NDAY-2017-0105: Elevation of Privilege Vulnerability in MSM Thermal Driver

By: Zuk Avraham Follow Zuk Avraham (@ihackbanme) Nicolas Trippar Follow Nicolas Trippar (@ntrippar) Following our announcement on the N-Days Exploit Acquisition Program for smartphones, we are delighted to share the first couple of submissions. We received many submissions and we’re in the process of sharing them with ZHA followed by a public disclosure. We plan to release additional … Read More

Three Reasons Why Encryption Could Be Hurting Mobile Security

In the aftermath of Edward Snowden’s revelations about mass-surveillance by the U.S. government in 2013, technology companies have made a serious effort to convince their customers that they are in support of strong privacy by incorporating encryption policies. Popular messaging apps like Signal, WhatsApp and Telegram have added end-to-end encryption protocols, meaning only their users … Read More

Threat Research: Pre-Installed Android Malware

This Threat Research is about the recently discovered “Pre-installed Android Malware” threat. At least 36 high-end smartphone models belonging to popular manufacturing companies such as Samsung, LG, and Lenovo were found pre-loaded with 21 malware programs. The programs were part of two malware families: Loki and SLocker. The malicious apps were not part of the … Read More

Financial Industry Mobile Threats: How Banking Opportunity Meets Attack Liability

Financial companies see mobility as a competitive frontier for their business, and rightfully so. A superior mobile experience now does more to differentiate a bank than 1000 physical branches. As we’ve said before, killer banking apps are valuable assets to financial institutions, as customers expect to handle almost every aspect of managing money on the … Read More