Apple's New MacBook Disconnects Microphone "Physically" When Lid is Closed

Posted by on
 October 31, 2018  Mohit Kumar Apple introduces a new privacy feature for all new MacBooks that "at some extent" will prevent hackers and malicious applications from eavesdropping on your conversations. Apple's custom T2 security chip in the latest MacBooks includes a new hardware feature that physically disconnects the MacBook's built-in microphone whenever the user closes the lid, the company revealed yesterday at its event at the Brooklyn Academy of Music in New York. Though the new T2 chip is already present in the 2018 MacBook Pro models launched earlier this year, this new feature got unveiled when Apple launched the new Retina MacBook Air and published a full security guide for T2 Chip yesterday. "This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed,...

Most Important Android Application Penetration Testing Checklist

Posted by on

Most Important Android Application Penetration Testing Checklist

Android Penetration testing 
  • Check for server side validation.
  • Admin/user account compromise.
  • Check for root detection method/bypass it.
  • Bruteforce authentication.

Penetration Testing Android Server side checks

  • Check for client side injection (XSS).
  • Username enumeration.
  • SQL injection
  • Malicious file upload.
  • Check for all HTTP methods (PUT, DELETE etc. Use burp intruder using HTTP verb tampering).
  • Check for session management (cookie flaws, session overriding, session fixation etc.).
  • CAPTCHA implementation flaws & bypass.
  • Run nikto, dirb websever scanner.

Open Android Security Assessment Methodology

Android Security controls are structured in the following section for reference framework on Android application vulnerability assessments.
  • OASAM-INFO: Information Gathering: Information gathering and attack surface definition.
  • OASAM-CONF: Configuration and Deploy Management: Configuration and deploy assessment.
  • OASAM-AUTH: Authentication: Authentication assessment.
  • OASAM-CRYPT: Cryptography: Cryptography use assessment.
  • OASAM-LEAK: Information Leak: Confidential information leak assessment.
  • OASAM-DV: Data Validation:User entry management assessment.
  • OASAM-IS: Intent Spoofing: Intent reception management assessment.
  • OASAM-UIR: Unauthorized Intent Receipt:Intent resolution assessment.
  • OASAM-BL Business Logic: Application business logic assessment.

 

  • OASAM-IS: Intent Spoofing: Intent reception management assessment.
  • OASAM-UIR: Unauthorized Intent Receipt:Intent resolution assessment.
  • OASAM-BL Business Logic: Application business logic assessment.