zCrackme#2 – ARM Crackme competition

Leave a reply

Several months ago we at zImperium started toying with the idea of ARM crackmes – we felt the ARM RE community was left a little behind, with no real interesting challanges laying ahead.

We sat down to do our thing, and about a month ago we released zCrackme#1 – our very own ARM crackme which initiated the 1st zCrackme competition for the advanced reversers community. The response was overwhelming – many people submitted their results, describing their methods and – most important – demanding more.

And so we did. We listened to you guys, we implemented counter defense, and we are now presenting PUBLICLY – zCrackme#2, aka “No more Mr. nice guy”.

This zCrackme holds more than beats the eye – we really stepped up and raised the bar on this one. Some new tricks, some old ones, all to make this zCrackme more challenging We won’t tell you what exactly, but let you find out yourself (it’s more fun this way, ain’t it?

So, go a head, what are you waiting for? Try your luck (or show your skills, depends how you look at it) with our zCrackme#2, and win fame, beer & glory!

Rules of the game – find the correct password to win a free beer. All methods are valid – patch the binary, wrap it, crack it, smash it ,disassemble it – all is good (if you are lucky, that is…). If you find the correct password, you will know what todo to get your beer. No cheating allowed – only unique & complete submissions will be approved.

To announce your victory, submit the solution via twitter with “Found #zCrackme2 password: MD5(PASSWORD) /CC: @zimperium”

# unzip zcrackme.zip

# adb push zcrackme /data/local/tmp

# adb shell

$ cd /data/local/tmp

$ chmod 777 zcrackme

$ ./zcrackme

Good luck.
You will need it

Click here to download zcrackme.zip

ps.

Here is what you get when zCrackme detects an arse:

This entry was posted in Mobile Device Management on May 22, 2013 by zimpuser.

Zimperium is presenting in the ‘World Mobile Congress’ event

Leave a reply

On the 25th of February, Zimperium is going to attend The GSMA Mobile World Congress, a combination of the world’s largest exhibition for the mobile industry and a conference featuring prominent Chief Executives representing mobile operators, device manufacturers, technology providers, vendors and content owners from across the world. The event, initially named as GSM World Congress and later renamed as the 3GSM World Congress, is still often referred to as 3GSM or 3GSM World.
Zimperium will be presenting their newest product, zIPS along with zIPS console.

This entry was posted in Events on February 27, 2013 by zimpuser.

Zimperium Strikes a Home-run, Winning the Start-up Nation’s

Leave a reply

“Start-up of the Year” Award, at the Prestigious Mobile 2013 Conference

Tel-Aviv, Israel – October 18th, 2012 – Zimperium, a start-up shaking up the mobile security industry and paving the way to a hack-safe mobile world has won first prize for innovation.

To think like a hacker, you have to be one– calculative, curious, and creative. For Zuk Avraham, Zimperium’s Founder and CEO, these traits are intuitive. Remaining one step ahead of potentially malicious cyber attacks is his domain. In July 2012, Mr. Avraham’s domain was expanded to include Kevin Mitnick, renowned as the most influential hacker of our times. Mr. Mitnick joined the company as an active advisory board member.

“We are honoured to win the prize and relieved that mobile cyber security is receiving the attention it so desperately demands. Enterprises and governments are exposed to daily mobile security threats. As the workforce becomes increasingly mobile and ‘Bringing Your Own Device’ more common, the risks and reports on breaches are mounting,” commented Zuk. He continued, “Our solutions are designed by a team of security experts who are focused on algorithmic chess in order to systematically outmanoeuvre hackers.”

Zimperium’s solutions provide real-time security for mobile devices which are based on proactive threat detection and elimination, as opposed to screening the latest virus lists. Israel Mobile 2013 is held by the Ministry of Export and The Economist Online in Israel. The competition gathered entries from scores of mobile technology start-ups competing for the first prize which includes an all expenses paid booth and participation at the Mobile World Congress 2013 in Barcelona.

For more on Zimperium, please visit: www.zimperium.com Follow Zuk Zvraham on Twitter: @Ihackbanme

Zimperium Ltd. is a privately owned mobile security start-up based in Tel Aviv, Israel. Its flagship solutions protect mobile devices from cyber security threats. The company was founded in 2011 by CEO Itzhak “Zuk” Avraham, a highly regarded security expert. in conjunction with an elite team. Zimperium’s mission is to secure organisations operating in an increasingly mobile world from daily cyber threats.

Zimperium Solutions include:

zCore IPS (Intrusion Prevention System) is a comprehensive security solution which runs on Smartphones and protects against a large variety network attacks. zCore IPS was developed to combat modern Smartphone security threats.

zGovernor, is a critical component of zCore. zGovernor’s role is to capture live attacks and prevent threats from infiltrating an organization. zGovernor actively stops APTs and 0-day attacks on Smartphones.

zAppliance MRM is a security Mobile Risk Management Console that enables smart monitoring of user, group and organizational risk levels. Security Managers use zAppliance to communicate with zCore and establish policies for the enterprise.

zANTI (Android Network Toolkit) -An award winning Pentest-As-A-Service Android application. zANTI is used by over 100K IT professionals positioning Zimperium at the forefront of Mobile security.

This entry was posted in Announcements on February 25, 2013 by zimpuser.

The unspoken mobile threats

Leave a reply

Why mobile security matters a whole lot more this year

The clock is ticking on the annual RSA Conference, to be held in San Francisco on the 25th of February. Many of you might know or would like to know the conference’s tag line: Where The World Talks Security.

This year, the focus, unsurprisingly, is on mobile security. Last year, mobile malware was up a reported 185%. Yes, you read it right, 185%.

By most analysts’ reckoning, that is still a conservative figure and one that could sharply rise this year unless enterprise CIOs quickly wake up and act against the growing threat.

There is good reason why the mobile threat is exploding. Every worker in the developed world – and nearly every one in the developing world too – sports a mobile at work. What is more, many of them connect to the company network.

Clearly, many CIOs are aware of the mobile threat – but, strangely perhaps, unwilling to closely examine the enormous security implications to their networks. This could be because of budgetary factors, and even a dangerous perception that it’s only the others that are at risk.

So, I am going to focus on the theme, “What I could lose?” with the goal of raising awareness about the enterprise risks from mobile devices.

#1. Network and data security. If even one infected mobile device connects to your enterprise network, it could jeopardise the security of the entire network and all data. You could end up compromising the network, leading perhaps to drastic network failures and, worse, loss of confidential and proprietary data.

#2. Man-in-the-middle attacks. This is a weapon of choice for hackers. Literally, a man-in-the-middle attack interjects itself between a mobile device and your network, accessing all the data that is exchanged including user names, passwords and credit card numbers. Typically, this occurs when users sign on to open Wi-fi networks such as those found at coffee shops and airports.

#3. Jailbreakme. Jailbreakme.com was initially created to break in the iPhone and install unauthorised apps. But jailbreaking undermines the smartphone operating system, opening up risks of potential infections by malware. Jailbreaking can be used to execute commands on the device, and even act as a Trojan.

For example, a hacker can take a regular version of the popular game, ‘Angry Birds,’ and stitch a malicious code into it. Similarly, exploiting a client side vulnerability, a MitM attack could redirect you to a malicious site and the results could be just as bad.

#4. Malicious mails. Malicious emails or PDF attachments purportedly from people in your address book (maybe even your boss) can trick you into clicking on dubious links. Such mails with malicious code can then intercept and access all data in your phone.

I will sign off by introducing you to zIPS™, a comprehensive security suite for smart mobile devices. Zimperium’s Mobile Intrusion Prevention Systems protects against network attacks, targeted attacks and malicious applications from compromising the device. Look up more about this here.

This entry was posted in Mobile Device Management on February 21, 2013 by zimpuser.

Zimperium presented at the Israeli homeland security conference

Leave a reply

On the 11th of November, Zimperium attended the Israeli homeland security 2012 conference,
Israel HLS 2012 focused on current key homeland security issues: Cyber security, securing smart cities, critical infrastructure protection and emergency preparedness. Attendees will learn how to enhance security by integrating operational know-how with the advanced tools necessary to deal with emerging threats. During the conference, Elia Yehuda (Ziggy) gave a talk about mobile security, and showed the risks, and the new trends that are going to occur in the mobile world.

This entry was posted in Events on February 20, 2013 by zimpuser.

Zimperium presented in the famous Black-Hat Briefings

Leave a reply

On the 27th of July, Zimperium attended the famous “BlackHat” Briefings in Las Vegas, a computer security conference that brings together a variety of people interested in information security. Representatives of federal agencies and corporations attend along with hackers.
During the Briefings, the company had a booth to display the new capabilities of zAnti, their mobile pen-testing tool.

This entry was posted in Mobile Device Management on July 27, 2012 by zimpuser.

Meet zANTI – Mobile Penetration Testing Platform

Leave a reply

zANTI, also known as Android Network Toolkit, is an award-winning Mobile Penetration Testing software specially built for smartphones and the first of its kind for mobile devices.

The revolutionary software is the winner of the renowned PCMag Editor’s Choice Award and the THN Tool of the Year award. zANTI has been hailed by popular technology media such as Engadget and Forbes and won acclaim from the worldwide security community.The easiest way to download zANTI is to scan the following QR code

to directly install Android Network Toolkit on your Android.

, another way to do so is to submit it directly to your email and later on complete the installation via your phone by clicking on the download link.

Some would recognize the very scary Zanti in “The Zanti Misfits,” from the 1963 television show, “The Outer Limits.” Watch it on Youtube in the end of the page.

Our own zANTI — as you can imagine — is designed not to scare, but to secure our mobile world and make it safer for you. The release version of the beta, which was codenamed ANTI, or Android Network Toolkit, has come after almost a year of testing by about 100,000 users.

We first created ANTI to demonstrate that smartphones are the equal of computers in the way penetration testers/IT managers can use for their daily tasks. Soon enough, ANTI became one of the most used smartphone apps among pentesters and security enthusiasts that wanted a simple tool to provide them real-time status of their network security.

We chose a new name for the release version, from the tens of different variations. With the naming protocol of our other products — zCore IPS, zDefender and zAppliance — it only made sense to call it zANTI.

zANTI boosts the normative IT security toolbox and enables you to run a complete vulnerabilities scan on your network with the click of a button. You can also get a visual status of the devices connected to the same physical network.

Here is a longer list of zANTI’s powerful features:

Common vulnerabilities search
Cloud-based report to fix recognized vulnerabilities including wise analysis for critical
flaws
Password audit to check for password complexity
Audit password complexity in a specific device or entire LAN
Detect misconfiguration of device firewall by detecting open ports
Check network vulnerability to MITM and common client side and server side vulnerabilities
Discover insecure traffic and cookies affecting network’s privacy settings.
Alert network vulnerability to MITM attacks by demonstrating live modification of unsecured communication’s images
Visualise network by watching live photo feeds, recorded from unsecured network
Communication
WiFi monitor to benchmark nearby networks

Scan the QR code to download zANTI

This entry was posted in Mobile Device Management on June 24, 2012 by zimpuser.