When he looked around the Web on the device’s default Xiaomi browser, it recorded all the websites he visited, including search engine queries whether with Google or the privacy-focused DuckDuckGo, and every item viewed on a news feed feature of the Xiaomi software. That tracking appeared to be happening even if he used the supposedly private “incognito” mode.

The device was also recording what folders he opened and to which screens he swiped, including the status bar and the settings page. All of the data was being packaged up and sent to remote servers in Singapore and Russia, though the Web domains they hosted were registered in Beijing.

Source: Forbes

Here’s a video of a researcher showing how his Xiaomi phone is tracking his web use, including a visit to PornHub.

Nowadays, Bluetooth is an integral part of mobile devices. Smartphones interconnect with smartwatches and wireless headphones. By default, most devices are configured to accept Bluetooth connections from any
nearby unauthenticated device. Bluetooth packets are processed by the Bluetooth chip (also called a controller), and then passed to the host (Android, Linux, etc.). Both, the firmware on the chip and the host Bluetooth subsystem, are a target for Remote Code Execution (RCE) attacks.

One feature that is available on most classic Bluetooth implementations is answering over Bluetooth pings. Everything an attacker needs to know is the device’s Bluetooth address. Even if the target is not discoverable, it typically accepts connections if it gets addressed. For example, an attacker can run l2ping, which establishes an L2CAP connection and sends echo requests to the remote target.

In the following, we describe a Bluetooth zero-click short-distance RCE exploit against Android 9, which got assigned CVE-2020-0022 . We go through all steps required to establish a remote shell on a Samsung Galaxy S10e, which was working on an up-to-date Android 9 when reporting the issue on November 3 2019. The initial flaw used for this exploit is still present in Android 10, but we utilize an additional bug in Bionic (Android’s libc implementation), which makes exploitation way easier. The bug was finally fixed in the security patch from 1.2.2020 in A-143894715.

Source: Insinuator

  • About

    Destabilizing cishetero amatonormativity. Providing disruption as a service. Once you know the way, you see it in all things. Unless you puke, faint or die, keep going. Also we never asked for this. I̸͝t̸̑ ̵̽i̷͗s̶͐ ̵͝a̶͒l̷ ͍r̷ ̗͕e̵͑a̶͌d̸̄y̷̚ ̶̀ ͓͑t̷̚ô̶o̸ ̥ ̶́ ̡l̷͝a̶̽t̵͒ė̶.̸ ̋͑

  • Got something interesting?

    You think you got something which should be on this site? Then contact us. You want something removed from this site, because you think it should not be here? Then go fuck yourself. This is a free website. Free as in freedom. It tolerates every opinion from everyone. However, it does not tolerate things which are illegal according to the Swiss legislation.

  • Disclaimer

    We cannot be held responsible for any kind of direct, indirect or consequential damages caused by the stuff and or opinions we provide here. Use this on your own risk. Don’t blame us if something goes wrong or totally messes up your machine, your life or whatever. If this is unacceptable for you then go away and never come back again. Thank you!