JOSS InfoSec

JOSS InfoSec

Share

VAPT, SQA, Vendor Certification & Security Training.

Photos from JOSS InfoSec's post 28/12/2024

🎉 āύāϤ⧁āύ āĻŦāĻ›āϰ⧇āϰ āĻ…āĻĢāĻžāϰ! āĻ•āĻŋāĻ¨ā§āϤ⧁ āϏāĻžāĻŦāϧāĻžāύ!

āφāĻĒāύāĻžāϰāĻž āϝāĻžāϰāĻž "100GB āĻĢā§āϰāĻŋ āχāĻ¨ā§āϟāĻžāϰāύ⧇āϟ" āĻ…āĻĢāĻžāϰ⧇āϰ āύāĻžāĻŽā§‡ āĻāχ āϞāĻŋāĻ™ā§āϕ⧇ āĻ•ā§āϞāĻŋāĻ• āĻ•āϰāϤ⧇ āϝāĻžāĻšā§āϛ⧇āύāĨ¤ āĻĻ⧟āĻž āĻ•āϰ⧇ āϏāϤāĻ°ā§āĻ• āĻĨāĻžāϕ⧁āύ! āĻāϟāĻŋ āĻāĻ•āϟāĻŋ **āĻŽā§āϝāĻžāϞāĻŋāĻļāĻŋ⧟āĻžāϏ (āĻ•ā§āώāϤāĻŋāĻ•āϰ)** āϞāĻŋāĻ™ā§āĻ•āĨ¤

❌ āϞāĻŋāĻ™ā§āϕ⧇ āĻ•ā§āϞāĻŋāĻ• āĻ•āϰāϞ⧇ āφāĻĒāύāĻžāϰ āĻŽā§‹āĻŦāĻžāχāϞ āĻŦāĻž āĻĄāĻŋāĻ­āĻžāχāϏ⧇ āĻ­āĻžāχāϰāĻžāϏ āĻ›ā§œāĻžāϤ⧇ āĻĒāĻžāϰ⧇āĨ¤
❌ āĻŦā§āϝāĻ•ā§āϤāĻŋāĻ—āϤ āϤāĻĨā§āϝ āϚ⧁āϰāĻŋ āĻšāϤ⧇ āĻĒāĻžāϰ⧇āĨ¤
❌ āφāĻĒāύāĻžāϰ āϏ⧋āĻļā§āϝāĻžāϞ āĻŽāĻŋāĻĄāĻŋ⧟āĻž āĻŦāĻž āĻŦā§āϝāĻžāĻ‚āĻ• āĻ…ā§āϝāĻžāĻ•āĻžāωāĻ¨ā§āϟ āĻšā§āϝāĻžāĻ• āĻšāϤ⧇ āĻĒāĻžāϰ⧇āĨ¤

âžĄī¸ **āϏāϤāĻ°ā§āĻ•āϤāĻž:**
- āϏāĻ¨ā§āĻĻ⧇āĻšāϜāύāĻ• āϞāĻŋāĻ™ā§āϕ⧇ āĻ•ā§āϞāĻŋāĻ• āĻ•āϰāĻŦ⧇āύ āύāĻžāĨ¤
- āĻ…āĻĢāĻŋāĻļāĻŋ⧟āĻžāϞ āϏāĻžāχāϟ āĻ›āĻžā§œāĻž āĻ…āĻ¨ā§āϝ āϕ⧋āĻĨāĻžāĻ“ āϤāĻĨā§āϝ āĻĻ⧇āĻŦ⧇āύ āύāĻžāĨ¤
- āύāĻŋāϰāĻžāĻĒāĻĻ⧇ āĻĨāĻžāĻ•āϤ⧇ āĻāĻ¨ā§āϟāĻŋ-āĻ­āĻžāχāϰāĻžāϏ āĻŦā§āϝāĻŦāĻšāĻžāϰ āĻ•āϰ⧁āύāĨ¤

āϏāĻŦāĻžāϰ āϏāĻžāĻĨ⧇ āĻļā§‡ā§ŸāĻžāϰ āĻ•āϰ⧁āύ āĻāĻŦāĻ‚ āύāĻŋāϰāĻžāĻĒāĻĻ⧇ āĻĨāĻžāϕ⧁āύ!
Happy New Year 🎉

Photos from JOSS InfoSec's post 14/10/2024

🚨 Security Alert for Glinty - Video Chat & Online APK Users! 🚨

Recently, I analyzed potential security risks associated with the Glinty - Video Chat & Online APK. Our findings highlight two critical issues that could compromise user privacy and device security:

1ī¸âƒŖ Remote WebView Debugging Enabled:
When Remote WebView Debugging is enabled, it provides a gateway for attackers to remotely access and manipulate WebView content within the app. Here’s why it’s risky:

🧑‍đŸ’ģ Remote Code Ex*****on: Attackers can inject and execute malicious JavaScript code, manipulating app behavior and stealing sensitive information.
📊 Data Leakage: Debugging access allows inspection of network traffic, cookies, and local storage, posing a severe risk to user data privacy.
🔄 App Manipulation: Attackers can alter the DOM, spoof server responses, and mislead users, resulting in potential phishing attacks or data theft.
2ī¸âƒŖ Permission Misuse: DISABLE_KEYGUARD:
The app requests permission to disable the lock screen (android.permission.DISABLE_KEYGUARD), which poses serious security concerns:

🔓 Bypassing Lock Screen Security: This permission could allow the app to bypass device lock mechanisms, providing unauthorized access to the device and compromising sensitive data.
đŸ‘ī¸ Phishing Potential: Attackers could present fake login screens to collect credentials or perform unauthorized actions, further endangering user accounts.
đŸ›Ąī¸ Recommendations:
Developers of Glinty should disable Remote WebView Debugging in production builds and review permissions to minimize risks.
Users should be cautious and monitor permissions granted to apps. Always ensure that apps come from trusted sources.
Let’s work together to build a safer cyberspace! 🌐

Want your business to be the top-listed Computer & Electronics Service in Dhaka?
Click here to claim your Sponsored Listing.

Address


Dhaka
1207