Im Rahmen eines ehrenamtlichen Engagements haben Martin Tschirsich, Dr. André Zilch und ich die Dienste der Schweizer Stiftung meineimpfungen einer punktuellen Analyse unterzogen. Hierbei sind kritische technische sowie konzeptionelle Sicherheitslücken zu Tage getreten. Damit auch wir in der Schweiz im kommenden COVID-19-Sommer 2021 die Möglichkeit haben zu reisen – oder einfach nur unsere Verwandten im […]
IoT: Full Disclosure Vulnerabilites NEC Large Format Displays
This blogpost will cover some vulnerabilites discovered in the actual Firmware of NEC Large Format Displays ( several, such as Rev. 18 or Rev1.8). The following vulnerabilites were discovered: Local File Inclusion (CVE-2020-26125) Stack based Buffer-Overflow (CVE-2020-26127) Broken Authentication (CVE-2020-26126) The vulnerabilities exist (at least) on the following devices of the vendor NEC Display Solutions, […]
Untersuchung COVID-19 SYMPTOM TRACKER App
Hintergrund. Anlässlich der andauernden COVID-19-Pandemie wird der Ruf nach technischen Lösungen – insbesondere mobilen Apps – zur Überwachung, Vorhersage und Steuerung von Infektionsgeschehen und Massnahmen lauter. Die grosse Hoffnung auf eine herbeigesehnte Rückkehr zur Normalität hat gleichzeitig jedoch Schattenseiten: Eine Betrachtung der Verhältnismässigkeit und Angemessenheit findet nicht statt, die mit derartigen Lösungen stets einhergehenden Risiken […]
Talk: Point-of-Hoodie auf iOS Apps [german]
Folien Programm
iOS/Android: (Un)Secure Apache Cordova Apps
Background information. The advent of cross-platform development frameworks such as Apache Cordova breathed new life into the old slogan of „Write once, run anywhere“ then invented by Sun Microsystems.In most cases, „write once“ translates directly into „write in JavaScript“, as it is the language of the web, or rather the WebView component on the mobile platform.The JavaScript […]
Disclose or not Disclose.
Abstract. Last week something annoying happened to me (and it keeps bugging my mind), someone else published the details of a vulnerability that I discovered and reported earlier. I’m not writing this blogpost because I want the attribution for this vulnerability but it’s still part of the game. Therefore, if you’re a researcher and you’re […]
iOS: Bluetooth packet logging
About. This blogpost describes how you can access the BlueTooth communication of your iOS device. At the time writing this blogpost iOS 13 was not yet released to the public, but only to Apple Developers. Therefore, an Apple developer account is a prerequisite. Furthermore, the „Additional Tools for Xcode 11 Beta“ are required. (Apple developer […]
IoT: Full Disclosure Topcon Positioning Net-G5 Receiver
Abstract. This write up is about the discovery of two vulnerabilities (CVE-2019-11326, CVE-2019-11327) in the Net-G5 GNSS Receiver from Topcon Positioning. The Story. The ones who are interested in the vulnerabilities itself can skip this topic. Everyone else is invited to keep reading. Every now and then friends of mine ask me to take a […]
iOS: Patching security features of mobile app with Ghidra
Every mobile app security researcher faces the day, he will not be delivered with a properly prepared app for testing, or you face another blackbox security assessment. Until now I used Hopper Disassembler for static binary analysis/patching. Since recently Ghidra a new tool by the NSA was released, I decided to give it a try. […]
iOS: keychain_dumper extension
Recently I found myself in the situation, were it was not possible to dump Keychain Item data with Frida. Please don’t ask me why, I did not figure out why. I knew that there was a tool called keychain_dumper. The output of keychain_dumper was sufficient for the assessment, but I found it really painful to […]