crypto girl


Over the last few months or years I have reported vulnerabilities on several IoT devices. None have been patched so far, and I think it is time to discuss the situation openly. One of the issues I have faced several times is the zero-security-culture phenomenon. Some of those IoT companies were typically very small and young, with sadly neither the skills nor the resources to fix security issues. For example, I remember sending several vulnerabilities to a given company. I got an automated response for the first email (ok),... [Read More]
by RSS Axelle Apvrille  |  May 17, 2017  |  Filed in: Security Research
A few weeks ago, researchers at INRIA presented privacy leaks they had detected in the mobile RATP applications at GreHack conference (NB. RATP is the French organism that deals with subways and trains around Paris). I wanted to check how much things had changed since their study, and downloaded the most recent application from Google Play. First surprise: I downloaded version 2.3.3 whereas INRIA researchers mention version 2.8. I guess there is some versioning discrepancy. Now, what privacy changes have we got? Mainly, Achara et al reported... [Read More]
by RSS Axelle Apvrille  |  Dec 02, 2013  |  Filed in: Security Research
Tomorrow starts the quite famous - and ever sold-out - security conference Shmoocon, held in Washington DC until Sunday. The keynote this year will be filled by Peiter Mudge Zatko, inventor of L0phtcrack and early pioneer of buffer overflows. Among the talks filling the tri-tracks program (Build it / Break it / Bring it on), we're glad to find our Crypto Girl, Axelle, who will present a paper she co-wrote with Kyle Yang (another regular poster on this blog) on the infamous mobile phone malware Zitmo, that we discovered (simultaneously with Spanish... [Read More]
by RSS Guillaume Lovet  |  Jan 27, 2011  |  Filed in: Security Research
Some time ago, we came across a new Windows Mobile Trojan dialer named WinCE/Terdial!tr.dial. Under the cover of a FPS game (Antiterrorist 3D) or a Windows Mobile codec package (codecpack.cab), this Trojan actually has the victim's phone call international premium rate phone numbers (IPRN), i.e phone numbers for which a given service is provided and, of course, higher prices are charged ;). More information is available in our Virus Encyclopedia, or just search the web for numerous alerts on the matter. On my side, I have been playing Sherlock... [Read More]
by RSS Axelle Apvrille  |  May 17, 2010  |  Filed in: Security Research