Analysis of multiple vulnerabilities in AirDroid

By: Simone Margaritelli Follow Simone Margaritelli (@evilsocket)    Zimperium zLabs   Follow Zimperium zLabs (@zLabsProject) Analysis of multiple vulnerabilities in AirDroid Reported by: Simone Margaritelli Security Researcher at Zimperium zLabs Edit: 11:02AM PDT: added exploit POC code below the disclosure timeline. Edit: 06:01PM PDT: edited timeline to reflect 4.0.0 and 4.0.1 release dates and confirming that both versions … Read More

Zimperium users are safe from Gooligan

Zimperium users are safe from Gooligan. A new threat, called Gooligan, which is a family of Android-based malware, has compromised more than 1M Google accounts — and many of those are enterprise users. “Not surprisingly, a malware, spread in unofficial markets, can create real damage,” said Zimperium founder and CTO, Zuk Avraham. Gooligan fully compromised the … Read More

SoftBank goes live with Security Checker, Powered by ZIMPERIUM™

Mobile devices are critical in today’s connected business world. Yet, very few companies have visibility into mobile platforms to identify cyberattacks, vulnerabilities and unknown threats targeting their customers’ personal data and confidential business information. Softbank gets it. As the third largest public company in Japan, SoftBank is a Japanese multinational telecommunications and Internet corporation that … Read More

Mobile Security Is National Security

Whether deployed to steal ammo for political scandals or classified documents for military sabotage, a cyberattack on a mobile device with access to sensitive information is a matter of national security. And yet, mobile devices are often left out of the national security conversation. Obama’s recently implemented Cybersecurity National Action Plan makes no mention of … Read More

CVE-2015-3864 Metasploit module now available for testing

By: Zuk Avraham Follow Zuk Avraham (@ihackbanme) Joshua DrakeFollow Joshua Drake (@jduck) Last year, we disclosed a series of critical vulnerabilities within Android’s multimedia processing code — libstagefright. We promised to release the exploit for testing purposes and quickly published our exploit for CVE-2015-1538 targeting the Galaxy Nexus running Android 4.0.4. We delivered this exploit … Read More