Connect with us


Twitter Android app milked for matching phone numbers accounts



Ibrahim Balic has become a name that Twitter will surely remember. The researcher discovered a flaw in a Twitter Android application that led to the unfortunate gift of matching 17 million phone numbers, when loaded, with accounts.\


Image result for Twitter Android app milked for matching phone numbers, accounts


He had been doing it for two months, according to reports, before Twitter blocked him on December 20.

These meetings took place in Israel, Turkey, Iran, Greece, Armenia and Germany. Some of the accounts came from government officials, according to reports.

How did Balic do it? He uploaded a list of phone numbers generated via Twitter’s contact upload function, said TechCrunch.

Zack Whittaker, TechCrunch’s security director, told the much-cited story of the investigator’s phone number account exploit. Specifically, Whittaker writes, Balic “generated more than two billion phone numbers one after the other, then randomized the numbers and uploaded them to Twitter via the Android application. (Balic said the error did not existed in the web-based upload feature.) ”

Bill Toulas on TechNadu also noted that Twitter had a block that prevented the loading of lists of numbers in a sequential format, in anticipation of possible abuse, but the uploading of “huge lists” via the Android application was “still perfectly feasible “.

TechCrunch, in fact, wanted to see for itself if the Balic experience could work for them too. Whittaker reported internal results. “Using the site’s password reset feature, we verified their results by comparing a random selection of usernames with the phone numbers provided. In one case, TechCrunch was able to identify an elderly Israeli politician using his number. phone. coincident. ”

This wouldn’t be the first time security observers will have heard of Balic, previously known to have identified a security flaw in 2013 that hit Apple’s developer center.

Stacy Liberatore in the Daily Mail said that “although Balic did not warn Twitter of the error, he was responsible for informing high-profile users via WhatsApp.

Jon Fingas in Engadget, meanwhile, said the company’s spokesman, Aly Pavela, that the company was investigating the error. “He blocked the business by suspending accounts used to get information from people,” said Fingas.

He showed the Twitter statement in response:

“We take these reports seriously and are actively investigating to ensure that this error cannot be exploited again. When we become aware of this error, we suspend the accounts used to improperly access people’s personal information. Protect people’s privacy and security. using Twitter is our number one priority and we remain focused on quickly stopping spam and abuse that comes from using the Twitter API. ”

Toulas, TechNadu, reported on how things were going on Wednesday. “As a platform spokesman said, they will now address the API gaps that allow for this type of abuse.”

Meanwhile, the news of the clashes has attracted responses from Engadget readers who are also informative. They show that not everyone reacts equally to data breach and contact disclosure headlines. The reactions cover a range of those hardened by all of this, but they say that if they have nothing to hide, they just relax, their phone number isn’t the end of the world, for those who say no, it’s really a big deal , In the digital years.

An example among the disgusted: “Ugh, never trust these companies with your number /” and another, “I’m not stupid enough to include my phone number on a social network website. Any site that requires a Account number The account creation phone is not “Not worth my time”.

Unimportant comment: “It looks horrible … oh, do you remember for decades when we had these crazy phone calls that had not only your phone number but also your home address? The horror.”

Counter comment: “It’s not about information per person, but about how information can be abused by hundreds, thousands and millions of people around the world quickly and cheaply.”

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Japan’s Super Nintendo World theme park will feature smart Mario-themed wristbands




Super Nintendo Land, Mario’s thematic expansion for Universal Studios, is emerging as one of the most interesting and infused theme park theme attractions to date.


Image result for Japan’s Super Nintendo World theme park will feature smart Mario-themed wristbands


The park, which will be launched before the 2020 Tokyo Olympics as part of Universal Studios Japan in the city of Osaka, will feature portable bracelets called “Power Up Bands” which will synchronize with a smartphone application and follow digital activities as you walk, according to Bloomberg journalist from Tokyo Kurumi Mori, who attended a press event at local time on Tuesday, describing in detail new elements of Super Nintendo World.

According to Mori, the bands will allow guests to collect digital coins and compete with other park goers. Thierry Coup, creative director of Universal Creative (the theme parks design and research and development division of Universal Parks & Resorts), made the announcement series during the celebration of the park’s global launch, where he called Super Nintendo World ” a natural size “. video game. ”

The mobile application will have a map above the game style to find attractions and you can create a profile and unlock achievements. At the moment it is not clear why you should collect these digital currencies beyond the rights of bragging rights, but you can imagine some form of prizes to win, such as Mario memories or other prizes with Nintendo themes. It could also be an interactive component module for games or games that you can play in the park.

According to Coup, Osaka will get the first Super Nintendo Land, followed by the complementary sites of Universal Parks in the United States. UU., In Hollywood, California and Orlando, Florida, as well as Singapore. There is still no concrete timetable on when the park will arrive in the United States. We don’t know much more about the expansion, besides confirming that there will really be a real world tour of Mario Kart, because how could I open a Super Nintendo World without one of those?

While we wait for more information, enjoy this new music video by the artists Galantis and Charli XCX, who collaborated in the drafting of the official Super Nintendo World song called “We Are Born to Play”.

Continue Reading


Black Shark 3 Reportedly Features 2K Display With 120Hz And 16GB RAM




“Black Shark 3 should ship with Snapdragon 865 SoC, run on Android 10 with a custom MIUI mask and 5G connectivity”


Image result for Black Shark 3 specifications leaked, 16GB RAM and 120Hz display expected

Black Shark 3 is said to be the next smartphone for Chinese brand games. It has recently been certified by the Ministry of Industry and Information Technology with the model number KLE-A0.

This revealed that Black Shark 3 would include support for dual mode 5G connectivity. Rumors suggest it could be launched next month. Now, a string of new leaks has revealed some key phone specs, including a Quad HD + display with a 120Hz refresh rate.

The phone will also have an option to reduce the screen resolution from 2K to 1080p, which should save some battery life.

On the other hand, the well-known whistleblower Sudhanshu claims that the Black Shark 3 could be the first phone equipped with 16 GB of RAM.

The maximum amount of RAM in a smartphone has so far been 12 GB, and some may say that 16 GB of RAM will be excessive, even in a gaming smartphone.

The Black Shark 3 is expected to ship with the newly launched Qualcomm Snapdragon 865 SoC. Unfortunately, that’s all we know about the Xiaomi Black Shark 3 right now, but we hope to find more information in the coming weeks. To remember, Xiaomi Black Shark 2 Pro was the brand’s latest gaming smartphone.


Image result for Black Shark 3 specifications leaked, 16GB RAM and 120Hz display expected


Black Shark 2 Pro specifications

The Black Shark 2 Pro has a 6.39-inch AMOLED display with a resolution of 1,080 x 2,340 pixels, DC dimming and a high touch sampling rate of 240Hz. It is powered by the Snapdragon 855 Plus SoC together with the Adreno 640 GPU, 12 GB of RAM and comes with two storage variants: 128 GB and 256 GB. The phone works with Android 9.0 Pie with the MIUI 10 custom mask at the top.

In terms of optics, the dual rear camera configuration of the Xiaomi Black Shark 2 Pro package with a 48 megapixel main camera and a 12 megapixel telephoto lens.

There is a 20 MP camera in the front for selfies and video chats. Connectivity options include 4G LTE, dual SIM slot, dual band Wi-Fi, Bluetooth 5.0, USB Type-C and A-GPS with GLONASS. A 4,000 mAh battery with support for Quick Charge 4.0 technology powers the phone. There is a fingerprint sensor on the screen for added security.

Continue Reading


‘Shopper’ Malware Affects Over 14% of Indian Smartphone Users With Fake Reviews




A new Trojan application is driving evaluations and installations of popular shopping applications and spreading ads that annoy users and over 14% of Indians have been affected by this malware called “Shopper”, the brand’s researchers said on cyber security and Kaspersky antivirus.


Image result for Over 14% Indians affected by ‘Shopper’ malware

A new Trojan application is driving evaluations and installations of popular shopping applications and spreading ads that annoy users and more than 14% of Indians have been affected by this malware called “Shopper”, researchers of the global brand of security Sunday said IT and antivirus Kaspersky.

The highest percentage of users infected with “Trojan-Dropper. AndroidOS.Shopper.a ‘from October to November 2019 was in Russia, with an incredible 28.46% of all users affected by the dependent shopping application located in the country Almost a fifth (18.70%) of the infections occurred in Brazil and 14.23% in India.

“Although, at the moment, the real danger from this malicious application is limited to unwanted advertisements, false criticisms and assessments released on behalf of the victim, no one can guarantee that the creators of this malware will not change their payload to something else. “said Igor Golovin, Kaspersky’s malware analyst, in a statement.

For now, the focus of this malicious application is on retail, but its capabilities allow attackers to spread false information through users’ social media accounts and other platforms.

The Trojan, called the “Buyer”, attracted the attention of researchers after its extensive obfuscation and use of the Google Accessibility Service.


Image result for Over 14% Indians affected by ‘Shopper’ malware


The service allows users to configure an entry to read the contents of the application and automate interaction with the user interface, designed to help people with disabilities. However, in the hands of attackers, this feature poses a serious threat to the owner of the device.

“The malware could automatically share videos containing what the operators behind Shopper want on the personal pages of user accounts and flood the Internet with unreliable information,” added Golovin.

According to the researchers, once the Trojan has permission to use the service, it can get almost limitless opportunities to interact with the system interface and applications. You can capture the data presented on the screen, press the buttons and even emulate user gestures.

It is not yet known how the malicious application is spreading, however Kaspersky researchers believe that device owners can download it from fraudulent ads or third-party application stores while trying to get a legitimate application.

Surprisingly, the application masks itself as a system application and uses a system icon called “ConfigAPKs” to hide from the user.

After unlocking the screen, the application starts, collects information about the victim’s device and sends it to the attacker’s servers. The server returns the commands for running the application.

In particular, depending on the commands, the application can use the device owner’s Google or Facebook account to register for popular purchases and entertainment such as AliExpress, Lazada, Zalora, Shein, Joom, Likee and Alibaba, leave comments on Google applications Play on behalf of the device owner, check the rights to use the accessibility service and if the authorization is not granted, send a phishing request.

The application can also disable Google Play Protect, a function that performs a security check on Google Play Store applications before they are downloaded and opens the links received from the remote server in an invisible window and is hidden from the application menu. After a certain number of unlocked screens.

Continue Reading


Copyright © 2019