3 December 2015

Desperate times… How Israel spy company uses zero-days to steals all data from your phone or tablet

Desperate times… How Israel spy company uses zero-days to steals all data from your phone or tablet

ibtimes published yesterday an article about InterApp system, developed by Rayzone Group. According to vendor’s brochure, the device can be places in a public place. It uses vulnerabilities in mobile apps to gain complete access to your phone and steal all information from the phone and the cloud:

“InterApp is fully transparent to the target and does not require any cooperation from the phone owner. The only required condition is that the WIFI transmitter of the mobile device will be open (No need to surf the web)”.

And they claim Dropbox support as well :)

The zero-day market for mobile apps is huge now, but I personally do not think this is the way they do it. Most likely vendor uses zero-day vulnerability in mobile OS (e.g. Android, iOS) or they already have preinstalled backdoor. This accusation is huge, because this means, that no matter you do, your phone can be accessed at any time anywhere. And usual app would not be able to send any data through Wi-Fi channels without an actual Wi-Fi connection with AP. At least it should not :)

Challenge of the year: let’s search for that zero-day! :)

Back to the list

Latest Posts

Patch Tuesday: 60 vulnerabilities, 2 zero-days and good old LNK bugs

Patch Tuesday: 60 vulnerabilities, 2 zero-days and good old LNK bugs

Today Microsoft has released security fixes for 60 vulnerabilities in total. Among them 2 zero-days in Windows Shell and Internet Explorer.
15 August 2018
Microsoft patches for June 2018

Microsoft patches for June 2018

50 vulnerabilities patched, some of them are potentially wormable.
13 June 2018
VPNFilter, attacks on routers and why external scanning is essential for security

VPNFilter, attacks on routers and why external scanning is essential for security

How to protect your router from VPNFilter and other attacks.
8 June 2018
Featured vulnerabilities
Denial of service in Asterisk
Medium Patched | 24 Sep, 2018
Multiple vulnerabilities in MediaWiki
Low Patched | 21 Sep, 2018
Remote code execution in Microsoft Jet Database
High Not Patched | 21 Sep, 2018
Remote code execution in Mozilla Firefox
Medium Patched | 21 Sep, 2018
Multiple vulnerabiltiies in Mozilla Firefox ESR
Medium Patched | 21 Sep, 2018