Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Android App Safety. Show all posts
Telegram
Android App Safety APK Files Cyber Attacks ESET ESET Research Malicious Apps Telegram

EvilVideo Exploit: Telegram Zero-Day Vulnerability Allows Disguised APK Attacks

 

A recent zero-day vulnerability in Telegram for Android, dubbed ‘EvilVideo,’ has been exploited by attackers to send malicious Android APK payloads disguised as video files. This significant security flaw was first brought to light when a threat actor named ‘Ancryno’ started selling the exploit on June 6, 2024, on the Russian-speaking XSS hacking forum. 

The vulnerability affected Telegram versions 10.14.4 and older. ESET researchers discovered the flaw after a proof-of-concept demonstration was shared on a public Telegram channel, allowing them to analyze the malicious payload. They confirmed that the exploit worked on Telegram v10.14.4 and older, naming it ‘EvilVideo.’ The vulnerability was responsibly disclosed to Telegram by ESET researcher Lukas Stefanko on June 26 and again on July 4, 2024. Telegram responded on July 4, indicating that they were investigating the report. 

Subsequently, they patched the vulnerability in version 10.14.5, released on July 11, 2024. This timeline suggests that threat actors had at least five weeks to exploit the zero-day vulnerability before it was patched. While it remains unclear if the flaw was actively exploited in attacks, ESET shared a command and control server (C2) used by the payloads at ‘infinityhackscharan.ddns[.]net.’ BleepingComputer identified two malicious APK files using that C2 on VirusTotal that masqueraded as Avast Antivirus and an ‘xHamster Premium Mod.’ 

The EvilVideo zero-day exploit specifically targeted Telegram for Android. It allowed attackers to create specially crafted APK files that, when sent to other users on Telegram, appeared as embedded videos. ESET believes the exploit used the Telegram API to programmatically create a message showing a 30-second video preview. The channel participants received the payload on their devices once they opened the conversation. 

For users who had disabled the auto-download feature, a single tap on the video preview was enough to initiate the file download. When users attempted to play the fake video, Telegram suggested using an external player, which could lead recipients to tap the “Open” button, executing the payload. Despite the threat actor’s claim that the exploit was “one-click,” the multiple clicks, steps, and specific settings required for a successful attack significantly reduced the risk. ESET tested the exploit on Telegram’s web client and Telegram Desktop and found that it didn’t work on these platforms, as the payload was treated as an MP4 video file. 

Telegram’s fix in version 10.14.5 now correctly displays the APK file in the preview, preventing recipients from being deceived by files masquerading as videos. Users who recently received video files requesting an external app to play via Telegram are advised to perform a filesystem scan using a mobile security suite to locate and remove any malicious payloads.
Read more »
Security Flaws
Android Android App Android App Safety Android Applications Android Apps Cyber Security Microsoft Security flaw Security Flaws

Microsoft Uncovers Major Security Flaw in Android Apps with Billions of Downloads

 

Microsoft recently made a troubling discovery regarding the security of numerous Android applications, including some of the most widely used ones, each boasting over 500 million installations. After uncovering a common security weakness, Microsoft promptly notified Google's Android security research team, prompting Google to release new guidance aimed at helping Android app developers identify and rectify the issue. 
 
Among the applications found to be vulnerable were Xiaomi Inc.'s File Manager, boasting over 1 billion installations, and WPS Office, with around 500 million downloads. Although Microsoft confirms that the vendors of these products have since addressed the issue, they caution that there may be other apps out there still susceptible to exploitation due to the same security flaw. 
 
The vulnerability in question pertains to Android applications that share files with other apps. To enable secure sharing, Android employs a feature known as "content provider," which essentially serves as an interface for managing and exposing an app's data to other installed applications on the device. 
 
However, Microsoft's research uncovered a significant oversight in many cases: when an Android app receives a file from another app, it often fails to adequately validate the content. Particularly concerning is the practice of using the filename provided by the sending application to cache the received file within the receiving application's internal data directory. This oversight creates an opportunity for attackers to exploit the system by sending a file with a malicious filename directly to a receiving app, without the user's knowledge or consent. 
 
Typical targets for such file sharing include email clients, messaging apps, networking apps, browsers, and file editors. If a malicious filename is received, the receiving app may unwittingly initialize the file, triggering processes that could lead to compromise. 
 
The potential consequences vary depending on the specific implementation of the Android application. In some scenarios, attackers could exploit the vulnerability to overwrite an app's settings, leading to unauthorized communication with attacker-controlled servers or the theft of user authentication tokens and other sensitive data. In more severe cases, attackers could inject malicious code into a receiving app's native library, enabling arbitrary code execution. 
 
Microsoft and Google have both offered guidance to developers on how to address this issue, emphasizing the importance of validating file content and ensuring the secure handling of shared files. Meanwhile, end users can mitigate the risk by keeping their Android apps up to date and exercising caution when installing apps from sources they trust.
Read more »
Vulnerabilities and Exploits
Android App Safety Apple Bluetooth GitHub Linux Linux Servers macOS Vulnerabilities and Exploits

Bluetooth Security Flaw Strikes Apple, Linux, and Android Devices

Vulnerabilities in the constantly changing technology landscape present serious risks to the safety of our online lives. A significant Bluetooth security weakness that affects Apple, Linux, and Android devices has recently come to light in the cybersecurity community, potentially putting millions of users at risk of hacking.

The flaw, identified as CVE-2023-45866, was first brought to light by security researchers who detected a potential loophole in the Bluetooth communication protocol. The severity of the issue lies in its capability to allow hackers to take control of the targeted devices, potentially leading to unauthorized access, data theft, and even remote manipulation.

Security experts from SkySafe, a renowned cybersecurity firm, delved into the intricacies of the vulnerability and disclosed their findings on GitHub. If successfully employed, the exploit could lead to a myriad of security breaches, prompting urgent attention from device manufacturers and software developers alike.

Apple, a prominent player in the tech industry, was not exempt from the repercussions of this Bluetooth bug. The flaw could potentially enable hackers to hijack Apple devices, raising concerns among millions of iPhone, iPad, and MacBook users. Apple, known for its commitment to user security, has been swift in acknowledging the issue and is actively working on a patch to mitigate the vulnerability.

Linux, an open-source operating system widely used across various platforms, also faced the brunt of this security loophole. With a significant user base relying on Linux for its robustness and versatility, the impact of the Bluetooth flaw extends to diverse systems, emphasizing the urgency of a comprehensive solution.

Android, the dominant mobile operating system, issued a security bulletin addressing the Bluetooth vulnerability. The Android Security Bulletin for December 2023 outlined the potential risks and provided guidance on necessary patches and updates. As the flaw could compromise the security of Android devices, users are strongly advised to implement the recommended measures promptly.

Cybersecurity experts stated, "The discovery of this Bluetooth vulnerability is a stark reminder of the constant vigilance required in the digital age. It underscores the importance of prompt action by manufacturers and users to ensure the security and integrity of personal and sensitive information."

This Bluetooth security issue serves as a grim reminder of the ongoing fight against new cyber threats as the tech world struggles with its implications. In order to strengthen its commitment to a secure digital future, the IT industry is working together with developers, manufacturers, and consumers to quickly identify and fix vulnerabilities.

Read more »
Tools
AI AI tools Android App Safety Automation Data OpenAI Security Technology Tools

3 Key Reasons SaaS Security is Essential for Secure AI Adoption

 

The adoption of AI tools is revolutionizing organizational operations, providing numerous advantages such as increased productivity and better decision-making. OpenAI's ChatGPT, along with other generative AI tools like DALL·E and Bard, has gained significant popularity, attracting approximately 100 million users worldwide. The generative AI market is projected to surpass $22 billion by 2025, highlighting the growing reliance on AI technologies.

However, as AI adoption accelerates, security professionals in organizations have valid concerns regarding the usage and permissions of AI applications within their infrastructure. They raise important questions about the identity of users and their purposes, access to company data, shared information, and compliance implications.

Understanding the usage and access of AI applications is crucial for several reasons. Firstly, it helps assess potential risks and enables organizations to protect against threats effectively. Without knowing which applications are in use, security teams cannot evaluate and address potential vulnerabilities. Each AI tool represents a potential attack surface that needs to be considered, as malicious actors can exploit AI applications for lateral movement within the organization. Basic application discovery is an essential step towards securing AI usage and can be facilitated using free SSPM tools.

Additionally, knowing which AI applications are legitimate helps prevent the inadvertent use of fake or malicious applications. Threat actors often create counterfeit versions of popular AI tools to deceive employees and gain unauthorized access to sensitive data. Educating employees about legitimate AI applications minimizes the risks associated with these fraudulent imitations.

Secondly, identifying the permissions granted to AI applications allows organizations to implement robust security measures. Different AI tools may have varying security requirements and risks. By understanding the permissions granted and assessing associated risks, security professionals can tailor security protocols accordingly. This ensures the protection of sensitive data and prevents excessive permissions.

Lastly, understanding AI application usage helps organizations effectively manage their SaaS ecosystem. It provides insights into employee behavior, identifies potential security gaps, and enables proactive measures to mitigate risks. Monitoring for unusual AI onboarding, inconsistent usage, and revoking access to unauthorized AI applications are security steps that can be taken using available tools. Effective management of the SaaS ecosystem also ensures compliance with data privacy regulations and the adequate protection of shared data.

In conclusion, while AI applications offer significant benefits, they also introduce security challenges that must be addressed. Security professionals should leverage existing SaaS discovery capabilities and SaaS Security Posture Management (SSPM) solutions to answer fundamental questions about AI usage, users, and permissions. By utilizing these tools, organizations can save valuable time and ensure secure AI implementation.
Read more »
Technology
Account deletion Android App Safety Android Apps Google New Policies Technology

Google Mandates Easy Account Deletion for Android Apps


Google is implementing a new data policy for Android apps that also includes a setting for account deletion to provide customers with more transparency and control over the data. 

The measure would compel app developers to provide users with in-app deletion options while also allowing them to manage app data online. 

"For apps that enable app account creation, developers will soon need to provide an option to initiate account and data deletion from within the app and online," says Bethel Otuteye, senior director of product management for Android App Safety. "This web requirement, which you will link in your Data safety form, is especially important so that a user can request account and data deletion without having to reinstall an app." 

The goal, for the developers, is to provide users with an in-app path and web link resource requesting app account deletion and associated data. App developers must delete any data related to a particular account whenever users submit such a request. 

In addition to this, users will be provided with certain alternatives to selectively delete only portions of the data, such as activity history, images, or videos, instead of completely deleting their accounts. 

The decision was made as lawmakers and privacy groups intensified their scrutiny of Apple, Google, and mobile app developers due to concerns that they were profiling, gathering personal user data, and tracking mobile phone users without consent. 

On June 30, 2022, Apple imposed a similar policy for app makers on its App Store. Apple, unlike Google, does not enforce a web-based alternative for users to remove their accounts; instead, it merely needs developers to provide an in-app path for account deletion. 

The announcement by Google on Thursday of related measures to prevent financial loan application apps from accessing mobile phone images, videos, contacts, geolocation information, and call logs aligns with Otuteye's tweet. On May 31, 2023, that regulation came into force. 

Changes May Take Time 

The policy will be enforced globally with a new set of rules from early 2024, Otuteye said. The first step, she says, will require developers to fill out a data deletion form provided by Google by December 7. The developer appeals for more time and can extend the deadline to May 31, 2024. As for now, Google only requires app developers to provide users with the option to request their data deletion.   

Read more »
Subscribe to: Posts (Atom)