3 December 2015

Desperate times… How Israel spy company uses zero-days to steals all data from your phone or tablet

Desperate times… How Israel spy company uses zero-days to steals all data from your phone or tablet

ibtimes published yesterday an article about InterApp system, developed by Rayzone Group. According to vendor’s brochure, the device can be places in a public place. It uses vulnerabilities in mobile apps to gain complete access to your phone and steal all information from the phone and the cloud:

“InterApp is fully transparent to the target and does not require any cooperation from the phone owner. The only required condition is that the WIFI transmitter of the mobile device will be open (No need to surf the web)”.

And they claim Dropbox support as well :)

The zero-day market for mobile apps is huge now, but I personally do not think this is the way they do it. Most likely vendor uses zero-day vulnerability in mobile OS (e.g. Android, iOS) or they already have preinstalled backdoor. This accusation is huge, because this means, that no matter you do, your phone can be accessed at any time anywhere. And usual app would not be able to send any data through Wi-Fi channels without an actual Wi-Fi connection with AP. At least it should not :)

Challenge of the year: let’s search for that zero-day! :)

Back to the list

Latest Posts

Microsoft patches for June 2018

Microsoft patches for June 2018

50 vulnerabilities patched, some of them are potentially wormable.
13 June 2018
VPNFilter, attacks on routers and why external scanning is essential for security

VPNFilter, attacks on routers and why external scanning is essential for security

How to protect your router from VPNFilter and other attacks.
8 June 2018
New zero-day in Adobe Flash Player heavily exploited in the Middle East

New zero-day in Adobe Flash Player heavily exploited in the Middle East

Users in Doha and Qatar suffered from a targeted attack.
7 June 2018
Featured vulnerabilities
Information disclosure in Splunk
Low Patched | 18 Jun, 2018
Denial of service in Node.js
Low Patched | 18 Jun, 2018
Denial of service in QEMU
Low Patched | 18 Jun, 2018
Denial of service in LibTIFF
Low Patched | 17 Jun, 2018
Denial of service in LibTIFF
Low Patched | 15 Jun, 2018