3 December 2015

Desperate times… How Israel spy company uses zero-days to steals all data from your phone or tablet

Desperate times… How Israel spy company uses zero-days to steals all data from your phone or tablet

ibtimes published yesterday an article about InterApp system, developed by Rayzone Group. According to vendor’s brochure, the device can be places in a public place. It uses vulnerabilities in mobile apps to gain complete access to your phone and steal all information from the phone and the cloud:

“InterApp is fully transparent to the target and does not require any cooperation from the phone owner. The only required condition is that the WIFI transmitter of the mobile device will be open (No need to surf the web)”.

And they claim Dropbox support as well :)

The zero-day market for mobile apps is huge now, but I personally do not think this is the way they do it. Most likely vendor uses zero-day vulnerability in mobile OS (e.g. Android, iOS) or they already have preinstalled backdoor. This accusation is huge, because this means, that no matter you do, your phone can be accessed at any time anywhere. And usual app would not be able to send any data through Wi-Fi channels without an actual Wi-Fi connection with AP. At least it should not :)

Challenge of the year: let’s search for that zero-day! :)

Back to the list

Latest Posts

Remote code execution in NetBSD – nasty and potentially wormable bug

Remote code execution in NetBSD – nasty and potentially wormable bug

NetBSD users are advised to install patched ASAP.
12 February 2018
Zero-day vulnerability in Adobe Flash Player

Zero-day vulnerability in Adobe Flash Player

Second zero-day this year. No remedy available.
1 February 2018
Jackpotting: Weird Attack On ATM

Jackpotting: Weird Attack On ATM

Jackpotting requires not only technical skills and great coordination but also acting skills, audacity and composure.
30 January 2018