Author Topic: Security Thread  (Read 13607 times)

Lord Cataplanga

  • Outlandish
  • ***
  • Posts: 2315
  • Saint Fiasco
    • View Profile
Re: Security Thread
« Reply #90 on: July 12, 2013, 01:56:53 pm »
http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/

A vulnerability in Android's security model has been found, that affects 99% of all Android devices.

The vulnerability involves discrepancies in how Android applications are cryptographically verified & installed, allowing for APK code modification without breaking the cryptographic signature.

All Android applications contain cryptographic signatures, which Android uses to determine if the app is legitimate and to verify that the app hasn’t been tampered with or modified. This vulnerability makes it possible to change an application’s code without affecting the cryptographic signature of the application – essentially allowing a malicious author to trick Android into believing the app is unchanged even if it has been.

That means that trojan applications can be nigh-indistinguishable from the legit ones.

This vulnerability requires a firmware update to patch, and there is no way Samsung is going to release a new version of my ancient phones' firmware :(

Quote
Installation of a Trojan application from the device manufacturer can grant the application full access to Android system and all applications (and their data) currently installed. The application then not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone and control any function thereof (make arbitrary phone calls, send arbitrary SMS messages, turn on the camera, and record calls). Finally, and most unsettling, is the potential for a hacker to take advantage of the always-on, always-connected, and always-moving (therefore hard-to-detect) nature of these “zombie” mobile devices to create a botnet.

This "botnet" idea seems like it could work, because most Android phones are quite old, and rarely get firmware security patches.

Pæs

  • James Bond-defying Shit-Volcano Trigger Device of the Next Armageddon.
  • Deserved It
  • ****
  • Posts: 38331
  • I ain't even mad.
    • View Profile
Re: Security Thread
« Reply #91 on: July 12, 2013, 11:17:31 pm »
Hokay, ditching plans to make apps, working on benevolent mobile botnet instead.

LMNO

  • Lubricated and Rabid Lungfish of Impending Sexdoom™
  • Deserved It
  • ****
  • Posts: 85704
  • Internet Fuckweasel of Haunted Pork Dimensions.
    • View Profile
    • Earfatigue Productions: When it has to sound like you give a shit.
Re: Security Thread
« Reply #92 on: July 13, 2013, 03:24:36 am »
Is it just me, or did you just up the difficulty level by about 162%?

Pæs

  • James Bond-defying Shit-Volcano Trigger Device of the Next Armageddon.
  • Deserved It
  • ****
  • Posts: 38331
  • I ain't even mad.
    • View Profile
Re: Security Thread
« Reply #93 on: March 01, 2015, 11:33:11 pm »
BUMP in lieu of PlightOfFernandoPoo making his security thread.

Recommending risky.biz for security podcasts to follow. Hard to find security podcasts which aren't just a bunch of dudebros lulzing about farts.

Cain

  • The admins send their regards
  • Chekha
  • Deserved It
  • ****
  • Posts: 102522
    • View Profile
Re: Security Thread
« Reply #94 on: March 07, 2015, 07:23:02 pm »
Looks good.

I personally like Krypt3ria, though it's only one person and they don't update as much as I'd like.

disfnordia

  • Known
  • *
  • Posts: 34
    • View Profile
    • Disfnordia - Enlightenment from the alien overloads spoken to the popes in the pyramid under the local walmart
Re: Security Thread
« Reply #95 on: October 04, 2015, 04:26:20 am »
I have been around a long time, not this forum just this world. I rarely post on the clearnet, when I see facebook with a discordian page, of which I belong, I know the end is neigh. Now you damn kids get off my grass!

I wanted to link to zine that had some useful information https://zine.riseup.net/

This is my first post, I will stick around for a while. I am scanning some old 23 zines I have lying around from the 80's. I will up load them soon for your viewing pleasure.