Results for crypto girl

Threat Research

Zero Patch IoT Environment

Over the last few months or years I have reported vulnerabilities on several IoT devices. None have been patched so far, and I think it is time to discuss the situation openly. One of the issues I have faced several times is the zero-security-culture phenomenon. Some of those IoT companies were typically very small and young, with sadly neither the skills nor the resources to fix security issues. For example, I remember sending several vulnerabilities to a given company. I got an automated response for the first email (ok),...

By Axelle ApvrilleMay 17, 2017

Threat Research

RATP Android Application Privacy: Status

A few weeks ago, researchers at INRIA presented privacy leaks they had detected in the mobile RATP applications at GreHack conference (NB. RATP is the French organism that deals with subways and trains around Paris). I wanted to check how much things had changed since their study, and downloaded the most recent application from Google Play. First surprise: I downloaded version 2.3.3 whereas INRIA researchers mention version 2.8. I guess there is some versioning discrepancy. Now, what privacy changes have we got? Mainly, Achara et al reported...

By Axelle ApvrilleDecember 02, 2013

Threat Research

Shmoocon 2011 talk: Defeating mTANs for Profit

Tomorrow starts the quite famous - and ever sold-out - security conference Shmoocon, held in Washington DC until Sunday. The keynote this year will be filled by Peiter Mudge Zatko, inventor of L0phtcrack and early pioneer of buffer overflows. Among the talks filling the tri-tracks program (Build it / Break it / Bring it on), we're glad to find our Crypto Girl, Axelle, who will present a paper she co-wrote with Kyle Yang (another regular poster on this blog) on the infamous mobile phone malware Zitmo, that we discovered (simultaneously with Spanish...

By Guillaume LovetJanuary 27, 2011

Threat Research

WinCE/Terdial or Impunity for Dialers

Some time ago, we came across a new Windows Mobile Trojan dialer named WinCE/Terdial!tr.dial. Under the cover of a FPS game (Antiterrorist 3D) or a Windows Mobile codec package (codecpack.cab), this Trojan actually has the victim's phone call international premium rate phone numbers (IPRN), i.e phone numbers for which a given service is provided and, of course, higher prices are charged ;). More information is available in our Virus Encyclopedia, or just search the web for numerous alerts on the matter. On my side, I have been playing Sherlock...

By Axelle ApvrilleMay 17, 2010