1596879060
Do Hackers Need to Handle Your Phone Physically in Order to Hack It?
With the advancement of technology and information system, hackers are now able to hack even some sophisticated devices. Most often we hear about web hack cases. However, it’s very rarely heard mobile phones being hacked or hijacked.
So, does this mean our phone is not hackable? When we think about it for a while, it’s not surprising to think that, “Maybe it is not hackable as phones are private devices that only remain with us and hackers need to access our phone physically in order to hack it. And, even if they get our phone, it is secured with some sort of PIN so maybe I am safe.”
This is where we go wrong! Hackers can still hack your phone even without gaining any physical access.
The phone might physically be in your hand but, logically in the hand of an attacker makes more sense.
Ways hacker can get into your device
1. SurfingAttack
It is an interactive hidden attack on Voice Assistants Using Ultrasonic Guided Waves.
Voice assistants allow smartphone users to do different activities using a spoken command. And yes the can also potentially let hackers do the same things by bombarding the device’s microphone with ultrasonic waves.
The research was conducted by hiding a remotely controllable attack device where it could send ultrasonic waves through the table to trigger a phone lying flat on its surface. And as a result, they were able to activate your voice assistant placed on the tabletop, leading to read private messages, extract authentication passcode, and many more from the mobile devices.
You can read more about the research here, which worked on worked on 17 popular smartphone models, including ones manufactured by Apple, Google, Samsung, Motorola, Xiaomi and Huawei.
2. SIM card hacking
It is performed by attackers by contacting legitimate user’s phone provider, pretends to be the user, and then asks for a replacement SIM card.
Hackers Hit Twitter C.E.O. Jack Dorsey in a ‘SIM Swap.’ on August 2019 by Phishing method. You can read the full details here!
Once, the attacker successfully replaces your contact number with a new one, the old one gets deactivated and your phone number will be stolen. Once, the attacker has taken over your SIM card, all your phone calls, messages, etc are taken over too.
Simjacker
This is one of the most interesting attacks that does not involve convincing the phone provider.
How does it work?
Simjacker attack_ involves an SMS containing a specific type of spyware-like code sent to a mobile phone. Which on being clicked will instructs the SIM Card within the phone to take over the mobile phone, in order to retrieve and perform sensitive commands._
3. Key Logging
With the advancement of technologies, hackers have now found out new methods to install key loggers in the victim’s device.
When we see some luring attractive or trending apps or software, we often install it in order to explore it. What we do not do is that we never see what the app is doing behind the scene.
**The real question is, Is it really attractive behind the scene too?**If yes then for whom? It could be one of the legitimate apps or it could be one of the tools for hackers to install Key Loggers
Usage of Key Logger
_A keylogger or __a keystroke logger is a type of surveillance technology used to monitor and record each keystroke typed on a specific computer’s keyboard. This includes your valuable credentials too. __What’s worst? _Once a cyber criminal has got hold of confidential user data, they can easily transfer money from the user’s account as well.
One of the way how it could be installed
When the victim opens the file and downloaded it to the device, it gets infected with a Trojan. This can be designed in a way that could be activated once installed and opened, the Trojan can then display a certain notification with a request to re-enter some of your critical information. In the worst case, could be your bank information. Then, the keylogger incorporated in the Trojan would record data entered by the victim, and can later send this data to the cybercriminals’ server. Now, the attacker will have all your bank information without accessing your device physically.
4. Social Engineering
This is one of the well-known attacks that involves the sentiments of the victims. Rather than targeting the device itself, this attack targets the psychology of the victim by encouraging unsuspecting users, employees, or anybody to do confidential work without even knowing that they are being targeted. This leads to the disclosure of confidential information to the hacker.
5. Synchronization
If you think about it, your smartphones are just like advanced storage devices just like a flash drive. We often connect our device in PCs for different purposes. This could be for file transfer, sometimes to charge your device, and many more. Now, this is when some types of malware can jump to (or_ jump from)_your mobile device. Here, you see the attacker does not even have access to your device physically. You have your device but attackers now can have control over it.
6. Buffer Overflow Attack
“If you pour water in a cup more than it’s capacity, it’s obvious to overflow.”
This kind of attack was most common in the web application back then. However, this has also been one of the commonly seen attacks in mobile apps.
What is Buffer Overflow Attack?
It is an anomaly in the application where the program tends to store more data in a buffer (memory store) than its default capacity, causing the buffer to overflow. These vulnerabilities affect data integrity and/or can lead to privilege escalation or remote code execution attacks on devices.
Buffer Overflow vulnerabilities in some common App
- A critical bug was discovered in WhatsApp VoIP, the feature responsible for audio and video calls, allowed an attacker to take over a mobile device, which was reported to be a Buffer Overflow vulnerability.
- Code execution flaw detected and resolved in macOS Catalina, a buffer overflow traced back to the UIFoundation component which could be triggered through malicious text files.
#ethical-hacking #information-technology #cybersecurity #mobile-security #information-security
What is GEEK
Buddha Community
1597687200
Threat Actors Introduce Unique ‘Newbie’ Hacker Forum
A well-known private hacking forum has recently become more inclusive, introducing a new platform to help newbie threat actors flourish and hone their expertise, research has found. The discovery is unique, as private hacker forums tend to be the exclusive province of elite cybercriminals.
Digital Shadows on Thursday published a report that takes a deep dive into CryptBB, an exclusive hacker forum that has been operational since 2017.
Initially, the site only accepted new members after a “rigorous application and interview process,” requiring that an applicant prove their skill and knowledge on a chosen area of expertise, “leaving no room for those who fail to meet the required standards,” researchers wrote.
However, the forum recently has taken steps “to be viewed as a platform for ‘all,'” by launching near the end of 2019 a designated space for what it called “newbies,” according to the report. These are hackers who failed the application process but still wanted to hone their skills and learn from not just one another, but also from more expert members of the forum.
“The real surprise was the identification of an application-only forum creating a dedicated subforum for failed applicants, or ‘newbies’, to converse, share insights, and learn from full-time members,” Alex Guirakhoo, threat research team lead at Digital Shadows, told Threatpost. “Historically, the only times we have seen exclusive (private) forums lower the parameters for entry are when they have allowed members willing to pay a set fee in order to bypass the application process (this was seen with the English-language forum KickAss and the Russian-language forum Exploit). The payment enabled the forum to gain more members but was also financially beneficial to the forum. In CryptBB’s case, they are using a dedicated subforum to share knowledge and help others for free. They might be doing this for site-traffic metrics, but the intent behind the scheme seems innocent enough and the forum likely feels it is a way to give back and help others to increase their skills/knowledge.”
Last month, CryptBB owners went a step further and also began to reach out on the dark web to try to recruit new hackers into the forum. Digital Shadows identified what is called a “subdread” dedicated to CryptBB on the dark web community forum Dread—which has a “far-reaching and loyal user base” — in early June, researchers noted.
“On this subdread, CryptBB proclaims itself to be an excellent forum for ‘newbie’ hackers, programmers, and carders eager to start on their journey while also remaining a private platform for ‘advanced’ members who can partake in quality discussions and share expertise,” researchers wrote.
Digital Shadows imagined a few reasons for this concerted effort to shift from a forum exclusive to expert hackers to one that is now inviting less experienced ones into the fold.
One could be to try to preserve and maintain some of the methods and strategies already used by more skilled hackers, researchers surmised. Historically, CryptBB has provided some dedicated services for members to offer, including RDP sales and “hackers for hire” services, they said. Earlier this year, the forum’s admin team also began offering penetration testing and bug-reporting services to marketplaces with an assurance of discretion and no “drama,” researchers reported.
#hacks #web security #0day #cryptbb #cybercriminals #dark web #digital shadows #hacker forum #hackers #hackers for hire #hacking #kickass #research #the report #threat actors #torum
1596879060
Do Hackers Need to Handle Your Phone Physically in Order to Hack It?
With the advancement of technology and information system, hackers are now able to hack even some sophisticated devices. Most often we hear about web hack cases. However, it’s very rarely heard mobile phones being hacked or hijacked.
So, does this mean our phone is not hackable? When we think about it for a while, it’s not surprising to think that, “Maybe it is not hackable as phones are private devices that only remain with us and hackers need to access our phone physically in order to hack it. And, even if they get our phone, it is secured with some sort of PIN so maybe I am safe.”
This is where we go wrong! Hackers can still hack your phone even without gaining any physical access.
The phone might physically be in your hand but, logically in the hand of an attacker makes more sense.
Ways hacker can get into your device
1. SurfingAttack
It is an interactive hidden attack on Voice Assistants Using Ultrasonic Guided Waves.
Voice assistants allow smartphone users to do different activities using a spoken command. And yes the can also potentially let hackers do the same things by bombarding the device’s microphone with ultrasonic waves.
The research was conducted by hiding a remotely controllable attack device where it could send ultrasonic waves through the table to trigger a phone lying flat on its surface. And as a result, they were able to activate your voice assistant placed on the tabletop, leading to read private messages, extract authentication passcode, and many more from the mobile devices.
You can read more about the research here, which worked on worked on 17 popular smartphone models, including ones manufactured by Apple, Google, Samsung, Motorola, Xiaomi and Huawei.
2. SIM card hacking
It is performed by attackers by contacting legitimate user’s phone provider, pretends to be the user, and then asks for a replacement SIM card.
Hackers Hit Twitter C.E.O. Jack Dorsey in a ‘SIM Swap.’ on August 2019 by Phishing method. You can read the full details here!
Once, the attacker successfully replaces your contact number with a new one, the old one gets deactivated and your phone number will be stolen. Once, the attacker has taken over your SIM card, all your phone calls, messages, etc are taken over too.
Simjacker
This is one of the most interesting attacks that does not involve convincing the phone provider.
How does it work?
Simjacker attack_ involves an SMS containing a specific type of spyware-like code sent to a mobile phone. Which on being clicked will instructs the SIM Card within the phone to take over the mobile phone, in order to retrieve and perform sensitive commands._
3. Key Logging
With the advancement of technologies, hackers have now found out new methods to install key loggers in the victim’s device.
When we see some luring attractive or trending apps or software, we often install it in order to explore it. What we do not do is that we never see what the app is doing behind the scene.
**The real question is, Is it really attractive behind the scene too?**If yes then for whom? It could be one of the legitimate apps or it could be one of the tools for hackers to install Key Loggers
Usage of Key Logger
_A keylogger or __a keystroke logger is a type of surveillance technology used to monitor and record each keystroke typed on a specific computer’s keyboard. This includes your valuable credentials too. __What’s worst? _Once a cyber criminal has got hold of confidential user data, they can easily transfer money from the user’s account as well.
One of the way how it could be installed
When the victim opens the file and downloaded it to the device, it gets infected with a Trojan. This can be designed in a way that could be activated once installed and opened, the Trojan can then display a certain notification with a request to re-enter some of your critical information. In the worst case, could be your bank information. Then, the keylogger incorporated in the Trojan would record data entered by the victim, and can later send this data to the cybercriminals’ server. Now, the attacker will have all your bank information without accessing your device physically.
4. Social Engineering
This is one of the well-known attacks that involves the sentiments of the victims. Rather than targeting the device itself, this attack targets the psychology of the victim by encouraging unsuspecting users, employees, or anybody to do confidential work without even knowing that they are being targeted. This leads to the disclosure of confidential information to the hacker.
5. Synchronization
If you think about it, your smartphones are just like advanced storage devices just like a flash drive. We often connect our device in PCs for different purposes. This could be for file transfer, sometimes to charge your device, and many more. Now, this is when some types of malware can jump to (or_ jump from)_your mobile device. Here, you see the attacker does not even have access to your device physically. You have your device but attackers now can have control over it.
6. Buffer Overflow Attack
“If you pour water in a cup more than it’s capacity, it’s obvious to overflow.”
This kind of attack was most common in the web application back then. However, this has also been one of the commonly seen attacks in mobile apps.
What is Buffer Overflow Attack?
It is an anomaly in the application where the program tends to store more data in a buffer (memory store) than its default capacity, causing the buffer to overflow. These vulnerabilities affect data integrity and/or can lead to privilege escalation or remote code execution attacks on devices.
Buffer Overflow vulnerabilities in some common App
- A critical bug was discovered in WhatsApp VoIP, the feature responsible for audio and video calls, allowed an attacker to take over a mobile device, which was reported to be a Buffer Overflow vulnerability.
- Code execution flaw detected and resolved in macOS Catalina, a buffer overflow traced back to the UIFoundation component which could be triggered through malicious text files.
#ethical-hacking #information-technology #cybersecurity #mobile-security #information-security
1628430590
How to find WiFi Passwords using Python 2021|Hack WiFi Passwords|Python Script to find WiFi Password
Hack Wifi Passwords easily..
#wifi #python #passwords #wifipasswords #linux #coding #programming #hacking #hack
#wifi #hack #using #python #python #hacking
1616572311
Originscale Order Management System
Originscale order management software helps to manage all your orders across channels in a single place. Originscale collects orders across multiple channels in real-time - online, offline, D2C, B2B, and more. View all your orders in one single window and process them with a simple click.
#order management system #ordering management system #order management software #free order management software #purchase order management software #best order management software
1598777940
My Mobile Phone Got Hacked and Here Is How You Can Protect Yourself
Disclaimer
Some of my friends were saying, my mobile phone didn’t hack and I am doing a prank. Then before you read my hacking story, I want to give you a disclaimer that it’s not a prank or fake story, and everything you will read it’s based on my real-life experience. If you think it’s fake then you can happily close the window. But there are some tips mentioned in this story which you must read because that could prevent your device from this kind of hacking.
First Attack
If you think only celebrities get a hacking attack then change your mind because the victim can be anyone. So in February 2019, I started a blog with the name GeekDirector, surprisingly I consider it my first startup with no social media presence. But anyhow, I was the only one who was writing blogs on it, and unfortunately, I was able to write only four articles. After six months, I opened my blog and it was approved with Google Adsense. I was very happy because the earnings on it had been started.
After some days, my Google Account was hacked and the hacker deleted my blog and Adsense account. It was a very depressing situation for me. Fortunately, I downloaded the backup file of my blog in my system but my earnings were gone. I was not able to recover my Adsense account because Google has a policy that you can’t create more than one Adsense account. However, I was contacting Google for the recovery but all in vain. In the meantime, I started a new startup, a digital marketing agency, with some people. But It was not giving me pleasure.
#hacker #hacking #mobile #mobile-hacking #mobile app