How I hacked my car (2021 Hyundai Ioniq SEL)
Part 1: https://programmingwithstyle.com/posts/howihackedmycar/
Part 2: https://programmingwithstyle.com/posts/howihackedmycarpart2/
Part 3: https://programmingwithstyle.com/posts/howihackedmycarpart3/
Part 1: https://programmingwithstyle.com/posts/howihackedmycar/
Part 2: https://programmingwithstyle.com/posts/howihackedmycarpart2/
Part 3: https://programmingwithstyle.com/posts/howihackedmycarpart3/
Programming With Style
How I Hacked my Car
Note: As of 2022/10/25 the information in this series is slightly outdated. See Part 5 for more up to date information.
The Car Last summer I bought a 2021 Hyundai Ioniq SEL. It is a nice fuel-efficient hybrid with a decent amount of features like wirelessโฆ
The Car Last summer I bought a 2021 Hyundai Ioniq SEL. It is a nice fuel-efficient hybrid with a decent amount of features like wirelessโฆ
๐30๐ฅ2๐ฅฐ1
Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices
https://www.microsoft.com/security/blog/2022/09/21/rewards-plus-fake-mobile-banking-rewards-apps-lure-users-to-install-info-stealing-rat-on-android-devices/
https://www.microsoft.com/security/blog/2022/09/21/rewards-plus-fake-mobile-banking-rewards-apps-lure-users-to-install-info-stealing-rat-on-android-devices/
Microsoft News
Rewards plus: Fake mobile banking rewards apps lure users to install info-stealing RAT on Android devices
A fake mobile banking rewards app delivered through a link in an SMS campaign has been making the rounds, targeting customers of Indian banking institutions. Users who install the mobile app are unknowingly installing an Android malware with remote accessโฆ
๐23๐ฅ5โค1
Technical analysis of Ginp Android malware
https://muha2xmad.github.io/malware-analysis/ginp/
https://muha2xmad.github.io/malware-analysis/ginp/
muha2xmad
Technical analysis of Ginp android malware
ุจุณู
ุงููู ุงูุฑุญู
ู ุงูุฑุญูู
๐10โค3
iOS Native Code Obfuscation and Syscall Hooking - part 2
https://www.romainthomas.fr/post/22-09-ios-obfuscation-syscall-hooking/
https://www.romainthomas.fr/post/22-09-ios-obfuscation-syscall-hooking/
Romain Thomas
Part 2 โ iOS Native Code Obfuscation and Syscall Hooking | Romain Thomas
This second blog post deals with native code obfuscation and RASP syscall interception
๐13
Basecamp for Android app allowed to trigger Javascript interface via WebView that would then provide access to Java native code (Bounty - $1,210)
https://hackerone.com/reports/1343300
https://hackerone.com/reports/1343300
HackerOne
Basecamp disclosed on HackerOne: com.basecamp.bc3 Webview...
It was identified that the android **com.basecamp.bc3 application**, contains a Webview where the loaded URLs are not sanitised properly. As this webview's functionality is extended via javascript...
๐8
Vulnerabilities discovered in Android and iOS WhatsApp could have caused remote code execution when receiving a crafted video file (CVE-2022-27492) and remote code execution in an established video call (CVE-2022-36934)
https://www.whatsapp.com/security/advisories/2022/
https://www.whatsapp.com/security/advisories/2022/
WhatsApp.com
WhatsApp Security Advisories 2022
WhatsApp Security Advisories 2022 - List of security fixes for WhatsApp products
๐16๐9๐1๐1
Mobile App Penetration Testing Cheat Sheet
https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet
https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet
GitHub
GitHub - tanprathan/MobileApp-Pentest-Cheatsheet: The Mobile App Pentest cheat sheet was created to provide concise collectionโฆ
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics. - tanprathan/MobileApp-Pentest-Chea...
๐27๐ฅฐ1
[0x04] Reversing Shorts :: Finding and Backtracing Signal Messages on Android
https://youtu.be/oy0mn5CV-ro
https://youtu.be/oy0mn5CV-ro
YouTube
[0x04] Reversing Shorts :: Finding and Backtracing Signal Messages on Android
Tracing and backtracing works quite different on Android when compared to iOS. We'll take a look into how to list all Java classes with Frida, how to trace then, and how to generate a Java backtrace from inside the JVM. With an Android Studio virtual phoneโฆ
๐19
Discovered ad fraud scheme called - Scylla - that targeted SKDs in apps available on both Googleโs Play Store and Appleโs App Store and generated over 13+ million downloads
https://www.humansecurity.com/learn/blog/poseidons-offspring-charybdis-and-scylla
https://www.humansecurity.com/learn/blog/poseidons-offspring-charybdis-and-scylla
HUMAN Security
Poseidonโs Offspring: Charybdis and Scylla - HUMAN Security
HUMAN's Satori Threat Intelligence and Research Team uncovered a network of 89 Android and iOS apps committing various flavors of ad fraud.
๐7๐ฅ2
Analysis of a 7-year mobile surveillance campaign targeting largest minority in China conducted by Scarlet Mimic hacking group
https://blog.checkpoint.com/2022/09/22/cpr-analyzes-a-7-year-mobile-surveillance-campaign-targeting-largest-minority-in-china/
https://blog.checkpoint.com/2022/09/22/cpr-analyzes-a-7-year-mobile-surveillance-campaign-targeting-largest-minority-in-china/
Check Point Blog
CPR analyzes A 7-year mobile surveillance campaign targeting largest minority in China - Check Point Blog
Highlights: Check Point Research (CPR) examines a long running mobile surveillance campaign, targeting the largest minority in China- the Uyghurs. The
๐7
Technical analysis of Alien Android malware
https://muha2xmad.github.io/malware-analysis/alien/
https://muha2xmad.github.io/malware-analysis/alien/
muha2xmad
Technical analysis of Alien android malware
ุจุณู
ุงููู ุงูุฑุญู
ู ุงูุฑุญูู
๐11โค3
Harly: another Trojan subscriber on Google Play
https://www.kaspersky.com/blog/harly-trojan-subscriber/45573/
https://www.kaspersky.com/blog/harly-trojan-subscriber/45573/
Kaspersky
The Harly Trojan subscriber in Google Play apps
A slew of apps containing the Harly Trojan subscriber have been found on Google Play, adding up to more than 4.8 million downloads. We explain why these apps are dangerous.
๐10โค1
Mitigate security risks in your Android app
https://developer.android.com/topic/security/risks
https://developer.android.com/topic/security/risks
Android Developers
Mitigate security risks in your app | App quality | Android Developers
๐20
A Technical Analysis of Pegasus for Android โ Part 2
https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-2/
https://cybergeeks.tech/a-technical-analysis-of-pegasus-for-android-part-2/
๐26๐ฅ5
Heap buffer overflow in Android 12 Can Cause Chrome Sandbox Escape to system privilege
https://bugs.chromium.org/p/chromium/issues/detail?id=1283640
https://bugs.chromium.org/p/chromium/issues/detail?id=1283640
๐18
Analyze iOS kernel with free tools
youtu.be/HReVZH9fMcc
youtu.be/HReVZH9fMcc
YouTube
[0x05] Reversing Shorts :: iOS Kernel Demystified
The XNU kernel is essential to iOS and macOS security. In this video, we'll take a look into Apple's open-source releases as well as free tools to analyze closed-source extensions.
Full playlist of reversing shorts: https://www.youtube.com/playlist?listโฆ
Full playlist of reversing shorts: https://www.youtube.com/playlist?listโฆ
๐13๐5
New Pegasus Spyware Abuses Identified in Mexico
https://citizenlab.ca/2022/10/new-pegasus-spyware-abuses-identified-in-mexico/
https://citizenlab.ca/2022/10/new-pegasus-spyware-abuses-identified-in-mexico/
The Citizen Lab
New Pegasus Spyware Abuses Identified in Mexico
Mexican digital rights organization R3D, with technical support from the Citizen Lab, has determined that Mexican journalists and a human rights defender were infected with Pegasus between 2019 and 2021. The infections occurred years after the first revelationsโฆ
๐18๐ฅ3โค1๐1๐1
Pixel6: Booting up
https://eshard.com/posts/pixel6_bootloader
https://eshard.com/posts/pixel6_bootloader
๐15
Analysis of the Pixel 6 bootloader: Emulation, ROP
https://eshard.com/posts/pixel6bootloader-2
https://eshard.com/posts/pixel6bootloader-2
๐16
RatMilad - New Android Spyware impersonating virtual phone numbers
https://blog.zimperium.com/we-smell-a-ratmilad-mobile-spyware/
https://blog.zimperium.com/we-smell-a-ratmilad-mobile-spyware/
๐8๐ฅ8
Meta identified more than 400 malicious Android and iOS apps that steal Facebook login information #FaceStealer
https://about.fb.com/news/2022/10/protecting-people-from-malicious-account-compromise-apps/
https://about.fb.com/news/2022/10/protecting-people-from-malicious-account-compromise-apps/
Meta Newsroom
Protecting People From Malicious Account Compromise Apps
More than 400 malicious Android and iOS apps this year targeted people to steal their Facebook login information.
๐13๐ฅฐ6๐1