Defeating SSL Pinning in Coin's Android Application

Overview "Coin is a connected device that holds and behaves like your cards with a magnetic stripe. Use the Coin mobile app to provide key information that we need in order to ship your Coin and to manage the original plastic cards (credit, debit, gift, membership, loyalty and more) that…

Exploiting the Mercury Browser for Android

Overview The Mercury Browser for Android suffers from an insecure Intent URI scheme implementation and a path traversal vulnerability within a custom web server used to support its WiFi Transfer feature. Chaining these vulnerabilities together can allow a remote attacker to perform arbitrary reading and writing of files within the…

Remote Code Execution in Dolphin Browser for Android

Update The PoC is located here: https://www.youtube.com/watch?v=hhpP1rYn_B0 A patch was released on August 27, 2015, update now! Overview An attacker with the ability to control the network traffic for users of the Dolphin Browser for Android, can modify the functionality of downloading and…

Beating Down Android Browsers with Bowser

Overview (!) UPDATE - Bowser has be integrated into Lobotomy (!) When it comes to the vulnerability discovery process within Android Web Browsers, I have developed a toolkit called Bowser that will help in ALMOST complete automation. Bowser currently targets vulnerability classes: Vulnerable parseUri() implementations addJavascriptInterface() In this post we will be…

The Power of Wings | Abusing the Intent URL Scheme Redux

Overview In March 2014 a white paper was released that detailed research from Takeshi Terada around using the Intent URL Scheme in order to effectively attack Android Web Browsers. In this paper he demonstrates how an insecure implementation of the Intent URL Scheme had been leveraged in popular browsers (Chrome,…