ios


ToorCon 19 San Diego was held Monday August 28th to Sunday September 3rd, 2017 at The Westin San Diego. It included three parts. The first was training workshops focused on various aspects of computer security. These took place on Aug 28-31. The second was a Seminar held on Sep 1. The third part was the formal Conference that ran from Sep 1-3. I was honored to be able to present my research, Dig Deep into FlexiSpy for Android at ToorCon 19. FlexiSpy for Android is a spy app with full IM tracking, VoIP call recording, and live call interception.... [Read More]
by RSS Kai Lu  |  Sep 18, 2017  |  Filed in: Security Research
I'm back from Hacktivity 2015, a big hacking and industrial event in Budapest (Hungary), where I was presenting an update of my research on the Fitbit Flex tracker (slides). It seems several people in the audience were wearing a sports wristband ;) Fitness Trackers at my talk at Hacktivity For your information, I will be presenting on the same topic at Hack.lu next week, but let's say 70% of the presentation will be *different* as I am not focusing on the same aspects. Tamas Szakaly - Shall we play a game? Tamas gave an interesting... [Read More]
by RSS Axelle Apvrille  |  Oct 14, 2015  |  Filed in: Security Research
Insomni'hack's CTF included a couple of mobile challenges I was happy to look into. All could be solved with or without a mobile phone. iBadMovie part 1 We are given a zip file which contains an iOS application and 'a copy of folders on the device' (iExplorer path):   39836648 2015-03-07 00:26 iBadMovie.ipa 0 2015-03-12 15:12 iExplorer/ 0 2015-03-12 15:12 iExplorer/Documents/ 0 2015-03-12 15:12 iExplorer/Library/ 0 2015-03-12 15:12 iExplorer/Library/Caches/... [Read More]
by RSS Axelle Apvrille  |  Mar 26, 2015  |  Filed in: Security Research
This year again, I was happy to participate to Insomni'hack, in Geneva. As in all other editions, questions at the end of my Symbian / Android talks had invariably been 'are there malware on iOS?', I decided it was time I specifically addressed the question. I think I made my point that malware for iOS do exist, even on non jailbroken phones, but they are rare. And the latest PawnStorm iOS malware we reversed (live during the talk ;) has something strange about it: partially works on stock iPhone but looks like it was implemented... [Read More]
by RSS Axelle Apvrille  |  Mar 23, 2015  |  Filed in: Security Research
Recently, a new malware for iOS devices was discovered apparently part of the Pawn Storm operation. We've investigated. Update 2015/02/19: The BuildMachineOSBuild is actually shared with 9 other Mac devices, so the author may have been working also on a MacBook Air 11'', MacBook Pro 15'' etc. The following features of Pawn Storm apparently do not require jailbreak: getting phone info (device model etc), test existence of jailbreak, list running processes, get wifi status, geolocation. Some other features don't... [Read More]
by RSS Axelle Apvrille  |  Feb 13, 2015  |  Filed in: Security Research
[Read More]
by RSS Michael Perna  |  Nov 14, 2014  |  Filed in: Industry Trends
[Read More]
by RSS Michael Perna  |  Nov 07, 2014  |  Filed in: Industry Trends
[Read More]
by RSS Michael Perna  |  Oct 31, 2014  |  Filed in: Industry Trends
While the Shellshock story is taking the media by storm, and as the reports of exploitation in the wild start to emerge, some questions about the worse-than-heartbleed infamous bug remain unanswered. "Will there be a Slammer-like worm owning half of the Internet within a few hours?", "Besides Apache, DHCP and SSH, are there other ways to remotely set environment variables?", "Has the NSA known about it for 20 years?", "Are iOS and Android vulnerable?"... While here at FortiGuard Labs, we have our own opinion on all of these questions, the one we... [Read More]
by RSS Guillaume Lovet  |  Sep 26, 2014  |  Filed in: Security Research
[Read More]
by RSS Michael Perna  |  Aug 23, 2014  |  Filed in: Industry Trends