2 vulnerabilities found in ES File Explorer app with 100,000,000 installs

#hacking: 2 vulnerabilities found in ES File Explorer app with 100,000,000 installs Open Port vulnerability (if user opens the app at least once, anyone connected to the same local network can remotely get a file from your phone): https://www.youtube.com/watch?v=z6hfgnPNBRE Man-in-the-middle vulnerability (Attacker connected to the same local network can intercept HTTP traffic and exchange it for his own.): https://youtu.be/BtLUO-ujJ7I submitted by /u/lukasstefanko to r/blackhat [link] [comments] top scoring links : multi

Read More

NFC Best Practices (for Android)?

#hacking: NFC Best Practices (for Android)? Looking at evaluating an NFC tap-and-pay Android app. Are there any specific gotchas I should be looking for, and/or any best practices for NFC on Android? I tried looking at the EMV spec, as well as on the Android developer website, but there isn’t anything helpful there. Preferably some sources as to why this should be secured would be good. If I don’t get anything, I’ll just take it as an arbitrary user input – however, I’m looking for more protocol-level or OS-level attacks…

Read More