Soldering for Reverse Engineering. Swapping out eSIMs with “normal” SIMs

Sometimes, the mobile devices we work on only have cellular data connections. In those instances, we’re usually pretty interested in trying things like this to get credentials for the APN so we can start snooping around on that. We’re also really interested in monitoring what kind of traffic is...

Buffer overflow

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile SD 845, SD 850, a buffer overflow may potentially occur while processing a response from the SIM card...

CVE-2017-18134

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile SD 845, SD 850, a buffer overflow may potentially occur while processing a response from the SIM card...

Flight Sim Labs’ ‘Heavy Handed’ Anti-Piracy Tactics Raise Hackles

Software developer Flight Sim Labs is in hot water after acknowledging that it installed a password harvester for the Google Chrome browser in its flight simulator product. The company explained it was only targeting pirate users of its software, but critics are calling the tactics “dirty”. The...

Code injection

The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been entered, which allows remote attackers to obtain sensitive information, e.g., by sniffing the networ...

CVE-2018-7259

The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been entered, which allows remote attackers to obtain sensitive information, e.g., by sniffing the networ...

CVE-2018-7259

The CVE-2018-7259 entry concerns the FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X, which, when a pirated serial number is entered, sent a user’s Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx over HTTP, enabling potential credential exposure. This...

CVE-2018-7259

The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a user's Google account credentials to http://installLog.flightsimlabs.com/LogHandler3.ashx if a pirated serial number has been entered, which allows remote attackers to obtain sensitive information, e.g., by sniffing the networ...

CVE-2017-12466

CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors related to sslhalen when running ccn-lite-sim, which trigger an out-of-bounds access...

CVE-2017-2733

Honor 6X smartphones with software versions earlier than BLN-AL10C00B357 and versions earlier than BLN-AL20C00B357 have an information leak vulnerability due to improper file permission configuration. An attacker tricks a user into installing a malicious application on the smart phone, and the...

CVE-2017-2733

Honor 6X smartphones with software versions earlier than BLN-AL10C00B357 and versions earlier than BLN-AL20C00B357 have an information leak vulnerability due to improper file permission configuration. An attacker tricks a user into installing a malicious application on the smart phone, and the...

Design/Logic Flaw

Honor 6X smartphones with software versions earlier than BLN-AL10C00B357 and versions earlier than BLN-AL20C00B357 have an information leak vulnerability due to improper file permission configuration. An attacker tricks a user into installing a malicious application on the smart phone, and the...

CVE-2017-2733

Honor 6X smartphones with software versions earlier than BLN-AL10C00B357 and versions earlier than BLN-AL20C00B357 have an information leak vulnerability due to improper file permission configuration. An attacker tricks a user into installing a malicious application on the smart phone, and the...

Gas Pump Skimmer Sends Card Data Via Text

Skimming devices that crooks install inside fuel station gas pumps frequently rely on an embedded Bluetooth component allowing thieves to collect stolen credit card data from the pumps wirelessly with any mobile device. The downside of this approach is that Bluetooth-based skimmers can be detecte...

GSM SIM Editor 5.15 Buffer Overflow

A buffer overflow vulnerability exists in GSM SIM Editor 5.15. The vulnerability is due to the way GSM SIM Editor handles objects in memory. A remote attacker can exploit this vulnerability by enticing the target user to open a specially crafted file which allows an attacker to execute arbitrary...

SIM Info/USSD/Recharge Offers - Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application SIM Info/USSD/Recharge Offers published at the 'play' market has multiple vulnerabilities...

Design/Logic Flaw

IBM Security Identity Manager ISIM Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records."...

Securing a travel iPhone

These are dry notes I took in the process of setting up a burner iPhone SE as a secure travel device. They are roughly in setup order. I believe iOS to be the most secure platform one can use at this time, but there are a lot of switches and knobs. This list optimizes for security versus...

CVE-2016-2030

HPE Systems Insight Manager SIM before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2020, CVE-2016-2021, and CVE-2016-2022...

CVE-2016-2020

HPE Systems Insight Manager SIM before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030...