Software

Wake up! You’ve been p0wned

Today I came across a popular app that is usually paid but just for today it was absolutely free for iOS users. It is a kind of “smart alarm clock” app which basically monitors your sleeping and wakes you up exclusively during your light sleeping cycle. Wow!

How does it do it? Well, the app enables your embedded mic and uses it during the night to monitor your sleeping cycles. In other words, it records your environment while you’re sleeping. When I read about it I just could not believe it. And that’s because of the variety of potential scenarios a threat actor could exploit with people who use similar apps.

Imagine if the company behind the app gets hacked and the app then transmits data, it will provide access to the private offline life of the people using the app. Or how about another scenario where no data is transmitted – what if the company gets hacked and the attackers edit the original code and then push a new version that does actually transmit recordings to a remote server?

In reality there are several scenarios an attacker could use. Worst of all, since this is a legit app available on AppStore, the attackers don’t even have to invest in expensive exploits for this OS.

Be careful when selecting apps and do not be too trusting when it comes to your much-loved devices. It’s hard to believe that something you trust with your personal life – your digital friend – can become your digital frenemy. But it does happen – and more often than you might think.

Wake up! You’ve been p0wned

Your email address will not be published. Required fields are marked *

 

  1. MOHAMED KUDSI

    THANK YOU

Reports

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks.

Operation TunnelSnake

A newly discovered rootkit that we dub ‘Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The victims are located in Africa, South and South-East Asia.

Subscribe to our weekly e-mails

The hottest research right in your inbox