Smartphones using Broadcom Wi-Fi SOC can be hacked Over-the-Air

Security patch available only for Nexus & iOS A stack buffer overflow issue that affects all devices using Broadcom’s Wi-Fi stack was discovered by Google’s Project Zero researcher Gal Beniamini. The flaw affects Apple devices and also all android devices using Broadcom’s Wi-Fi stack: an attacker within the smartphone’s WiFi range could remotely execute malicious code…

A useful Cheat Sheet for penetration testing on mobile applications

On Android and iOS I found it on GitHub, a really useful list of tools and techniques to perform penetration tests on mobile applications: The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics. Table of Contents Mobile Application Security Testing Distributions All-in-one Mobile Security…

Some Android firmwares contains a backdoor that secretly sends personal data to China

The backdoor was discovered by Kryptowire According to the analysis made by security firm Kryptowire, some commercial firmware pre-installed on Android smartphone models sold in the US has been found to be secretly sending personal data to a third party company based in China, without users’ knowledge or consent.The stolen data include text messages, call…

Drammer: a ‘Deterministic Rowhammer Attack’ to gain root permissions on Android devices

A new attack technique that exploits the Rowhammer hardware vulnerability on Android devices Earlier last year, security researchers from Google’s Project Zero discovers Rowhammer, a hardware bug that allows attackers to manipulate data in memory without accessing it: by reading many times from a specific memory location, somewhere else in memory a bit may flip (a…