Working From Home Security Checklist

If you’re like me then you’ve probably spent most (all) of the last year working from home. The UK Government stance went from “Work from home if you can” to “go back to the office” then back to the original advice. I think most people however just stayed WFH. Working from home can be aContinue reading “Working From Home Security Checklist”

Recent iOS 14 Vulnerabilities

UPDATE YOUR APPLE DEVICES TO iOS 14.4 (or higher) NOW! Luckily most people that will be interested in reading this will be fully aware of the importance in patching/updating your software but if you’re new here, you need to keep all of your devices up-to-date because the vendors release these very important things called SECURITYContinue reading “Recent iOS 14 Vulnerabilities”

Online Doctor App is Leaking Videos of Patient Consultations

A security researcher named Rory Glover tweeted today that he is able to access video recordings of medical consultations of other patients through the Online Doctor app, Babylon Health. Rory claims that over 50 video recordings of private consultations are being leaked publicly. If this claim is valid then Babylon Health may be liable forContinue reading “Online Doctor App is Leaking Videos of Patient Consultations”

Apple Macs Transitioning to ARM in 2021

According to Bloomberg, Apple are going to announce at the upcoming Worldwide Developer Conference (WWDC20) a transition to ARM-based processors for all Macs. It will be interesting to see how Apple maintains compatibility for all of the x86 compiled apps which have been on macOS forever. This may also be another sign that we’re goingContinue reading “Apple Macs Transitioning to ARM in 2021”

FitBit Users Can’t Turn off Friend Requests

A UK-based web application security researcher today noticed that his FitBit account is subject to ‘Friend Requests’ from other FitBit owners. The researcher known only as -Redacted- today tweeted about a Friend request he received. He proclaims that he bought a FitBit for his own personal usage and to track his exercise goals. Friends onContinue reading “FitBit Users Can’t Turn off Friend Requests”

Romanian Cash Machine Skimming Gang Stole $1.2 Billion From Tourists in Mexico

The cash machine company “Intacash” installed sophisticated debit and credit card skimming devices on at least 100 machines, and distributed them throughout Mexico, including in many tourist spots. Intacash is owned by Florian ‘The Shark’ Tudor, who is allegedly also the leader of Romanian mafia gang ‘Riviera Maya’. It is alleged the skimming operation stoleContinue reading “Romanian Cash Machine Skimming Gang Stole $1.2 Billion From Tourists in Mexico”

Penetration Testing and App Security Services

We are a growing information security startup in Scotland. James is our lead consultant and we have a small army of contractors. Our services include: Complete application security reports, tailored as requested (black-box/white-box, threat modelling/full risk assessment, etc.) Cloud, mobile, and web application penetration tests Reviews and reports for US-compliance requirements, including FIPS 140-2 –Continue reading “Penetration Testing and App Security Services”

The Only Way to Bypass SSL Pinning on iOS 13

Use Frida and Objection! By now you should know how to install Burp Suite and set it up to proxy your iOS device. If this is all you do then you will come up against TLS errors. You have to use Frida and Objection to inject an SSL bypass into the app you’re interested in.Continue reading “The Only Way to Bypass SSL Pinning on iOS 13”

How to Manipulate Riddle Votes

DISCLAIMER: Don’t do this! Lots of websites like the BBC use riddle.com to poll their readers’ opinions. It doesn’t seem like Riddle creates a nonce or token for any new vote so it’s simple AF to game it. All you need is Chrome Dev Tools and a Bash terminal. From today’s research I noticed aContinue reading “How to Manipulate Riddle Votes”

Digital Medical Device Security Assessments

Lately I’ve been heavily involved in assessments on a couple of different medical devices. I can’t lay down specifics on the types of device or the companies at the moment but you can use your imagine. The devices are of the ‘smart’ genre and the end-user is a patient with health concerns. These assessments haveContinue reading “Digital Medical Device Security Assessments”