Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label App. Show all posts

iPhone contacts app vulnerable to hack attack, says security firm


Apple has never shied away from boasting about how secure its systems are, but researchers have found that contacts saved on iPhones are vulnerable to an SQLite hack attack which could infect the devices with malware.

SQLite - the most widespread database engine in the world - is available in every operating system (OS), desktop and mobile phone. Windows 10, macOS, iOS, Chrome, Safari, Firefox and Android are popular users of SQLite.

Security firm Check Point has demonstrated a technique being used to manipulate Apple's iOS Contacts app. Searching the Contacts app under these circumstances triggers the device to run malicious codes, Apple Insider reported on Saturday.

The vulnerability has been identified in the industry-standard SQLite database.

Documented in a 4,000-word report, the company's hack involved replacing one part of Apple's Contacts app and while apps and any executable code has to go through Apple's startup checks, an SQLite database is not executable.

"Persistence (keeping the code on the device after a restart) is hard to achieve on iOS as all executable files must be signed as part of Apple's Secure Boot. Luckily for us, SQLite databases are not signed," the report quoted the Check Point researchers as saying.

As of now, Apple has not commented on Check Point's report.

Flaw in Zoom app could allow Mac webcams to be hacked

Jonathan Leitschuh, a US-based security researcher on Monday had publicly disclosed a major zero-day vulnerability in the Zoom video conferencing software. Leitschuh had demonstrated that any website can start a video-enabled call through the Zoom software on a Mac with the help of a web server which gets installed by the Zoom app.

According to a report by The Verge, the server accepts the requests which the regular would not. The report further says that even if you uninstall the Zoom software, the server will still remain and it can reinstall Zoom without the user’s choice. As per the findings by Leitschuh, the Zoom software can get hijacked by any website which can then force a Mac user to join a call along with an activated webcam even without their permission unless a specific setting is enabled.

On a Medium post published on Monday, Leitschuh gave a demonstration through a form of a link which after being clicked takes Mac users (currently using/or have used Zoom app before) to a conference room activating their webcams. He notes that this particular code can get embedded to any website and also on malicious ads or a phishing campaign.

Leitschuh further writes that even if Mac users uninstall the Zoom app, the local web server still remains and it will “happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage.”

The Verge in its report said that they tried the flaw themselves by using Leitschuh’s demo and were able to confirm that the issue does persist on clicking the link if Mac users have used the Zoom app and have not checked a particular checkbox in settings. The link auto joins the users to a conference call with the web camera on.

As per Leitschuh, he had contacted Zoom back on March 26 earlier this year and had said that he would disclose the exploit publicly in 90 days. According to him, Zoom does not seem to have done enough to resolve the problem. The particular vulnerability was also disclosed to both Chromium and Mozilla teams, however, because it is not an issue with their browsers, there is not much those developers can do about this.

Hacker hacking McDonald's App, ordering thousands of dollars of worth food



In Canada, McDonalds is losing out on thousands of dollars because of a notorious hacking act. The unidentified  person is hacking into McDonalds app of strangers to rack up thousands of dollars worth food purchase.

The recent victim was Patrick O’Rourke, who is  the managing editor of the tech news site MobileSyrup.He said that he didn’t realise till recently that someone has hacked into his Mcdonald's app and has ordered almost 100 meals between April 12 and April 18

According to the CBC report ,there were mass purchases of Big Macs and McFlurries. O’Rourke doubts whether a single person could have eaten all the food.

He told CBC,”It could be one guy who was able to hack my account and he shared it with a bunch of his friends across Montreal, and they all just went on a food spree,”

There have been other incidences of similar nature across Canada recently, where McDonalds app was hacked and a huge amount of bill was raised through the illegal buying of food. There have been four victims across Canadian provinces, all of them belongs to Quebec. So now Quebec Police is searching for the possible hacker in Quebec.

According to O’Rourke, McDonalds was not much to the help in the matter. He said “To me, it just seems like a little bit negligent… like they don’t really care, McDonald’s should at least be sending out a mass email to everyone that has the account [to say], ‘Hey, you should reset your password.’ ”

In Canada, McDonalds app has been hacked before.

Google refuses to delete "Absher" that allows men to track women





Google has refused to remove a Saudi Arabia government app "Absher" that allows men to track and control women's movements.

After reviewing the app, the company said that the software does not violate any of its agreement, and terms and conditions.

The tech giant has conveyed their decisions to the office of Representative Jackie Speier, a California Democrat who, with other 13 colleagues in Congress, demanded the removal of the app from the Google Play store.

The app allows men guardians of the women to a state where their dependents can go, for how long and which airports they can visit.

If a woman leaves a certain area, then immediately an alert is triggered to their male guardians.

The app has been criticized for its oppressive nature. It was initially designed for  Saudi citizens to access e-government services, but it also allows men to track their female dependents and migrant workers, in order to track their movements and restrict their free passage through passport data.

The app is available on both Google Play Store and Apple App Store.

However, Apple says it is still reviewing Absher.