People are getting more and more suspicious when downloading applications to their devices and hackers now try to gain access through hardware. Mobile users usually prefer something cheaper that is suitable with their device instead on the expensive original peripheral and/or accessory. Researchers have created a custom iPhone charger that can infect any iOS device with malware. They said that all users and all iOS devices are affected by this malicious charger. If this wasn’t enough, attackers hide their malware like Apple does with its build-in applications and users can’t uninstall it.
I read about exploits for all operating systems but this one really scared me. Security researchers found a zero day vulnerability in the Windows core that when exploited gives SYSTEM access to all supported versions of Windows so far. This includes Windows 7 with latest updates and Windows 8. Microsoft confirmed the vulnerability and I hope that they are working on a fix. A vulnerability that is more than 20 years old, in my Country it can legally drink alcohol, drive a car and vote! It sounds like a hackers holy grail and in wrong hands it can make a lot of harm.
About 50 million android smart phones have Viber installed and a critical flaw in that app make all those devices vulnerable. It is as easy as sending two messages through Viber and attacker can gain full control to your device. It is scary how easy it is and I would expect a fix and ultra fast by the Viber app creators. You can watch the video to see exactly how it can be done and you can try it with a friend. It is the easiest and fastest exploit that I learned so far for android smart phones.
I really want to try this but for now I will just post it. Of course after a successful or not try I will give the money to the machine. I don’t show it for you to have free drinks but to gain the knowledge on how to do it easily. I found it mostly funny and entertaining. It reminded me a trick I was doing with a billiard when I was kid. I enjoy seeing ways to hack machines to do something they are not supposed to. Enjoy the video and note that it is not legal to do it.
I wrote several posts on Apple security holes and how to bypass lockscreen. Security researches found also similar flaw on Samsung devices. Even though this doesn’t work on all Samsung devices but it works and it is a serious issue on those devices. I can’t explain it in words and you need to be patient and fast but in order for bad men to gain access to your smartphone few minutes is nothing. You can try it and if it happens to your device you can contact Samsung to help you protect your device and your personal data.
Before cracking a password using brute force attack, that meas try every possible combination of characters, programs use a dictionary with common words. So, if the password, which in many cases do, is just a simple word it will be cracked in few seconds. Crackstation took this to another level, they created a wordlist with 1.5 billion of passwords (1,493,677,782). The file is 4.2 GiB compressed and 15 GiB uncompressed. That is a lot of words but it cracks about 30% of all the hashes given to the Crackstation hash cracker. The file contains every word in any language that Wikipedia database had in 2010, every leaked database, every dictionary and every wordlist on the internet the creators of this wordlist could find
Not even a month ago I posted about Facebook OAuth flaw that was allowing to an attacker to gain access to any account. Facebook have fixed that specific flaw with minor changes but those changes are not enough and hackers can gain control to any account. This new vulnerability was found by the same white hat hacker that found also the previous one. Don’t worry just yet about this one because it is already fixed but Facebook is not very serious about security. To fix the previous bug they just put a basic regular expression validation that could be easily bypassed. I am sure they just modified their regular expression for the new flaw.
An HTML5 browser exploit was found recently and it can fill your hard drive with junk data. Usually browsers allow websites to store small files like cookies but in case of HTML5 they allow bigger files around 10MB. This can be exploited and flood a hard drive with such files. In a demonstration, a 22-year-old web developer was able to fill 1GB of hard drive space every 16 seconds. I will let you stop and calculate how long it would take to fill your entire hard disk. I was happy to learn that every browser is vulnerable to this exploit except of my favorite Firefox.
Applications in Facebook use the OAuth to communicate with the users and grand additional permissions. The user should click on the ‘Allow’ or ‘Accept’ button in order for the application to gain those permissions. A white-hat Hacker called ‘Nir Goldshlager’ found a flaw that allow any application to gain access with full control to any Facebook account by exploiting the Facebook OAuth. This doesn’t require the user to click on any button, this is also skipped. He also created a video that demonstrates this for those who are interested to see how easy it is to gain full control to any Facebook account.
Anyone can bypass iPhone’s lock screen even if a password is set with a number of simple steps. This is for the latest platform iOS 6.1. Apple promised to fix this bug in the next release and iPhone users wish it is the last one that can be found that bypasses the lock screen as it is very important. There is a video that demonstrates that if you don’t want to read and follow the instructions. Happy unlocking.