#QRLJacking - Hijack QRL Code.

          Authentication is one of the crucial parameter in Information security. It is achieved by passwords, biometrics and 2FA and many other means. One of the feature considered to be much secure is QR code. Recently a security researcher hijacked the QR Code.

           QR code is the two dimensional data that has secret information including secret keys and session details. QR codes has been used by many sites including WhatsApp for authentication WhatsApp Web in browser or in desktop client.

           The security researcher produced a fake login page which resembles the one as WhatsApp web and then he made a script to change the QR code which will change every 20 seconds in Original site. So whenever the QR code changes it will reflect in the fake page. The technique is dubbed as #QRLJacking.

           If the user scans the QR code using his/her mobile then the account will be hijacked and the session will be opened in the Attacker machine with full authentication.

           This can be done if the page has been faked and then the QR code which changes in the period of time should also be updated in the fake page. 

           The security researcher has also created a PoC and it can be viewed public here.

P.S: The post is to create awareness and not to be misused.

Verified Boot - Android Nougat.

          Technology giant Google is about to roll out their new mobile operating system version in the name of #Android Nougat. It has many new cool features and now another cool feature has been released.

           Being a huge platform it is one of the most targeted platform for attackers and for spreading malwares and rootkits. Normal user will not be aware of the malware until its action goes abnormal. Inorder to help them a new feature #Verified Boot has been enabled by Android.

            Upto Android 6.0, the device will boot up even if the device is compromised by malware by popping up an alert to users but now they are strictly enforcing verified boot.

            After the installation of Android Nougat if your device has been affected by malware or any rootkit your device wont even boot up by showing you an error. This state is merely similar to bricking the device.

            Data corruption caused due to hardware or software failure will also fail in verified boot and so the device wont boot but Android is having a special program to detect if the problem in data corruption.

            Due to this enforcement, Rooting the device and customizing the kernel may be tedious for users. This feature is considered to be nice for normal people but not for those who want to play with Android Kernel.

P.S: The post is to create awareness and not to create any negative impact.

Earning $500,000 per day through Android.

      Android makes a major share in smartphone operating system which is also a targeted platform for hackers. There are numerous malwares that has been released in the market to exploit users. Recently the revenue made by hackers using Android malware has been released.

       Dubbed #Hummer is one of the Android malware that targets devices and installs itself,roots the device and then download unwanted apps by gaining admin privileges.

       Once this malware has been installed, the developer will get 50 cents and it may seem to be a small money but they are making 500000 USD on daily basis by having 1 million downloads daily.

        The activities of the app will be once installed, it has many rooting exploits which allows themselves to root the device. Then after rooting it will download all the unwanted apps thus consuming bandwidth.

       #Hummer comes in the form of fake apps like facebook, Linkedin and also famous games, utilities and many more.

        The company released the top 5 countries affected by Hummer along with the user numbers

1. India - 154,248
2. Indonesia - 92,889
3. Turkey - 63,906
4. China - 63,285
5. Mexico - 59,192

        Users of Android are recommended not to download any apps through links and even in Play store review the developer before downloading applications.

P.S: The post is to create awareness and not to create any negative impact.