Posts in "Threat Research"

FreeRTOS TCP/IP Stack Vulnerabilities Put A Wide Range of Devices at Risk of Compromise: From Smart Homes to Critical Infrastructure Systems

Researchers: Ori Karliner (@oriHCX) Relevant Operating Systems: FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), AWS FreeRTOS up to V1.3.1, WHIS OpenRTOS and SafeRTOS (With WHIS Connect middleware TCP/IP components) . CVE List: As a part of our ongoing IoT platform research, zLabs recently analyzed some of the leading operating systems in the IoT market, including FreeRTOS. … Read More

Fake Play Market: Zimperium’s z9 against Social Engineering Attack Vectors

Analysis & Post By: Alex Calleja (@alximw) Matteo Favaro (@fvrmatteo) Introduction Since the beginning of 2018, researchers in Zimperium’s zLabs have been tracking a rise in the frequency and sophistication of applications that have been loaded outside of the official Google Play Store. Many of these have leveraged social engineering techniques such as duplicate Play Stores. … Read More

zLabs at HITB Singapore: The Road to iOS Sandbox Escape

This week at HITB Singapore, Zimperium zLabs’ security researcher, Rani Idan (@raniXCH), is conducting a session titled “The Road to iOS Sandbox Escape.” Rani’s fellow zLab’s researcher, Adam Donenfeld (@doadam), is also conducting a session titled “Viewer Discretion Advised: (De)coding an iOS Vulnerability.” Here is the abstract for Rani’s session. We will post the recording of the session when it is available. If … Read More

zLabs at HITB Singapore: (De)coding an iOS Vulnerability

This week at HITB Singapore, Zimperium zLabs’ security researcher, Adam Donenfeld (@doadam) is conducting a session titled “Viewer Discretion Advised: (De)coding an iOS Vulnerability.” Another zLabs researcher, Rani Idan (@raniXCH), is also doing a session titled “The Road to iOS Sandbox Escape.” Here is the abstract for Adam’s session. We will post the recording of the session when it is available. If you would … Read More

zLabs at BSides Las Vegas: Where Android security helps and fails

This week at BSides Las Vegas, zLabs’ security researcher, Tamir Zahavi-Brunner (@tamir_zb) is conducting a session titled “Treble or Trouble: Where Android’s latest security enhancements help, and where they fail.” Tamir’s work is another example of why zLabs is recognized as the world’s most qualified and talented collection of researchers focused 100% exclusively on mobile Here is the abstract for Tamir’s … Read More