New blog post covering more #android #hacking and emulator bypasses:
Bypassing Hardware-Based Attestation Mechanisms for High-Security Android Apps (SafetyNet, Keystore, and StrongBox)
https://www.0x0v1.com/bypassing-hardware-based-attestation-mechanisms-for-high-security-android-apps-safetynet-keystore-and-strongbox-2/
=> More informations about this toot | View the thread
I'll be honest, over the years I've become very disillusioned by the hacker community.
The spirit of the old hacker communities which were once thrived on ideals of privacy, freedom, and the democratization of knowledge. Today, is an ethos replaced by corporate hackers, who operate within the frameworks of Big Tech—who's sole purpose is not of individual liberty, but of intellectual property and protecting corporate infrastructures.
The hacker's craft has shifted from a rebellion against centralized control to a tool for its perpetuation.
=> More informations about this toot | View the thread
Oppo and Realme distribute new Android devices with pre-installed loan app that prompts users via notification to take out a loan:
https://www.bangkokpost.com/business/general/2938596/scamming-pre-installed-loan-app-prompts-promise-of-regulation
=> More informations about this toot | View the thread
New newsletter post this week talking about Flutter's BoringSSL implementation and how to #hack it.
If you're interested in #Android bug hunting, vulnerability research etc, disabling TLS certificate checks in Flutter with Frida can help you massively.
Read the post here which is available free to subscribers:
https://www.0x0v1.com/disabling-tls-certificate-checks-in-flutter-boringssl-with-frida/
=> More informations about this toot | View the thread
Good writing on vulnerability research conducted on fertility application WhatToExpect
https://www.techlicious.com/blog/what-not-to-expect-from-your-pregnancy-app/
=> More informations about this toot | View the thread
Avoid #WhatToExpect pregnancy app, if you care about your privacy & security.
After finding issues in their product, they secretly patched it and haven't spoke to anybody.
https://www.0x0v1.com/0x0v1-newsletter-avoid-whattoexpect-pregnancy-app-if-you-care-about-your-privacy-security/
=> More informations about this toot | View the thread
I found a critical remote account takeover vulnerability, a PII over-exposure and a email leak.
The company refused to talk with me or journalists.
After publishing my research and media coverage, they fixed all the bugs.
https://www.404media.co/pregnancy-tracking-app-what-to-expect-refuses-to-fix-issue-that-allows-full-account-takeover-2/
=> More informations about this toot | View the thread
I got a big post coming this Thursday on my website about a major account takeover vulnerability in a reproductive health application.
It will be made available to members: https://0x0v1.com
=> More informations about this toot | View the thread
In my latest blog post I talk about network related emulation detection for Android.
[#]Android Network #Emulator #Bypass for high security apps - #Cashapp, #Revolut, Banking, Healthcare, Government etc.
https://www.0x0v1.com/android-network-emulator-bypassing-for-high-security-apps-cashapp-revolut-banking-healthcare-government-etc/
=> More informations about this toot | View the thread
Any tech journalists on here?
=> More informations about this toot | View the thread
New blog post:
Advanced Android Emulator Bypass Techniques for High-Security Apps: CashApp, Revolut, Healthcare & More
https://www.0x0v1.com/bypassing-emulation-detection-for-android-on-major-apps-such-as-cashapp-revolut-banking-apps/
=> More informations about this toot | View the thread
You'll be surprised how many unethical people there are in the digital rights civil society space.
=> More informations about this toot | View the thread
You’re not paid to think. A mindless worker is a happy worker.
=> More informations about this toot | View the thread
What capitalism shows us is that the wealthest among us, who own increasingly everything, distribute wealth based on the proximity to them.
That is to say, your wealth, within the capitalist construct, is based entirely upon your proximity to the rich.
This applies even in the construct of business ontology. If you're an employee within a company, your income is dictated in nearly all cases upon your proximity to the rich.
It is the modern fugal system we live in. The richest group at the top paying a group below them to manage their riches, with this continuing to the bottom.
=> More informations about this toot | View the thread
How does that work
=> More informations about this toot | View the thread
views are my own
=> More informations about this toot | View the thread
Google Play's bug bounty reward program shutting down on two weeks notice.
What impact will this have?
https://www.androidauthority.com/google-play-security-reward-program-winding-down-3472376/
=> More informations about this toot | View the thread
Should government and civil society organizations be interrogating this? I think so. I think that there needs for deep interrogation of this situation and not just by governments, but by researchers, non-profit groups and privacy and security advocates. Policies should be put in place that when a threat or any form of threat intelligence has risk to human rights or human life, the commoditization of it should be secondary and it's transparency should be first. Not the other way round. That way, we can better defend human life and rights.
=> More informations about this toot | View the thread
If you haven't already discovered it yet, my argument is this: the monopoly of threat intelligence, its commoditization and the centralization of technology & services by big tech companies, already has shown negative impact on human rights and human life. The threat intelligence monopoly, results in closed source, untransparent, fragmented public information on threats impacting humanity. This is ultimately because we become reliant on these companies to be transparent with sharing their findings. We have seen too many cases, where they have not been transparent. Which leaves the penultimate question: how can we ensure that they can be transparent when threat intelligence impact human life?
=> More informations about this toot | View the thread
At this point, I realise that I haven't even touched on the geo-political/social-political issues surrounding this. Since these publicly trading tech giants, most of which are US based companies, generally demonstrate bias and control by the state & their shareholders - what impact does this have? In Snowden's leaks, we saw "Operation Socialist" a GCHQ man-in-the-middle attack on telecommunications company Belgacom between 2010 and 2013. This attack fundamentally undermined the privacy, security and human rights of every day people using Belacom. What would happen if a US tech giant discovered this attack – would they disclose it? Unlikely. We see very little intelligence come out against NATO states from corporations in those countries. Simply because they do not pool their resources and people to track them. A blind eye is turned out of political and shareholder interest.
=> More informations about this toot | View the thread
=> This profile with reblog | Go to 0v1@infosec.exchange account This content has been proxied by September (3851b).Proxy Information
text/gemini