iOS 7 Untethered Jailbreak released for iPhone, iPad, and iPod devices :)

If you love iPhone you are surely going to love this news. iOS 7 was released in 3 months before and today finally the evad3rs team has released untethered jailbreak for iPhone, iPad, and iPod devices running iOS 7.0 through iOS 7.0.4.

The evasi0n installer is compatible with Windows, Mac OS X and Linux so no matter what operating system you’re on, you should be able to jailbreak your device.

"Jailbreaking is the procedure of modifying the iOS of your iPhone to remove the limitations imposed by Apple. This allows a user to access and install a lot of new applications, software and other similar content which otherwise are not made available to iPhone users through the Apple Store."

The process is very simple, and within five minutes you can jailbreak your device. According to the instructions, iTunes must be installed if you’re running Windows and the only prerequisite is that the device should be running iOS 7.0.4.

Team advice user to backup device data before using evasi0n tool. If something breaks, you'll always be able to recover your data.

FAQ :- "Jailbreak is legal or not ?", - Yes is legal, at least in the US, a rule was passed in July 2010 by the US government made it legal so whatever you are doing with your iPhone is completely legal.

Once the installation will complete, the Cydia will appear on the home screen.

 Download Evasi0n forWindows 
 Download Evasi0n for Mac 


 

Hacker demonstrated 'Remote Code Execution' vulnerability on EBay website

According to David Vieira-Kurz discovered Remote code execution flaw "due to a type-cast issue in combination with complex curly syntax", that allows an attacker to execute arbitrary code on the EBay's web server. In a demo video, he exploited this RCE flaw on EBay website, and managed to display output of phpinfo() PHP function on the web page, just by modifying the URL and injecting code in that.

According to an explanation on his blog, he noticed a legitimate URL on EBay:

"https://sea.ebay.com/search/?q=david&catidd=1" 

..and modified the URL to pass any array values including a payload:

"https://sea.ebay.com/search/?q[0]=david&q[1]=sec{${phpinfo()}}&catidd=1"

But it is not clear at this moment that where the flaw resides on Ebay server, because how a static GET parameter can be converted to accept like an array values?

According to me, it is possible only if the 'search' page is receiving "q" parameter value using some LOOP function like "foreach()". Most probably code at the server end should be something like:

"foreach($_GET['q'] as $data)
{
        If $data is successfully able to bypass some input filter functions
    {
        eval("execute thing here with $data");
    }
 }

David has already reported the flaw responsibly to the Ebay Security Team and they have patched it early this week.

Rogue Android Gaming app that steals WhatsApp conversations

Google has recently removed a Rogue Android gaming app called "Balloon Pop 2" from its official Play store that was actually stealing user's private Whatsapp app conversations.

Every day numerous friends ask me if it is possible to steal WhatsApp chat messages and how, of course a malware represents an excellent solution to the request.

In the past I already posted an article on the implementation of encryption mechanisms for WhatsApp application explaining that improper design could allow attackers to snoop on the conversation. Spreading the malware through an official channel the attacker could improve the efficiency of the attack, and it is exactly what is happening, an Android game has been published on the official Google Play store to stealthy steal users’ WhatsApp conversation databases and to resell the collection of messages on an internet website.

The games titled “Balloon Pop 2” has been fortunately identified and removed from the official Google Play store, it was able to spy on conversations made via WhatsApp and upload them to the WhatsAppCopy website.

On the WhatsAppCopy website is advertised the Android game BalloonPop2 as a way of “backing up” a device’s WhatsApp conversation, it's very curious, what do think about?

The website managers sustain that their app is a legitimate game that could be used to back up WhatsApp messages, they aren't responsible for its abuse for spying purposes. The attacker paying a fee could view the stolen WhatsApp conversations from the WhatsAppCopy website, it is necessary to provide the phone number of the targeted Android device to read the private messages exchanged by the victims.

The message posted on the website states: 
"Execute our game on a mobile, whatsapp conversations are sent to this website, an hour later looking for the phone, and you can read the conversations ."

Despite the application has been immediately removed from the Google Play store there is the concrete risk that ill-intentioned will continue to distribute it through unofficial stores.

The rapid diffusion of mobile platforms and lack of defense mechanisms on almost every device make them a privileged target, the number of malicious code designed for Android and iOS is literally exploded in the next years.

Cyber criminals have also exploited official channel to spread malicious code, it is happening to the mobile version of the popular Carberp banking trojan.

The fact that an app has been published on official store it isn't sufficient to consider it reliable and secure, same consideration is valid for other mobile platforms.



Take care of your privacy, be smart!

Unpatched vulnerability in Android 4.3 allows apps to Remove Device Locks

In September, Google added the remote Device locking Capability to its Android Device Manager, allowing users to lock their phone if it’s stolen or lost.
The mechanism allows user to override the existing device lock scheme and set password scheme for better security.

But Recently, Curesec Research Team from Germany has discovered an interesting vulnerability (CVE-2013-6271) in  Android 4.3 that allows a rogue app to remove all existing device locks activated by a user.

'The bug exists on the “com.android.settings.ChooseLockGeneric class”. This class is used to allow the user to modify the type of lock mechanism the device should have.' CRT team says in a blog post.

Android OS has several device lock mechanisms like PIN, Password, Gesture and even faces recognition to lock and unlock a device. For modification in password settings, the device asks the user for confirmation of the previous lock.

But if some malicious application is installed on the device, it could exploit the flaw to unlock the device without the knowledge of previous password. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks.

Curesec Team has already reported the vulnerability to Google Android Security Team three times, but unfortulatly Google is not responding them about this issue.