TEHTRI-Security - Actualité

[ Filters:

All

Events

Tech

Info

]

Gmail App Security Issues on iPhone/iPad/iPod

TEHTRIS published humble thoughts related to vulnerabilities of Gmail App for iPhone/iPad/iPod. Emails, contacts, etc, are cached in cleartext on the i-device. Moreover, authentication data, like some famous cookies, are not stored through secure Keychains capabilities, which can lead to Gmail hijacking issues. Read our blog for more information. By the way, many applications from the Apple Store are vulnerable.

Read more - Posted on 28/01/2012 - Share on

CERT VU#584363: Zenprise Device Manager CSRF / Powning a GSM fleet

The US-CERT released a vulnerability note VU#584363 explaining that the Zenprise Device Manager software is susceptible to a cross-site request forgery (CSRF) vulnerability that may result in the compromise of the fleet of mobile devices managed by the product. Thanks to our exploits, a skilled attacker could get the control of a complete fleet of iPad, BlackBerry, Android, iPhones, Windows Mobile, Symbian, etc. Some of our exploits could lead to a shred of the whole fleet of devices. Others could help at spying on the end-users of these phones and tablets. According to TEHTRI-Security, many big companies using Mobile Device Management tools could be attacked through these kind of vectors, because of lack of technical skilled penetration tests.

Read more - Posted on 25/11/2011 - Share on

CVE-2011-3434: Our vuln was patched by Apple - iOS 5 Software update

TEHTRI-Security found a vulnerability on iPod/iPhone/iPad [CVE-2011-3434]. Indeed, WiFi credentials were logged to a local file, including passphrases and encryption keys. This was readable by applications on the system. Apple resolved this problem by avoiding logging these credentials. You should definitely update your devices. This patch is available for iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad. We only shared complete issues with Apple support. Some details were shared with our attendees of SyScan Singapore 2011 and HITB Amsterdam 2011. If you want more 0days and exploits, you should definitely register to our next trainings (BlackHat AD, HITB India, etc).

Read more - Posted on 13/10/2011 - Share on

SPIP recently fixed 2 vulnerabilities notified by Tehtri-Security (0day)

Our CTO, Laurent ESTIEUX, discovered two vulnerabilities in a well-known CMS product named SPIP : a local path disclosure (all SPIP version) + an SQL injection (SPIP 1.9.2 branch). As Tehtri-Security is engaged in a responsible disclosure policy, technical information were notified to the SPIP-Team for fixes. SPIP is now patched and latest version can be downloaded at http://www.spip.net/en_article5265.html

Read more - Posted on 01/10/2011 - Share on

New Event HITBGSEC 2012 + New Training about Strategic Cyber Attacks

Join us at the India's Premier Global IT Security Conference next year. This will definitely be the place to be with some of the most influential thinkers in the security industry and India's leading CxO's. There, we will give a tremendous new training, called "Strategic cyber attacks, Advanced Persistent Threats and beyond". This will be the time to show and explain why every sensitive places get hacked in this cyber world, and how attackers work to steal data or destroy infrastructures. More information in the future. Stay tuned...

Read more - Posted on 22/09/2011 - Share on

0days found in software used by banks, telcos, military, airports...

During a penetration test, TEHTRI-Security found local and remote security issues in a product that is currently used to ensure 24x7 availabity and load balancing for military applications, as well as high availability in airports for air traffic control, plus banking or medical services, etc. As we created 0days that could be used to attack all those networks, we directly contacted the vendor to improve the security of their customers. With our exploits, the final effect could be a remote admin access on the infrastructure.

Read more - Posted on 20/09/2011 - Share on

Mobile Device Management Vulnerabilities (0days)

To handle the awesome use of smartphones, large-scale companies and organizations came to MDM, Mobile Device Management. This allows to manage, to monitor and to secure a mobile fleet (more or less easily). Troubles might happen when remote attackers get an illegal access on the MDM, as this could lead to opportunities like locating employees, wiping phones/tablets, stealing data, etc. We recently discovered multiple vulnerabilities (0days) in some MDM clients and servers. To give an example, we found security flaws on iPhone/iPad clients, and on control panel of some MDM products (stealing remote credentials, XSRF, LDAP injection, remote wipe of the entire fleet, network protocol issues, etc). We strongly recommend to launch advanced technical penetration tests and to create an architecture that might apply containment and detection to follow potential future intruders.

Read more - Posted on 13/09/2011 - Share on

Facebook Security Issues through HTML Iframes

Evil Facebook users could craft special web pages on facebook.com/* in order to abuse some end-users, thanks to the use of Iframe loading external web resources. This could potentially lead to privacy issues, phishing attempts, XSS/CSRF and client-side attacks. We shared humble demonstrations as a proof of concepts.

Read more - Posted on 12/09/2011 - Share on

Google silently fixed our privacy vulnerability in Google+ app for iPhone

Google patched its Google+ App for iPhone (6th Sep 2011). They silently fixed the privacy vulnerability explained on our blog. Upgrade to version 1.0.3.2124 if you want to avoid attacks with evil G+ profiles that can either track you or play with client-side weapons against your phone.

Read more - Posted on 10/09/2011 - Share on

Facebook silently fixed our vulnerability shown at HITB Amsterdam 2011

We recently discovered that Facebook patched its iPhone App without sharing any credit and without any advisory. They just silently fixed a vulnerability found by TEHTRI-Security. This one was only shared with the attendees during our talk at HITB Amsterdam 2011. And the proof of concept was only shared with Facebook and Apple support. Apple recently told us that the vulnerability was fixed by Facebook around July. This does explains why we had no news from Facebook. Disclose or not disclose, that's not a question, anymore.

Read more - Posted on 21/08/2011 - Share on

GooglePlus Reader Privacy Issue

Some Google Plus readers might reveal technical information and IP addresses while reading specially crafted G+ profiles with malicious behaviors. This could be used to commit targetted attacks against some G+ end users or to track them. More information on our blog.

Read more - Posted on 13/08/2011 - Share on

TEHTRI-Security slides from HITB Amsterdam 2011

Our slides from HITB Amsterdam 2011 are now available on HITB web site. We gave examples of new concepts of attacks in the iPhone world. For example we explained how fishing attacks could be done with telephone calls, and how to hijack a local application of the iPhone (with a demo where we have stolen the Facebook password, or Twitter or Paypal...). We also played with new fuzzing possibilities that helped at crashing some applications (FaceBook, Twitter). Finally, we gave a proof of concept to do a remote detection of a jailbroken device... We got many positive feedbacks and questions by emails, etc..

Read more - Posted on 19/05/2011 - Share on

TEHTRI-Security slides from SyScan Singapore 2011

Feel free to read our slides from SyScan Singapore 2011. It's all about hacking stuff like web clients, smartphones, etc. We also explained our tricks to hack the famous iPhone file, called consolidated.db thanks to TRIGGERS, which is now used by other researchers.

Read more - Posted on 29/04/2011 - Share on

Disable iPhone Tracking with SQL TRIGGERS in consolidated.db

Read more - Posted on 25/04/2011 - Share on

Check the security of your BlackBerry

Come and try our quick security checker for your BlackBerry device. Just point your BlackBerry browser to http://tehtris.com/bbcheck and read the results. More information available through our Blog.

Read more - Posted on 19/03/2011 - Share on

About iPhone iOS 4.3 Personal Hotspot

Tiny security advisory plus technical thoughts related to a quick test made with the iPhone iOS 4.3 that should be available soon.

Read more - Posted on 07/03/2011 - Share on

Slides from our latest talk -BlackHat DC 2011- available: "Inglourious Hackerds, targeting web clients"

Read the very latest version of our slides from our talk at BlackHat DC 2011, dealing with attacks against web clients, especially RIM, Apple, HTC and Google stuff, but not only.

Read more - Posted on 23/01/2011 - Share on

Gartner.com: If A Toy Breaks in a Work Forest, Will The Toy Vendor Hear a Noise and Fix It?

Gartner: thoughts related to TEHTRI-Security talk at BlackHat Washington DC, "Inglourious Hackerds, Targeting Web Clients".

Read more - Posted on 21/01/2011 - Share on

NetworkWorld.com: Is retaliation the answer to cyber attacks?

NetworkWorld: new article dealing with TEHTRI-Security talk at BlackHat Washington DC, "Inglourious Hackerds, Targeting Web Clients".

Read more - Posted on 21/01/2011 - Share on

NetworkWorld.com: Mobile device makers react differently to attack info, researcher says

NetworkWorld: new article dealing with TEHTRI-Security talk at BlackHat Washington DC, "Inglourious Hackerds, Targeting Web Clients".

Read more - Posted on 21/01/2011 - Share on

Client-Side Attack: Upgrade your BlackBerry devices

TEHTRI-Security found a vulnerability on BlackBerry devices. This security issue was patched by RIM, with an official advisory displayed recently on their site. Basically, when a BlackBerry device user browses to a malformed web page, the BlackBerry browser application consumes sufficient resources to make the BlackBerry device appear unresponsive. Check CVE-2010-2599.

Read more - Posted on 19/01/2011 - Share on

BlackHat DC 2011: 0days and exploiting web clients

TEHTRI-Security gave a talk yesterday during BlackHat Briefings in Washington DC. We explained how we found some 0days against some devices (Apple, RIM, Android, HTC...) with client-side attacks. We got an awesome surprise for the attendees, with experts from RIM who came and explained how they mitigated the vulnerability we found, thanks to a worldwide patch, etc.

Read more - Posted on 19/01/2011 - Share on

Safari Patch released by Apple with Credits to TEHTRI-Security

CVE-ID: CVE-1010-1752, Available for: Safari 5.0.3 and Safari 4.1.3, on platforms Windows 7, Vista, XP SP2 or later -- Description: A stack overflow exists in CFNetwork's URL handling code. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory handling.

Read more - Posted on 04/01/2011 - Share on

New talk: BlackHat DC 2011 - "Inglourious Hackerds, Targeting Web Clients"

TEHTRI-Security will give a talk at the next BlackHat in Washington DC. Our briefing will be called "Inglourious Hackerds: Targeting Web Clients". There, we will disclose many interesting tricks, exploits, 0days, etc, related to attacks that can occur against web clients for many devices and web browsers.

Read more - Posted on 02/12/2010 - Share on

HITB - Advanced European Training : Hunting Web Attackers

TEHTRI-Security will propose this offensive training to help administrators and IT Security staff who want to hunt down web attackers. It will contain plenty of cutting-edge hands-on exercices and 0days. During HITB Malaysia 2010, we gave this training, and the room was almost full, with students from Fortune 500, Government Agencies, etc. So, register quickly and join us in Amsterdam, Netherlands, during Hack In The Box HITBSecConf 2011. There, we will release some of our self-defense cyber weapons with 0days there...

Read more - Posted on 20/11/2010 - Share on

MACOSX Patch released by Apple with Credits to TEHTRI-Security

CVE-ID: CVE-2010-1752, Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4 -- Description: A stack overflow exists in CFNetwork's URL handling code. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking.

Read more - Posted on 11/11/2010 - Share on

Security-Advisory: TEHTRI-SA-2010-032 - Security issue in BaiduSpider

TEHTRI-Security found security issues related to Baidu products. This one deals with Baiduspider. Baidu company contacted

Read more - Posted on 02/11/2010 - Share on

Security-Advisory: TEHTRI-SA-2010-031 - 0day on Safari for Windows

TEHTRI-Security found a stack overflow in Safari for Windows (latest version 5.0.2 - 7533.18.5) from Apple Inc. IT Security crew from Apple contacted with an example of exploit plus a description (Vulnerable DLL, etc). This is a client-side attack against this web browser, without the interaction of the end-user (once the evil web page is loaded). No detail shared out of the Apple team.

Read more - Posted on 24/10/2010 - Share on

New talk: Black-Hat Abu Dhabi 2010

TEHTRI-Security will be part of Black-Hat Abu Dhabi 2010 for a new talk called "Extrusion and Web Hacking". We will focus on real threats and security issues related to extrusion, by explaining how attackers try to get a stealth control or an evil interaction of a remote web resource (real life covert channel, stealth bounces, etc).

Read more - Posted on 23/10/2010 - Share on

Security-Advisory: TEHTRI-SA-2010-030 - 0day on Android - App Gmail

TEHTRI-Security Lab: Vulnerability found on Android product. Application: Gmail - com.google.android.gm. Google Security Team contacted.

Read more - Posted on 22/10/2010 - Share on

Security-Advisory: TEHTRI-SA-2010-029 - 0day on Android - App Browser

TEHTRI-Security Lab: Vulnerability found on Android product. Application: Browser - com.android.browser. Google Security Team contacted.

Read more - Posted on 22/10/2010 - Share on

Credits from Apple

TEHTRI-Security was recently added twice on an article that provides credit to people who have reported potential security issues in Apple.com web servers.

Read more - Posted on 20/10/2010 - Share on

New Training : Hunting Web Attackers

TEHTRI-Security will give a new offensive training to help administrators and IT Security staff to hunt down web attackers, with plenty of cutting-edge hands-on exercices. So join us in Kuala Lumpur, Malaysia, during Hack In The Box HITBSecConf 2010. We will release some of our self-defense cyber weapons with 0days there...

Read more - Posted on 07/09/2010 - Share on

New Talk : Analyzing Massive Web Attacks

The goal of this talk is to have a deep look at some recent web attacks that occured over the Internet, especially those that were used to target a huge number of people. Thanks to special forensics operations, we will be able to bring code used by attackers to get an access, to keep control, and to commit cyber crimes. Place : Kuala Lumpur, Malaysia, HITBSecConf 2010.

Read more - Posted on 07/09/2010 - Share on

CVE-2010-1752: TEHTRI-Security inside the iPhone iOS4

TEHTRI-Security found a stack overflow in CFNetwork, through the code used to handle URL. By visiting a maliciously crafted website, we found that it might lead to an unexpected application termination or arbitrary code execution. This issue has been addressed by Apple through improved memory handling. Apple has given credit to TEHTRI-Security on their site for reporting this issue, as we provided the 0day directly to them, so that the security of their customers could be improved. This has been released to the public for the first time during Hack In The Box Europe.

Read more - Posted on 03/07/2010 - Share on

Security-Advisory: TEHTRI-SA-2010-028 - 0day on BlackBerry

During the first Hack In The Box conference in Europe, we have explained many security issues related to attacks against web clients in insecure environments. This particular advisory was about the BlackBerry. No technical detail was given to the public, so that the customers of this product might not be attacked because of our researches. Everything is in the hands of BlackBerry who are already working to fix this vulnerability.

Read more - Posted on 03/07/2010 - Share on

Security-Advisory: TEHTRI-SA-2010-027 - 0day on HTC

During the first Hack In The Box conference in Europe, we have explained many security issues related to attacks against web clients in insecure environments. This particular advisory was about the HTC. No technical detail was given to the public, so that the customers of this product might not be attacked because of our researches.

Read more - Posted on 03/07/2010 - Share on

Security-Advisory: TEHTRI-SA-2010-026 - 0day on iPad

During the first Hack In The Box conference in Europe, we have explained many security issues related to attacks against web clients in insecure environments. This particular advisory was about the iPad. No technical detail was given to the public, so that the customers of this product might not be attacked because of our researches. A live demo was given. Everything is in the hands of Apple who are already working to fix this vulnerability.

Read more - Posted on 03/07/2010 - Share on

Security-Advisory: TEHTRI-SA-2010-029 - ThalysNet Insecure

During the first Hack In The Box conference in Europe, we have explained many security issues related to attacks against web clients in insecure environments. This particular advisory was about the ThalysNet Internet service offered to 500000 end users in Europe. This service has many vulnerabilities and people in the train might be attacked. Read our slides if you want more details. ThalysNet was contacted.

Read more - Posted on 03/07/2010 - Share on

TEHTRI-Security research analyzed by BBC

BBC News has just released an article about our recent works, in their Technology category.

Read more - Posted on 18/06/2010 - Share on

TEHTRI-Security interviewed by The Register

Dan Goodin in San Francisco, working for The Register, asked us many questions about our talk of SyScan Singapore. He wrote an article called: Researcher shows how to strike back at web assailants.

Read more - Posted on 18/06/2010 - Share on

TEHTRI-Security gave 13 0days against most black hats tools

Today, during our humble new talk at SyScan 2010 Singapore, we have just released many 0days and new offensive concepts against most of the tools used by attackers currently, like web shells, exploit packs, etc. We have given new methods to counter-strike people with our new exploits giving you remote shells, remote SQL injection, permanent XSS and dangerous XSRF. We have shown how to identify, exploit or destroy attackers using those kind of tools. For example, we gave some of our 0days against known tools like Sniper Backdoor, Eleonore Exploit Pack, Liberty Exploit Pack, Lucky Exploit Pack, Neon Exploit Pack, Yes Exploit Pack... This was a way to explain that you can react when you are under attack. We hope that this will open new way to think about IT Security worldwide, and that it might help people sometimes. Do not hesitate to contact TEHTRI-Security if you need technical assistance with experts who know how work cyber conflicts for real, which is totally different from people who just do research in labs.