Lenovo Watch X Pairing: A Little Too Easy

Your Lenovo Watch X Is Watching You & Sharing What It Learns

A friend of mine offered me a Lenovo Watch X – which costs around €60 – in return for helping him with a security project. I was impressed with the design and ...
Watch the AEG Scale Denial of Service

Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT

These days IoT devices are an easy entry point for malicious users to invade users privacy. With that in mind, we tested the AEG Smart Scale PW 5653 BT, specifically the Bluetooth ...
Android WebView: Are Secure Coding Practices Being Followed?

Android WebView: Are Secure Coding Practices Being Followed?

WebViews are very common on the Android applications. There are clear WebView security best practices, but are they being implemented? With our previous blog post in mind, Android WebView: Secure Coding Practices, ...
NFCdrip: Data Exfiltration Research in Near Field Communication

NFCdrip: Data Exfiltration Research in Near Field Communication

Near-field communication (NFC) is a set of protocols that enables two electronic devices to establish communication by bringing them very close together. Usually the devices must be within less than 4cm. Contactless ...
Get Freebies by Abusing the Android InApp Billing API

Get Freebies by Abusing the Android InApp Billing API

Security researchers started talking about vulnerabilities in the Android InApp Billing API years ago, but we found it worthwhile to take another look to see how it has improved (or not) and ...
Hack.lu 2018: Mind The (Air)Gap - Erez Yalon and Pedro Umbelino

Smart Bulb Offers Light, Color, Music, and… Data Exfiltration?

Smart bulbs are widely known as a successful offering in home automation and IoT products, as they are internet-capable light bulbs that allow home users to customize the colors, schedule on and ...
Navigation Apps: Leading the Way? Or Following You?

Navigation Apps: Leading the Way? Or Following You?

In the United States alone, 84% of adults are using navigation applications, according to a recent Gallup poll. Whether they’re downloading it in an app store or the navigation capability is already ...
(More) Common Security Mistakes when Developing Swift Apps – Part II

(More) Common Security Mistakes when Developing Swift Apps – Part II

In my post last week I shared common security mistakes developers make when building Swift applications – covering insecure data storage, symmetric key algorithms, insecure communication and more. If you haven’t read ...
Common Security Mistakes when Developing Swift Applications – Part I

Common Security Mistakes when Developing Swift Applications – Part I

Overview: Data Storage and Communication Security Swift was first introduced in 2014 at Apple’s Worldwide Developers Conference (WWDC) as the iOS, macOS, watchOS and tvOS de facto programming language. Designed by Chris ...
Loading...