EUVD-2014-5706

Malware in sbrugna...

Google Voice Authentication Scam Leaves Victims on the Hook

Fluffy is missing. You post your lost pet’s photo online, hoping that some good Samaritan will find Fluffy, listing your phone number and crossing your fingers. You get a text or email from somebody who thinks they’ve found Fluffy – or, say, somebody who wants to buy that scruffy old couch you...

Code Injection in jerrod-lankford/google-voice-desktop-app

✍️ Description Attackers can execute malicious code on users computers using Google Voice Desktop App provided that users click on a malicious hyperlink in the app itself 🕵️‍♂️ Proof of Concept 1. Host the following index.html on a web server require'childprocess'.exec'calc'; 2. Users who click on...

Recycle Your Phone, Sure, But Maybe Not Your Number

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can ...

Who Owns Your Wireless Service? Crooks Do.

Incessantly annoying and fraudulent robocalls. Corrupt wireless company employees taking hundreds of thousands of dollars in bribes to unlock and hijack mobile phone service. Wireless providers selling real-time customer location data, despite repeated promises to the contrary. A noticeable uptic...

PHONE for Google Voice & GTalk - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application PHONE for Google Voice & GTalk published at the 'play' market has multiple vulnerabilities...

THN Weekly Roundup — Top 10 Hacking News Stories You Shouldn’t Miss

We are back with THN Weekly RoundUp to spread lights on last week's top cyber security threats and challenges, just in case you missed any of them ICYMI. Last week, we came to know about many security threats including how Google records and stores our Voice searches, How hackers can use...

CVE-2014-5819

The PHONE for Google Voice & GTalk aka com.moplus.gvphone application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Design/Logic Flaw

The PHONE for Google Voice & GTalk aka com.moplus.gvphone application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5819

The CVE-2014-5819 entry concerns the Android app “PHONE for Google Voice & GTalk” (com.moplus.gvphone) v1.0, where SSL/TLS server certificate validation is not performed. As described in connected sources, this weakness allows man-in-the-middle attackers to spoof servers and obtain sensitive info...

Android new attack: Google Voice Search attack-vulnerability warning-the black bar safety net

Chinese University of Hong Kong researchers in the Preprint posted on the website of paper PDF, describes a novel permission to bypass attack method: Google Voice Search attack. An attacker can leverage a zero-permissions Android app VoicEmployer, front activationoperating system built-in voice...

Google Voice Private/Unknown Number Disclosure

!/usr/bin/perl Title: Google Voice private/unknown numbers disclosure Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: March 24 2014 Reported: March 28 2014 Published: April 04 2014 MorXploit Research http://www.MorXploit.com Service: Google Voice Vendor: Google...

Use VoIP – or Copper

Google Voice is a free VOIP service that can be used to create “throw away” voice accounts for travelers. Having your conversations handled on Google’s infrastructure also provides a measure of security over foreign telecommunications networks, which – depending on the country – could cooperating...

Google Voice Mails Found In Public Search Engine

Google Voice Mails have been discovered in Google’s search engine, providing audio files, names, and phone number as if you were logged in and checking your own voice mail. Some appear to be test messages, while others are clearly not. The Boy Genius Report explains: After entering...

Exploiting Skype: Building a telephone botnet

From the Industry Standard Robert McMillan Flaws in popular Internet-based telephony systems could be exploited to create a network of hacked phone accounts, somewhat like the botnets that have been wreaking havoc with PCs for the past few years. Researchers at Secure Science recently discovered...