Evasi0n7 JB– the first iOS7 Jailbreak

 
We’ve been expecting an iOS7 jailbreak tool for some time. After all, researchers have been working towards this for the past few months, and the rumor mill was working overtime. Timing its release on 22nd of December, evasi0n7 JB was one holiday gift we weren’t excited about. Overview A jailbreak removes all the built-in iOS security mechanisms (such as the iOS Sandbox model). Ultimately, it enables the execution of non-Apple certified code. The evasi0n7 JB is the first jailbreak tool which affects all iOS7-based devices – versions 7.0-7.0.4. More so, it leaves the device in a jailbroken ...

Hand of Thief (HoT) Moves its Way to Android

 
  A relatively new commercial mobile bot, Hands of Thief (HoT) for Android, which targets users of online banking has been circulating the underground forums for the past three months. As its owner claims, this bot variant is “better than Perkele” – the notorious Android malware kit used to bypass multi-factor authentication. HoT originally made some waves this past August as the (not too mature) Linux-targeting banking Trojan.  It looks like the owner has now decided to expand the business to the more lucrative and pervasive mobile platform. The seller is currently advertising the Android-version HoT in a Russian underground forum. For a mere $950, the seller purports a ...

The 2013 Android Vulnerability of the Year

 
Were we to pick the most notorious 2013 Android vulnerability - the dubious award would undoubtedly go to CVE-2013-6282. A privilege escalation flaw released in October and affects all Android versions 4.0-4.3. What makes this vulnerability so abysmal? After all, it hardly gained any press coverage and was mainly discussed in smaller highly technical and focused forums. However, both our research and that of fellow researchers, has proved that behind the scenes lies a basic operating system vulnerability that: 1. Affects most devices running Android versions 4.0-4.3 Including Samsung Galaxy S3/4, ...