JOSS InfoSec
VAPT, SQA, Vendor Certification & Security Training.
28/12/2024
đ āύāϤā§āύ āĻŦāĻāϰā§āϰ āĻ
āĻĢāĻžāϰ! āĻāĻŋāύā§āϤ⧠āϏāĻžāĻŦāϧāĻžāύ!
āĻāĻĒāύāĻžāϰāĻž āϝāĻžāϰāĻž "100GB āĻĢā§āϰāĻŋ āĻāύā§āĻāĻžāϰāύā§āĻ" āĻ
āĻĢāĻžāϰā§āϰ āύāĻžāĻŽā§ āĻāĻ āϞāĻŋāĻā§āĻā§ āĻā§āϞāĻŋāĻ āĻāϰāϤ⧠āϝāĻžāĻā§āĻā§āύāĨ¤ āĻĻā§āĻž āĻāϰ⧠āϏāϤāϰā§āĻ āĻĨāĻžāĻā§āύ! āĻāĻāĻŋ āĻāĻāĻāĻŋ **āĻŽā§āϝāĻžāϞāĻŋāĻļāĻŋā§āĻžāϏ (āĻā§āώāϤāĻŋāĻāϰ)** āϞāĻŋāĻā§āĻāĨ¤
â āϞāĻŋāĻā§āĻā§ āĻā§āϞāĻŋāĻ āĻāϰāϞ⧠āĻāĻĒāύāĻžāϰ āĻŽā§āĻŦāĻžāĻāϞ āĻŦāĻž āĻĄāĻŋāĻāĻžāĻāϏ⧠āĻāĻžāĻāϰāĻžāϏ āĻā§āĻžāϤ⧠āĻĒāĻžāϰā§āĨ¤
â āĻŦā§āϝāĻā§āϤāĻŋāĻāϤ āϤāĻĨā§āϝ āĻā§āϰāĻŋ āĻšāϤ⧠āĻĒāĻžāϰā§āĨ¤
â āĻāĻĒāύāĻžāϰ āϏā§āĻļā§āϝāĻžāϞ āĻŽāĻŋāĻĄāĻŋā§āĻž āĻŦāĻž āĻŦā§āϝāĻžāĻāĻ āĻ
ā§āϝāĻžāĻāĻžāĻāύā§āĻ āĻšā§āϝāĻžāĻ āĻšāϤ⧠āĻĒāĻžāϰā§āĨ¤
âĄī¸ **āϏāϤāϰā§āĻāϤāĻž:**
- āϏāύā§āĻĻā§āĻšāĻāύāĻ āϞāĻŋāĻā§āĻā§ āĻā§āϞāĻŋāĻ āĻāϰāĻŦā§āύ āύāĻžāĨ¤
- āĻ
āĻĢāĻŋāĻļāĻŋā§āĻžāϞ āϏāĻžāĻāĻ āĻāĻžā§āĻž āĻ
āύā§āϝ āĻā§āĻĨāĻžāĻ āϤāĻĨā§āϝ āĻĻā§āĻŦā§āύ āύāĻžāĨ¤
- āύāĻŋāϰāĻžāĻĒāĻĻā§ āĻĨāĻžāĻāϤ⧠āĻāύā§āĻāĻŋ-āĻāĻžāĻāϰāĻžāϏ āĻŦā§āϝāĻŦāĻšāĻžāϰ āĻāϰā§āύāĨ¤
āϏāĻŦāĻžāϰ āϏāĻžāĻĨā§ āĻļā§ā§āĻžāϰ āĻāϰā§āύ āĻāĻŦāĻ āύāĻŋāϰāĻžāĻĒāĻĻā§ āĻĨāĻžāĻā§āύ!
Happy New Year đ
14/10/2024
đ¨ Security Alert for Glinty - Video Chat & Online APK Users! đ¨
Recently, I analyzed potential security risks associated with the Glinty - Video Chat & Online APK. Our findings highlight two critical issues that could compromise user privacy and device security:
1ī¸âŖ Remote WebView Debugging Enabled:
When Remote WebView Debugging is enabled, it provides a gateway for attackers to remotely access and manipulate WebView content within the app. Hereâs why itâs risky:
đ§âđģ Remote Code Ex*****on: Attackers can inject and execute malicious JavaScript code, manipulating app behavior and stealing sensitive information.
đ Data Leakage: Debugging access allows inspection of network traffic, cookies, and local storage, posing a severe risk to user data privacy.
đ App Manipulation: Attackers can alter the DOM, spoof server responses, and mislead users, resulting in potential phishing attacks or data theft.
2ī¸âŖ Permission Misuse: DISABLE_KEYGUARD:
The app requests permission to disable the lock screen (android.permission.DISABLE_KEYGUARD), which poses serious security concerns:
đ Bypassing Lock Screen Security: This permission could allow the app to bypass device lock mechanisms, providing unauthorized access to the device and compromising sensitive data.
đī¸ Phishing Potential: Attackers could present fake login screens to collect credentials or perform unauthorized actions, further endangering user accounts.
đĄī¸ Recommendations:
Developers of Glinty should disable Remote WebView Debugging in production builds and review permissions to minimize risks.
Users should be cautious and monitor permissions granted to apps. Always ensure that apps come from trusted sources.
Letâs work together to build a safer cyberspace! đ
Click here to claim your Sponsored Listing.
Category
Website
Address
Dhaka
1207