ios


I'm back from Hacktivity 2015, a big hacking and industrial event in Budapest (Hungary), where I was presenting an update of my research on the Fitbit Flex tracker (slides). It seems several people in the audience were wearing a sports wristband ;) Fitness Trackers at my talk at Hacktivity For your information, I will be presenting on the same topic at Hack.lu next week, but let's say 70% of the presentation will be *different* as I am not focusing on the same aspects. Tamas Szakaly - Shall we play a game? Tamas gave an interesting... [Read More]
by RSS Axelle Apvrille  |  Oct 14, 2015  |  Filed in: Security Research
Insomni'hack's CTF included a couple of mobile challenges I was happy to look into. All could be solved with or without a mobile phone. iBadMovie part 1 We are given a zip file which contains an iOS application and 'a copy of folders on the device' (iExplorer path):   39836648 2015-03-07 00:26 iBadMovie.ipa 0 2015-03-12 15:12 iExplorer/ 0 2015-03-12 15:12 iExplorer/Documents/ 0 2015-03-12 15:12 iExplorer/Library/ 0 2015-03-12 15:12 iExplorer/Library/Caches/... [Read More]
by RSS Axelle Apvrille  |  Mar 26, 2015  |  Filed in: Security Research
This year again, I was happy to participate to Insomni'hack, in Geneva. As in all other editions, questions at the end of my Symbian / Android talks had invariably been 'are there malware on iOS?', I decided it was time I specifically addressed the question. I think I made my point that malware for iOS do exist, even on non jailbroken phones, but they are rare. And the latest PawnStorm iOS malware we reversed (live during the talk ;) has something strange about it: partially works on stock iPhone but looks like it was implemented... [Read More]
by RSS Axelle Apvrille  |  Mar 23, 2015  |  Filed in: Security Research
Recently, a new malware for iOS devices was discovered apparently part of the Pawn Storm operation. We've investigated. Update 2015/02/19: The BuildMachineOSBuild is actually shared with 9 other Mac devices, so the author may have been working also on a MacBook Air 11'', MacBook Pro 15'' etc. The following features of Pawn Storm apparently do not require jailbreak: getting phone info (device model etc), test existence of jailbreak, list running processes, get wifi status, geolocation. Some other features don't... [Read More]
by RSS Axelle Apvrille  |  Feb 13, 2015  |  Filed in: Security Research
[Read More]
by RSS Michael Perna  |  Nov 14, 2014  |  Filed in: Industry Trends & News
[Read More]
by RSS Michael Perna  |  Nov 07, 2014  |  Filed in: Industry Trends & News
[Read More]
by RSS Michael Perna  |  Oct 31, 2014  |  Filed in: Industry Trends & News
While the Shellshock story is taking the media by storm, and as the reports of exploitation in the wild start to emerge, some questions about the worse-than-heartbleed infamous bug remain unanswered. "Will there be a Slammer-like worm owning half of the Internet within a few hours?", "Besides Apache, DHCP and SSH, are there other ways to remotely set environment variables?", "Has the NSA known about it for 20 years?", "Are iOS and Android vulnerable?"... While here at FortiGuard Labs, we have our own opinion on all of these questions, the one we... [Read More]
by RSS Guillaume Lovet  |  Sep 26, 2014  |  Filed in: Security Research
[Read More]
by RSS Michael Perna  |  Aug 23, 2014  |  Filed in: Industry Trends & News
Ransomware is a type of malware that restricts usage of the device it infects, demanding a ransom from the end-user in order to regain control over the device. Now, the malware could actually damage/encrypt the system and the files on it or it could take the easier way out by merely giving a semblance of having performed these functions. Although in both cases, phone usage becomes difficult for the user Ransomware threats have been big on mobile phones this year - from the emergence of the first variant targetting iOS devices to the first Android... [Read More]
by RSS Ruchna Nigam  |  Jun 25, 2014  |  Filed in: Security Research