Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Android commercial spyware

Kaspersky Securelist - 1 hodina 5 min zpět

There’s certainly no shortage of commercial spying apps for Android, with most positioned as parental control tools. In reality, however, these apps barely differ from spyware, with the exception perhaps of the installation method. There’s no need to even resort to Tor Browser or other darknet activity either – all you need to do is type something like “android spy app” into Google.

They are called ‘commercial’ because anyone can buy an app like this for just a few dollars.

Kaspersky Lab mobile products detect this sort of commercial Android spyware as not-a-virus:Monitor.AndroidOS.*. According to our telemetry, the popularity of these apps has been growing in recent years:

Unique users attacked by not-a-virus:Monitor.AndroidOS.*, 2016-2017

That’s why we decided to take a closer look at this controversial type of mobile software.

Features

Almost all commercial spyware apps are installed by manually accessing the target’s phone, and this is the only big difference between these apps and classic malicious spyware like DroidJack or Adwind. Customers have to download the app, install it and enter credentials that are received after purchasing. After that, the spying app becomes invisible on the phone. Installation usually only takes a couple of minutes.

Regular installation process (https://tispy.net/install-guide.html)

Some of these tools use device admin features to gain persistence and self-protection on the target’s phone.

So what does the customer get? Features may vary, but some of them are present in almost all these kinds of apps:

  • Stealing SMSs
  • Stealing calls (logs/recordings)
  • GPS tracking
  • Stealing browser data (history/bookmarks)
  • Stealing stored photos/videos
  • Stealing address books (with emails and even photos sometimes)

And if you’re still not impressed, then check out the actual feature lists (in addition to the above) of some popular commercial spyware for Android. We have added the infamous Pegasus APT and Droidjack spyware to our comparison table below to show the difference in features between them and monitoring apps. Pegasus is an advanced persistent threat, created by NSO Group. Droidjack is an RAT that was sold some time ago for a $210 lifetime license. This tool is more akin to TrojWare, because of features such as remote installation and customization of your own C&C server. However, even after several users in European countries were arrested, malware author Sanjeevi claimed that Droidjack is “very useful for users who use it legally”. He stated that “Droidjack is a parental tool for remote Android administration. It is strictly meant for that and no other reasons”. Anyone who breaks these rules, adds Sanjeevi, will have their license revoked.

Stealing emails Stealing surrounding voice Stealing scheduled tasks/ calendar/ notes Stealing social media/IM data Backdoor behavior (e.g., remote control) Photo/ video/ screenshot capture Keylogging Stealing clipboard Pegasus + + + + + + + – DroidJack – + – + + + – – TiSpy + + + + – + + + Exaspy + + + + + + – – iKeyMonitor + + – + – + + + Mobistealth + + + + – + + – mSpy + – + + + – + – iSpyoo + + + + + – – – SpyHuman – + – + + + – – TheftSpy – + – + + + – – TheTruthSpy – + – + + – + – OneSpy + + – + – + – – Highster Mobile + – – + – – – – Spymaster Pro – – – + – + – – DroidWatcher – – – + – + – –

This comparison table shows that the difference between known sophisticated spyware and some commercial monitor apps is not that great and, in some cases, monitor applications can even grab more private user information.

Exaspy is an especially interesting case. This is a classic monitor application with a regular manual-access installation method (you have to enter license credentials after installation to start spying):

However, after news about a high-profile victim – a senior executive at a company – this monitor app is considered illegal for now. Note that there are a lot of similar apps that can result in cases like this.

Some special features (spying on social media apps, for example) only work on a rooted device, but the list is still impressive. The ‘Stealing social media/IM data’ feature is particularly important. It means that the spyware is able to attack other social media or messenger apps (depending on the specific product), for example, Facebook, Viber, Skype, WhatsApp, etc. As a result, an attacker can observe messenger conversations, feeds and other personal data from the victim’s social media profile.

These products use the same techniques as standard malicious spyware to steal data, and sometimes on a bigger scale. For example, here is a fragment of code from a commercial application called OneSpy with a list of external attacked applications:

As you can see, the commercial app is interested in all popular social media apps and messengers.

It’s ‘legal’

Above we mentioned that some commercial Android spyware apps like Exaspy were recognized as illegal after investigations. But many commercial spyware applications are still considered legitimate because, according to their sites, they were created “for everyone who needs a helping hand in protection of their loved-ones, their children, family and employees”.

Some of them claim that their products are ‘100% undetectable’. This may be true for the naked eye, but definitely not for our products.

But why do we think commercial spyware poses a danger and why do we detect it? There are several reasons:

  • Almost all commercial spyware is distributed from its own site and landing pages. This results in vendors prompting users to enable the “Allow install of non-market applications” setting. This setting is very important for device safety because enabling it makes an Android device vulnerable to malware installation. For security reasons this method of distribution is contrary to Google policy.
  • Source: http://ispyoo.com/ispyoo-spy-android-installation-guide/

  • Because some spying features only work on a rooted device, many vendors recommend rooting the targeted device. This opens the door for potential malware infection, and moreover, device rooting is contrary to Google policy.
  • Source: https://ikeymonitor.com/rooted-vs-non-rooted-features-for-android

  • Not every vendor can guarantee the safety of personal data, and that applies not only to hacker attacks but also to simple methods of product security.

The last point is very important and our concerns aren’t baseless. I analyzed one commercial spyware app, investigating the vendor’s main site and C&C server. I soon found lots of files that had been uploaded to the server and that turned out to be users’ personal data collected by the app. Private files were stored on the server without any protection and could be accessed by anyone.

uh… security?

Many users of spyware apps who want to monitor the private lives of their relatives simply don’t understand that they may not be the only ones who will have access to such information.

To sum up, installing such apps, even on your child’s device, is a risky step that could lead to malware infection, data leaks or other unpleasant consequences. In our products we use a special technology for Android OS that helps detect dangerous apps capable of violating a customer’s data privacy. There is one simple and very important tip for everyone – always protect your phone with a password, PIN or fingerprint, so an attacker won’t be able to manually access your device.

Remotely Exploitable Flaw Found In HP Enterprise Printers—Patch Now

The Hacker News - 2 hodiny 40 min zpět
Security researchers have discovered a potentially dangerous vulnerability in the firmware of various Hewlett Packard (HP) enterprise printer models that could be abused by attackers to run arbitrary code on affected printer models remotely. The vulnerability (CVE-2017-2750), rated as high in severity with 8.1 CVSS scale, is due to insufficiently validating parts of Dynamic Link Libraries (
Kategorie: Hacking & Security

Security+: Basic Forensic Procedures

InfoSec Institute Resources - 22 Listopad, 2017 - 23:47

Introduction Forensics is the acquisition, analysis, and protection of digital evidence from the scene of the crime to present the facts in the courtroom. To make the evidence admissible in court proceedings, the forensic specialist must verify that the “chain of custody” was not broken and that the evidence was gathered and preserved properly. Moreover, […]

The post Security+: Basic Forensic Procedures appeared first on InfoSec Resources.

Security+: Basic Forensic Procedures was first posted on November 22, 2017 at 4:47 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Security+: Wireless Network Security Issues

InfoSec Institute Resources - 22 Listopad, 2017 - 23:33

Introduction Today, wireless networking is widely used in both home and corporate networks. However, managing wireless networks and their security for reliable access is a herculean task. As a matter of fact, wireless networking involves various security issues that hamper the provision of reliable services to the users. The underlying wireless network techniques involve various […]

The post Security+: Wireless Network Security Issues appeared first on InfoSec Resources.

Security+: Wireless Network Security Issues was first posted on November 22, 2017 at 4:33 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Best Practices for Web Browser Security

InfoSec Institute Resources - 22 Listopad, 2017 - 21:55

Web browsers are a commonly used software application to access web resources and pages using the Internet. A browser can also be used to access information provided by web servers in private networks or files in file systems. The most popular web browsers so far are Firefox, Google Chrome, Microsoft Edge (preceded by Internet Explorer) […]

The post Best Practices for Web Browser Security appeared first on InfoSec Resources.

Best Practices for Web Browser Security was first posted on November 22, 2017 at 2:55 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

What we know about Uber (so far, anyway) [VIDEO]

Sophos Naked Security - 22 Listopad, 2017 - 19:28
Uber is the data breach story of the week that looks set to become the saga of the month/quarter/year/decade. Here's the story so far...

HP to Patch Bug Impacting 50 Enterprise Printer Models

Threatpost - 22 Listopad, 2017 - 19:22
HP said dozens of enterprise-class printer models will receive a patch for an arbitrary code execution vulnerability sometime this week.
Kategorie: Hacking & Security

Insider threats within the cloud

InfoSec Institute Resources - 22 Listopad, 2017 - 19:21

Contrary to common perception, time and time again reports show that the most significant security threats to an organization are the so-called Insider Threats. Research estimates hold these threats responsible for at least 40% , but potentially all the way up to 75% or more, of all data breaches. News coverage is relatively limited because […]

The post Insider threats within the cloud appeared first on InfoSec Resources.

Insider threats within the cloud was first posted on November 22, 2017 at 12:21 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Top 5 Smartest Malware Programs

InfoSec Institute Resources - 22 Listopad, 2017 - 19:15

1. Introduction The growing threat of malware is one of the biggest Cyber Security threats of today. Malware is a term that encompasses a plethora of covert, intrusive software. This includes items such as viruses, worms, Trojans horses, and ransomware. The impact of these rapidly spreading malicious programs ranges from regular everyday annoyances (e.g., pop-up […]

The post Top 5 Smartest Malware Programs appeared first on InfoSec Resources.

Top 5 Smartest Malware Programs was first posted on November 22, 2017 at 12:15 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Over 400 Popular Sites Record Your Every Keystroke and Mouse Movement

The Hacker News - 22 Listopad, 2017 - 17:46
How many times it has happened to you when you look for something online and the next moment you find its advertisement on almost every other web page or social media site you visit? Web-tracking is not new. Most of the websites log its users' online activities, but a recent study from Princeton University has suggested that hundreds of sites record your every move online, including your
Kategorie: Hacking & Security

Black Friday shopping? “A little delay goes a long way!”

Sophos Naked Security - 22 Listopad, 2017 - 17:16
Want to chase those bargains on Black Friday? Here's how to do it without falling over yourself in haste...

Google and Twitter turn their backs on Russian media over fake news

Sophos Naked Security - 22 Listopad, 2017 - 15:28
Russia Today and Sputnik swear up and down they're legitimate news sources. The FBI, and former employees, beg to differ.

Uber tajil masivní únik 57 milionů záznamů. Hackerům zaplatil za mlčení

Zive.cz - bezpečnost - 22 Listopad, 2017 - 15:11
Společnost Uber, která provozuje stejnojmennou platformu pro sdílení jízd, se stala v roce 2016 terčem kybernetických útočníků. Ze serverů odcizili údaje o 57 milionech zákazníků a o 600 tisících řidičů Uberu. Předchozí výkonný ředitel však celý incident utajil a informace vyplavaly na povrch až ...
Kategorie: Hacking & Security

Exploiting X11 Unauthenticated Access

InfoSec Institute Resources - 22 Listopad, 2017 - 14:00

In this article, we are going to see how to exploit the x11Server Unauthenticated Access vulnerability which is associated with the CVE-1999-0526. How bad is this vulnerability? The remote X11 server accepts connections from anywhere one can get an Internet connection. It is responsible for access to the graphics cards, the input devices, and the […]

The post Exploiting X11 Unauthenticated Access appeared first on InfoSec Resources.

Exploiting X11 Unauthenticated Access was first posted on November 22, 2017 at 7:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Does Your Company Need DDoS Testing? – Let’s Find Out

InfoSec Institute Resources - 22 Listopad, 2017 - 14:00

DDoS testing: top five questions answered Find answers to the top five questions about DDoS testing to understand its essence, value and collateral legal issues. Security specialists have never placed DDoS testing high on the IT agenda, choosing between vulnerability assessment and penetration testing. However, things change. According to a Nexus Guard Threat Report, DDoS […]

The post Does Your Company Need DDoS Testing? – Let’s Find Out appeared first on InfoSec Resources.

Does Your Company Need DDoS Testing? – Let’s Find Out was first posted on November 22, 2017 at 7:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

Chromebook exploit earns researcher second $100k bounty

Sophos Naked Security - 22 Listopad, 2017 - 12:43
A year on from Google's last $100,000 bug bounty payout, the same researcher has found a second critical persistent compromise of Chrome OS.

Apple served with warrant for Texas mass killer’s iCloud data

Sophos Naked Security - 22 Listopad, 2017 - 12:19
Texas police are looking for any data stored by gunman Devin Patrick Kelley, who was found with an iPhone after he killed himself.

New OWASP Top 10 List Includes Three New Web Vulns

LinuxSecurity.com - 22 Listopad, 2017 - 11:03
LinuxSecurity.com: After months of review, the Open Web Application Security Project has finally formally updated its widely used, if somewhat disputed, ranking of top Web application security vulnerabilities.
Kategorie: Hacking & Security

After Getting Hacked, Uber Paid Hackers $100,000 to Keep Data Breach Secret

The Hacker News - 22 Listopad, 2017 - 10:38
Uber is in headlines once again—this time for concealing last year's data breach that exposed personal data of 57 million customers and drivers. On Tuesday, Uber announced that the company suffered a massive data breach in October 2016 that exposed names, e-mail addresses and phone numbers of 57 million Uber riders and drivers along with driver license numbers of around 600,000 drivers.
Kategorie: Hacking & Security
Syndikovat obsah