Stagefright Bug

The Android Stagefright bug is not squashed. Although Google released patches for Hangouts and messenger, there are many ways a malicious mp4 file can open on your device. Zimperium has released the source code of the bug, which allows a person to generate a malicious mp4 file and use the exploit.

WE ADVICE USERS TO AVOID OPENING MP4 FILES FROM UNKNOWN SOURCES. 

Here is what they said:

During the months of June and July, Joshua J. Drake developed a working exploit to prove the Stagefright vulnerability can allow Remote Code Execution (RCE) without user interaction. We are pleased to finally make this code available to the general public so that security teams, administrators, and penetration testers alike may test whether or not systems remain vulnerable.

What follows is a python script that generates an MP4 exploiting the ‘stsc’ vulnerability otherwise known as CVE-2015-1538 (#1). This is one of the most critical vulnerabilities we reported in the Stagefright library. The expected result of the exploit is a reverse shell as the media user. As detailed in Joshua Drake’s Black Hat and DEFCON presentations, this user has access to quite a few groups such as inet, audio, camera, and mediadrm. These groups allow an attacker to take pictures or listen to the microphone remotely without exploiting additional vulnerabilities.

This exploit has several caveats. First, it is not a generic exploit. We only tested it to work on a single device model. We tested this exploit on a Nexus running Android 4.0.4. Also, due to variances in heap layout, this is not a 100% reliable exploit by itself. We were able achieve 100% reliability when delivered through an attack vector that allowed multiple attempts. Finally, this vulnerability was one of several that was neutered by GCC 5.0’s ‘new[]’ integer overflow mitigation present on Android 5.0 and later.

This means that the code is only tested for Android 4.0.4 Ice Cream Sandwich, and users on Android 5.1 Lollipop or higher are not vulnerable to the released code for now.

While we do have the code for testing purposes, we do not intend on sharing it as Zimperium has already done so.

“Exploits don’t hack people, people hack people,” Drake, Zimperium.

Advertisements

PhotoScrambler

PhotoScrambler:

PhotoScrambler lets you protect your photos from unwanted usage and distribution.

Protect your photos with personal secret code, so that only you and trusted people you give the code to, can see them. Everyone else who doesn’t know your secret code will see just random scrambled images.
With PhotoScrambler you can:
• Encode/decode JPEG and PNG photos
• Take encoded photos with built-in camera
• Share encoded photos with your friends
• Add custom photo-scrambling codes, colors and descriptions
• Choose photo size after processing *
• Define application password
* limited in FREE version of the application

Secured photos will still be saved as photos, so you can store them in your phone’s Pictures libraries, upload them on cloud servers, such as Dropbox, OneDrive or iCloud or similar. They will remain perfectly safe even if the cloud service is hacked!

Photos protected with PhotoScrambler will stay safe even if a curious friend borrows your phone, or if someone steals your phone. Not even a malicious repair person will be able to decode your photos without the code.

Users can scramble and unscramble photos directly from phone’s gallery, by selecting photos and choosing PhotoScrambler from “Share with” application list.

Most of us have used picture locker on windows phone which involves you importing pictures into the app and storing them there. PhotoScrambler is something which is more innovative. On initializing the app, you need to set a password to open the app. Once opened, you choose a photo you’d like to scramble/unscramble, use you camera to click or even share securely. Pictures are scrambled using a code which you decide. You can use this code as a template in the future or use a different one everytime. The photo can be overwritten or a new photo can be maintained which is scrambled. In the gallery you can’t view this picture as its scrambled. You need to unscramble it using the application by entering the code. Even if some one accidently gets these files, its useless as they can’t crack it( not yet at least) as you choose the code to use to scramble it. Only a brute force attack on a supercomputer may be able to crack it!!!

Get it at http://www.windowsphone.com/s?appid=8dc237b6-8dab-42c5-b54e-b76e90279305

A Small Breakthrough

We were able to open the keepsafe app without a password just by modifying the manifest.json file!! It remains open for a few seconds and also shows the folders in it with pictures before it closes..

Yet to figure out the final solution..
Keep yourself up to date with the posts that come up in the next week!

Till then.. Enjoy the weekend!! 😀

AVG AntiVirus app lock bypassed!!

We managed to bypass the app lock feature in AVG antivirus(https://play.google.com/store/apps/details?id=com.antivirus) for android in a manner similar to previous app(AppLock)….check the full procedure at
https://appcyla.wordpress.com/2013/09/09/is-your-locked-app-really-secure/
Just follow the steps as before and you’ll have another app which proved that “your locked app is not really secure”