Breaking into and Reverse Engineering iOS Photo Vaults
Every so often we hear stories of people losing their mobile phones, often with sensitive photos on them. Additionally, people may lend their phones to friends only to have those friends start going through their photos. For whatever reason, a lot of people store risqué pictures on their devices. Why they feel the need to do that is left for another discussion. This behavior has fueled a desire to protect photos on mobile devices. One popular option are photo vault applications. These applications claim to protect your photos, videos, etc….
Lenovo TVSUkernel Escalation of Privileges
The Lenovo System Update allows least-privileged users to perform system updates. To do this, System Update includes the System Update service (SUService.exe). This service runs as the privileged SYSTEM user, creates a temporary user account with Administrator privileges, and starts a GUI application (Tvsukernel.exe) with the new Administrator account. Once the application is closed, the temporary Administrator account is appropriately deleted. However the GUI application contains links to online support and privacy help topics, which, when clicked, start a web browser instance under the temporary Administrator account to display the…
Lenovo System Update Created an Insecure Random Administrator Password
This vulnerability allows a local unprivileged user to elevate privileges to Administrator or SYSTEM. Since the user is running the System Update is an unprivileged user, the SUService that is running as System will run the UACsdk.exe binary to create a temporary Administrator account to run the GUI application (Tvsukernel.exe).
Five Reasons Why You Should Go To BruCON
BruCON is one of the most important security conferences in Europe. Held each October, the ‘Bru’ in ‘BruCON’ refers to Brussels, the capital of Belgium, where it all started. Nowadays, it’s held in the beautiful city of Ghent, just 55 mins from its origin. I had the chance to attend this year, and here are the five things that make it a great conference, in my opinion. You can check out BruCON’s promo video here: https://www.youtube.com/watch?v=ySmCRemtMc4. 1. The conference Great talks presented by international speakers; from deeply…
Harman-Kardon UConnect Vulnerability
UConnect 8.4AN/RA3/RA4 are vehicle-based infotainment systems. UConnect systems are integrated in certain makes of Chrysler, Dodge, Jeep, and Ram vehicles. The UConnect infotainment system allowed an unauthenticated connection from other access points on the Sprint Network. An attacker could issue commands to other components within the vehicle through the infotainment system.
Is Stegomalware in Google Play a Real Threat?
For several decades, the science of steganography has been used to hide malicious code (useful in intrusions) or to create covert channels (useful in information leakage). Nowadays, steganography can be applied to almost any logical/physical medium (format files, images, audio, video, text, protocols, programming languages, file systems, BIOS, etc.). If the steganographic algorithms are well designed, the hidden information is really difficult to detect. Detecting hidden information, malicious or not, is so complex that the study of steganalytic algorithms (detection) has been growing. You can see the growth in scientific…
The iOS Get out of Jail Free Card
If you have ever been part of a Red Team engagement, you will be familiar with the “Get out of Jail Free Card”. In a nutshell, it’s a signed document giving you permission to perform the activity you were caught doing. In some instances, it’s the difference between walking away and spending the night in a jail cell. You may be saying, “Ok, but what does a Get out of Jail Free Card have to do with iOS applications?” Well, iOS mobile application assessments usually occur on jailbroken devices,…
The Beauty of Old-school Backdoors
Currently, voodoo advanced rootkit techniques exist for persistence after you’ve got a shell during a pen test. Moreover, there are some bugdoorsimplemented on purpose by vendors, but that’s a different story. Beautiful techniques and code are available these days, but, do you remember that subtle code you used to use to sneak through the door? Enjoy that nostalgia by sharing your favorite one(s) using the #oldschoolbackdoors on social networks. In this post, I present five Remote Administration Tools (RATs) a.k.a. backdoors that I personally used and admired. It’s important…
Admin ACL Bypass and Double Fetch Issue in F-Secure Internet Security 2015
Local users of F-Secure Internet Security 2015 could elevate their privileges to local admin/system/kernel.
Money may grow on trees
Sometimes when buying something that costs $0.99 USD (99 cents) or $1.01 USD (one dollar and one cent), you may pay an even dollar. Either you or the cashier may not care about the remaining penny, and so one of you takes a small loss or profit. Rounding at the cash register is a common practice, just as it is in programming languages when dealing with very small or very large numbers. I will describe here how an attacker can make a profit when dealing with the rounding mechanisms…