In association with heise online

08 July 2013, 10:00

Lost+Found: Fake apps, keyjacking and traces of Tor

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Lost+Found icon Too short for news, too good to lose; Lost+Found is a roundup of useful and interesting security news. In this edition: Bad apps in sheep's clothing, keyjacking, a $20,000 Facebook hole, an exploit source, traces of Tor, and a birthday celebration.

  • Hacktivists circulated a manipulated version of Jay Z's Magna Carta Holy Grail Android app that, according to McAfee, served up a very special surprise: on Independence Day last Thursday, it apparently tried to set Barack Obama's portrait as the smartphone's background picture, accompanied by the message "Yes we scan!" It also installed a corresponding "NSAListenerService".

  • Symantec has discovered a "Password Wifi Hacker Plus" Android app that promises to crack encrypted Wi-Fi passwords; however, potential users are destined to fail: the app only pretends to offer cracking features – it actually shares the smartphone owner's personal details with six advertising networks.

  • Clickjacking – the hijacking of mouse clicks via specially crafted web pages – isn't enough for security researcher Rosario Valotta. He's also after the user's keyboard inputs. Valotta's proof-of-concept tricks Internet Explorer users into confirming a download dialog when filling in a captcha – by activating "Run".

  • Facebook accounts that were linked to a user's mobile phone could be completely taken over using SMS text message commands. Facebook paid $20,000 for the hole through their bug bounty programme.

  • offers ready-to-use browser exploits that allow users to test their system security – use them at your own risk.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit