlays, keylogging and with intentions of adding Ransomware attacks and DDoS
The 7 most dangerous vulnerabilities in Android applications 2021
Android application vulnerabilities have become a problem because of Google Play’s open format, and also because users can sideload apps, removing any oversight regarding the safety of apps.
There are also updates and patches to the Android operating system. You can’t count on Android to update itself in a timely manner, because wireless carries control update schedules on all but Google’s Pixel devices.
Expert testing of Android mobile applications shows that in most cases, insecure data storage is the most common security flaw in android apps. According to a report, Vulnerabilities and Threats are slightly more common in Android applications, compared to iOS counterparts(43% vs 38%). But the experts categorize this difference as minimal: the security level of apps is roughly equivalent between the two platforms.
Comprehensive security checks of a mobile application include a search for vulnerabilities in the client and server, as well as data transmission between them.
https://www.serage2020.com/2021/09/the-7-most-dangerous-vulnerabilities-in.html
#android #apk #vulnerabilities
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Android application vulnerabilities have become a problem because of Google Play’s open format, and also because users can sideload apps, removing any oversight regarding the safety of apps.
There are also updates and patches to the Android operating system. You can’t count on Android to update itself in a timely manner, because wireless carries control update schedules on all but Google’s Pixel devices.
Expert testing of Android mobile applications shows that in most cases, insecure data storage is the most common security flaw in android apps. According to a report, Vulnerabilities and Threats are slightly more common in Android applications, compared to iOS counterparts(43% vs 38%). But the experts categorize this difference as minimal: the security level of apps is roughly equivalent between the two platforms.
Comprehensive security checks of a mobile application include a search for vulnerabilities in the client and server, as well as data transmission between them.
https://www.serage2020.com/2021/09/the-7-most-dangerous-vulnerabilities-in.html
#android #apk #vulnerabilities
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Android_privacy_report.pdf
814.9 KB
Android Mobile OS Snooping By Samsung, Xiaomi, Huawei and Realme Handsets
Study reveals scale of data-sharing from Android mobile phones
An in-depth analysis of a range of popular Android mobile phones has revealed significant data collection and sharing, including with third parties, with no opt-out available to users.
Prof. Doug Leith at Trinity College Dublin along with Dr Paul Patras and Haoyu Liu at the University of Edinburgh examined the data sent by six variants of the Android OS developed by Samsung, Xiaomi, Huawei, Realme, LineageOS and /e/OS.
https://www.tcd.ie/news_events/articles/study-reveals-scale-of-data-sharing-from-android-mobile-phones/
👉🏽 PDF: https://www.scss.tcd.ie/Doug.Leith/Android_privacy_report.pdf
#android #privacy #snooping #samsung #huawai #xiaomi #realme #lineage #eOS #study #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
Study reveals scale of data-sharing from Android mobile phones
An in-depth analysis of a range of popular Android mobile phones has revealed significant data collection and sharing, including with third parties, with no opt-out available to users.
Prof. Doug Leith at Trinity College Dublin along with Dr Paul Patras and Haoyu Liu at the University of Edinburgh examined the data sent by six variants of the Android OS developed by Samsung, Xiaomi, Huawei, Realme, LineageOS and /e/OS.
https://www.tcd.ie/news_events/articles/study-reveals-scale-of-data-sharing-from-android-mobile-phones/
👉🏽 PDF: https://www.scss.tcd.ie/Doug.Leith/Android_privacy_report.pdf
#android #privacy #snooping #samsung #huawai #xiaomi #realme #lineage #eOS #study #pdf
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
This New Android Malware Can Gain Root Access to Your Smartphones
An unidentified threat actor has been linked to a new Android malware strain that features the ability to root smartphones and take complete control over infected smartphones while simultaneously taking steps to evade detection.
The malware has been named "#AbstractEmu" owing to its use of code abstraction and anti-emulation checks to avoid running while under analysis. Notably, the global mobile campaign is engineered to target users and infect as many devices as possible indiscriminately.
Lookout Threat Labs said it found a total of 19 Android applications that posed as utility apps and system tools like password managers, money managers, app launchers, and data saving apps, seven of which contained the rooting functionality. Only one of the rogue apps, called Lite Launcher, made its way to the official #Google #PlayStore, attracting a total of 10,000 downloads before it was purged.
The apps are said to have been prominently distributed via third-party stores such as the #Amazon #Appstore and the #Samsung #Galaxy #Store, as well as other lesser-known marketplaces like #Aptoide and #APKPure.
https://thehackernews.com/2021/10/this-new-android-malware-can-gain-root.html
#android #malware #root
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
An unidentified threat actor has been linked to a new Android malware strain that features the ability to root smartphones and take complete control over infected smartphones while simultaneously taking steps to evade detection.
The malware has been named "#AbstractEmu" owing to its use of code abstraction and anti-emulation checks to avoid running while under analysis. Notably, the global mobile campaign is engineered to target users and infect as many devices as possible indiscriminately.
Lookout Threat Labs said it found a total of 19 Android applications that posed as utility apps and system tools like password managers, money managers, app launchers, and data saving apps, seven of which contained the rooting functionality. Only one of the rogue apps, called Lite Launcher, made its way to the official #Google #PlayStore, attracting a total of 10,000 downloads before it was purged.
The apps are said to have been prominently distributed via third-party stores such as the #Amazon #Appstore and the #Samsung #Galaxy #Store, as well as other lesser-known marketplaces like #Aptoide and #APKPure.
https://thehackernews.com/2021/10/this-new-android-malware-can-gain-root.html
#android #malware #root
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv