Having been notified back in March, Google has yet to patch a 0-day vulnerability that allows for privilege escalation attacks. TrendMicro researchers in collaboration with the Zero Day Initiative went public on September 4th, 2019. In order to exploit this vulnerability, attackers must first obtain the ability to execute high-privileged code and would need local access to the … [Read more...]
A Silent Mobile Threat: Simjacker
This post should not be confused with my previously written article about SIM-jacking and should be taken way more seriously. Researchers at AdaptiveMobile Security recently went public with a new but silent threat: Simjacker. To qualify the more serious threat factor, this attack is advanced and reveals a flaw within SIM card implementations, as well as requiring minimal user … [Read more...]
Android APK Reverse Engineering: What’s in an APK
Before building off the previous post, I wanted to take a moment and clarify the objective of this series. The purpose of this series is to break down the APK reverse engineering process into smaller chunks in order to really appreciate each step. As we progress through the series, I want readers to be able to build off of the previous post and see how all the pieces tie … [Read more...]
Android APK Reverse Engineering: Before Getting Started
In my endless pursuit of growth and development, I have decided to take on another challenge: malicious Android application research. There have been many stories of researchers finding malicious mobile applications either trying to steal your private information or presenting a barrage of annoying ads generating revenue – it seems that new stories come out semi-regularly. That … [Read more...]
User-Centered Bank Fraud: 5 Ways Hackers Attack
Online banking is big business. As a matter of fact, according to a recent survey from Deloitte, 73% of respondents use online banking resources at least once a month, and 59% use mobile banking apps. Yet despite the high level of user traffic, today’s banking platforms are not designed specifically to stop hackers. As a result, attackers have been taking advantage of the … [Read more...]