| New User, Welcome! Login |
<< Previous
mobile devices
OBEX FTP Bluetooth service can be used to share files through Bluetooth, not only by sending files but also by allowing remote devices to browse local shared folders and download files. Usually, the service is configured in such a way that a specific directory is shared and the user can place there all the files he would like to share with other people. The default directory is My Device\My Documents\Bluetooth Share. A different directory may be selected by the user, however the Bluetooth wizard usually doesn't allow specifying any other from the filesystem out of My Device\My Documents\ or Memory Card\My Documents\ paths. This is because of safety reasons, so the user can't expose sensitive files or information through Bluetooth.
There exists a Directory Traversal vulnerability in the OBEX FTP Service in Microsoft Bluetooth Stack implemented in Windows Mobile 5.0 & 6 devices. A remote attacker (who previously owned authentication and authorization rights) can use tools like ObexFTP to traverse to parent directories out of the default Bluetooth shared folder. This means the attacker can browse folders located on a lower level, download files contained in those folders as well as upload files to those folders.
The only requirement is that the attacker must have authentication and authorization privileges over the OBEX FTP service. Pairing up with the remote Windows Mobile device should be enough to get it. In case the attacker succeeded in getting the proper privileges, further actions will be transparent to the user.
As described above, the attacker can take three risky actions:
- Browse directories located out of the limits of the default shared folder and discover sensitive information about the structure of the filesystem.
* Topics
Topics of interest include, but are not limited to:
o Mobile Device Security
o Virtualization, Hypervisor, and Cloud Security
o Malware Analysis
o Reverse Engineering
o Exploitation Techniques
o Rootkit Development
hour (45-50 minutes + questions), or 2 hours including a break. We are
especially interested in:
Protecting against online attacks, such as detecting, rate-limiting and
blocking them, implementing hashing schemes such as PBKDF2, Bcrypt and
PBMAC, and attacks against passwords on mobile devices. If you mention
forensics or PCI-DSS somewhere in there as well, you just might be a
winner.
Cool Guy Challenge:
We'd like to see a presentation on the probability & feasibility of
A vulnerability has been discovered in the SMS handler. If a
malicious message with no sender was received by a user on their
device, the user may be enticed in taking action or clicking the
URI that could lead to a second order attack.
Mitigating Factors: By default Windows mobile device policy require
SI messages to be authenticated. The Mobile Operators have the
ability to change the policy to not requiring authentication in
order for 3rd party ring tones and other SI messages.
Microsoft will look into a different architecture in future versions.
Hello All,
And ClubHack Mag is seeking submissions for next issue, Issue21-October 2011.Just like September issue, October issue will also be on Malwares.
But articles on following topics are also welcome:-
1. Mobile devices exploitation, vulnerabilities, malware, VOIP and Telecom
2. Virtualization security, hacking VMs
3. Information Warfare
4. Forensics and Anti-Forensics
5. Social Engineering
Vulnerability: Memory Corruption
Details:
HTCVideoPlayer is the default media player of HTC Windows Mobile devices. This media player is prone to a memory corruption vulnerability while parsing stbl atom of 3g2 video format.
20:420> r
r0=2b7ea77c r1=2b7f15bb r2=00000004 r3=00000080 r4=4141413d r5=2b7ea7d4
r6=00000004 r7=2b7ea77c r8=00000000 r9=00000000 r10=000209f0 r11=2b7efdec
r12=03f9e594 sp=2b7ea74c lr=01323c7c pc=03f9e8e4 psr=60000010 -ZC-- ARM
Jul 20, 2011
I. BACKGROUND
Safari is Apple's web browser, and is based on the open source WebKit
browser engine. MobileSafari is Safari for Apple's mobile devices
including the iPad and iPhone. For more information, see the vendor's
site found at the following link.
http://www.apple.com/safari/
* Biometrics
* Digital Forensics
* Exploitation Tactics
* Java & .NET Security
* Malware Analysis
* Mobile Device Security
* Operating System Security (7, XP, Vista, GNU/Linux, OS X, Plan 9, *BSD, …)
* Personal Area Network hacking
* Rootkit Detection, Techniques, and Defenses
* Source Code Auditing & Review
* Steganography & Cryptography in Information Security
Security of applications and services operating with financial funds
State projects security
SCADA security
Communication systems security
Russian software security
Mobile devices security
Malicious software
Social networks and WEB 2.0 hacking
Program researching without sources
Vulnerability searching and exploiting
Software, hardware and networks researching
Vendor Response:
There is a security vulnerability that could allow for Denial of
Service (DoS) by sending a specifically crafted TCP/IP packet to the
mobile device. However most attempts to exploit this vulnerability
would result in a Denial of Service Condition on the networking
capabilities of the device.
The following devices may be vulnerable to this issue:
Security/Insecurity in WiFi infrastructures
Honey Pots
Intrusion detection
Legislation
Vulnerabilities/Techniches/Exploits:
o Mobile devices
o Windows XP/2003/CE/Vista
o Linux/Other Unix
- Kernel
- Protocols
- Malware
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 12, 2011
I. BACKGROUND
The OfficeImport framework is an API used by Apple's mobile devices,
including the iPod Touch, iPhone, and iPad. The framework is used to
parse and display Microsoft Office file formats, such as Excel, Word,
and PowerPoint. The OfficeImport framework is used by several
applications, including MobileMail and MobileSafari. Both of these
applications are attack vectors for this vulnerability. For more
vulnerability and interesting research itself. I have found DoS
vulnerabilities in multiple browsers many time, but I never tested in such
many browsers and systems. So you made a large research (with help of those
people who helped you with testing in different systems) - this DoS hole
exists (or existed) in so many systems: different desktop browsers, email
clients, browsers for mobile devices, game devices and possible other
devices with support of JavaScript.
Maybe some of DoS hole found by me can also work on multiple platforms, but
I didn't tested in such large scale of devices (just in different browsers
at my PC).
* Exploit development techniques
* Telecom security and phone phreaking
* Fuzzing and application security test
* Techniques for development of secure software and systems
* Hardware hacking, embedded systems and other electronic devices
* Mobile devices exploitation, Symbian, P2K and bluetooth technologies
* Analysis of virus, worms and all sorts of malwares
* Reverse engineering
* Rootkits
* Security in Wi-Fi and VoIP environments
* Information about smartcard and RFID security and similars
- Exploit development techniques
- Telecom security and phone phreaking
- Fuzzing and application security test
- Techniques for development of secure software and systems
- Hardware hacking, embedded systems and other electronic devices
- Mobile devices exploitation, Symbian, P2K and bluetooth technologies
- Analysis of virus, worms and all sorts of malwares
- Reverse engineering
- Rootkits
- Security in Wi-Fi and VoIP environments
- Information about smartcard and RFID security and similars
There is a fairly in depth discussion of the issue here:
http://arstechnica.com/web/news/2010/01/facebook-att-play-fast-and-loose-with-user-authentication.ars
Not a routing issue, more of a proxy issue, and not uncommon in mobile carrier networks. Getting security right in a mobile application is tricky given how carriers manage Internet access. With the growth of smartphones these kinds of issues will become more prevalent until carriers refactor how they manage traffic via their proxy's. I'll also note that while the referenced article suggests the use of SSL, there are issues with support in the mobile environment for SSL in terms of which certificate authorities are pre-installed on phones, whether applications have access to the certificate store on the mobile device (or need an embedded certificate), how certificate chaining and wildcarding is supported, and so on.
*********** REPLY SEPARATOR ***********
On 1/16/2010 at 7:39 AM Michael Scheidell wrote:
Description:
The vulnerability exists when an attacker is able to intercept the
initialization request and response bodies sent to and from the mobile
device to the server.
An attacker that is capable of intercepting the encrypted request/response
pair will also be able to derive time stamp information.
Since the key generation algorithm seeds a pseudo random number generator
===========
We are mainly interested in talks on
Virtualization Stuff
Modern physical attacks (Eavesdropping/tapping, bugging devices, attacks on mobile devices)
Embedded Devices
Industrial Networking
Security in Carrier Environments
Secure Coding
- Lockpicking, trashing, physical security and urban exploration
- Hardware hacking, embedded systems and other electronic devices
- Mobile devices exploitation, Symbian, P2K and bluetooth technologies
- Security aspects in SCADA, industrial environments and "obscure"
networks
[ - Important dates - ]
From the vendor website:
*** Destination Search is an industry-leading search platform that
enables publishers to promote local business listings on web and mobile
devices. Developed with smart search technology, Destination Search
ensures relevant results that match consumer intent, by enabling
searches by business name, keyword or category. ***
The Destination Search software platform includes an administration
console for use by site owners and partners. The console allows for
Ruxcon would like to invite people who are interested in security to submit a presentation.
Topics of interest include, but are not limited to:
o Mobile Device Security
o Virtualization, Hypervisor, and Cloud Security
o Malware Analysis
o Reverse Engineering
o Exploitation Techniques
o Rootkit Development
session hijacking, buffer overflow, denial of service, social
engineering, etc.). Collaborative organizations require better
security properties (strong authentication, efficient encryption,
Mandatory Access Control, integrity, non-repudiation and
availability). Nowadays, collaborative organizations use new
technologies such as mobile devices, smartcards, wireless networks,
high performance networks, grid computing, multi-agent systems,
peer-to-peer systems, sensor networks. These environments introduce
new needs, requirements and difficulties related to security. Hence,
collaborative organizations and technologies face several challenges in
the field of security.
Product: Android
Versions affected: Tested on 2.1 - 2.3
Other versions may also be affected
Product description:
Android is an open-source software stack for mobile devices which includes
an operating system, key applications, and middleware. The Android mobile
operating system is based on a modified version of the Linux kernel.
Android is currently owned and developed by Google.
This Security Fix provides remediation for items that cause this behavior through product fixes, as well as configuration and policy changes. More information on each of these items is included below.
RSA has identified and addressed the potential security flaws as part of this Security Fix:
•In certain circumstances, device recovery capabilities and device identification used by the defined policy may be impacted by the data elements sent from the end user’s device. This may potentially allow the system to recover a previously non-registered device or allow access for a registered device despite forensic differences. This potential flaw affects both web and mobile browsers. CVE (Common Vulnerability Enumeration) ID for this issue CVE-2011-2741.
•In certain circumstances, the application may match device tokens sent from mobile apps without proper forensic evaluation used by the defined policy. This may potentially allow access from the mobile device to the protected application without a challenge. This potential flaw only affects mobile apps and does not affect web browsers. CVE (Common Vulnerability Enumeration) ID for this issue CVE-2011-2742.
In addition, the Security Fix provides better capabilities to differentiate between activities originating from web browsers, mobile browsers, and mobile apps. This also allows customers to enable / disable the Device Recovery for each.
Due to forensic similarities between browsers across mobile devices, RSA recommends that customers use these capabilities to disable device recovery specifically for mobile browsers.
Note: Due to the nature of above changes, deployment of this Security Fix may have an impact on existing challenge rates. As with any other Security Fix, RSA recommends that customers fully test the fix before going into production.
* Biometrics
* Digital Forensics
* Exploitation Tactics
* Java & .NET Security
* Malware Analysis
* Mobile Device Security
* Operating System Security (7, XP, Vista, GNU/Linux, OS X, Plan 9, *BSD, …)
* Personal Area Network hacking
* Rootkit Detection, Techniques, and Defenses
* Source Code Auditing & Review
* Steganography & Cryptography in Information Security
- Lockpicking, trashing, physical security and urban exploration
- Hardware hacking, embedded systems and other electronic devices
- Mobile devices exploitation, Symbian, P2K and bluetooth technologies
- Security aspects in SCADA, industrial environments and "obscure"
networks
[ - Important dates - ]
<<Previous
|
|
|
