Our team of senior security experts recently completed another comprehensive security audit of AmneziaVPN. Over a 16-day period, we rigorously examined their Android, iOS, and Desktop clients, as well as their AmneziaWG and XRay services. Our goal was to identify any potential vulnerabilities and assess the overall security posture of their VPN solution. Key Findings: …
About CoverDrop Whistleblowers need a secure method to initiate contact and build trust with journalists. Existing tools often cater to later-stage correspondence, leaving crucial, early touch-points vulnerable to surveillance. In addition, many of these tools are difficult to find on newspaper websites, hard to use securely, and offer insufficient user guidance. After conducting workshops with …
Android Security, CoverDrop, iOS Security, Journalism Security, Mobile Security, Open Source Security, OTF, Penetration Testing, Pentest, pentesting, Secure Communication, Security Audit, Security Awareness, Security News, Signal Protocol, Whistleblower Protection, White Box Testing
7ASecurity worked with Bridgefy to complete a whitebox pentest of the mobile app, SDK, cloud infrastructure, and privacy to help improve Bridgefy’s overall security posture. What is Bridgefy? Bridgefy, a popular mobile messaging app, allows you to send offline messages by leveraging Bluetooth technology. This app aims to provide secure messaging when infrastructure is not …
Android, Bridgefy, cloud, Cloud Audit, iOS, messaging app, Mobile Application Security, Mobile Application Security Verification Standard, Mobile Security, Mobile Security Testing Guide, OWASP Application Security Verification Standard, OWASP Testing Guide, OWASP Top 10, Penetration Testing, Pentest, Security News, Web Security
This blog post summarizes a whitebox security review conducted by 7ASecurity against the ArgoVPN platform. What is ArgoVPN? ArgoVPN is a free VPN with an unlimited bandwidth that is developed for Android devices. It allows users to visit blocked websites, online services, social media and messaging apps. The developers designed ArgoVPN to meet the needs …
Android, ArgoVPN, Mobile Application Security, Mobile Application Security Verification Standard, Mobile Security, Mobile Security Testing Guide, OWASP Top 10, Penetration Testing, Pentest, Security News, VPN
7ASecurity had the privilege to collaborate with the Open Source Technology Improvement Fund (OSTIF), as well as the K-9 Mail and Thunderbird teams at Mozilla, in a recent security audit of the Mozilla K-9 Mail application. What is K-9 Mail? K-9 Mail is an open source email application that runs on most Android devices. Ideally, the application is reliable, intuitive and secure …
Android, K-9 Mail, Mobile Application Security, Mobile Security, Mozilla, Network Security, OSTIF, OWASP Top 10, Penetration Testing, Security News, Thunderbird, Web Application Security
Are you testing MitM of an old protocol that starts using clear-text communications?You should consider spoofing server replies with some downgrade attack! This old trick still works sometimes against protocols that like:XMPP, SMTP, POP3 and others Let’s illustrate this with an XMPP example from the field 🙂 Introduction: In XMPP, credentials are not supposed to …
Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] Part 5: RCE in WebView [ MSTG-PLATFORM-7 ] Part 6: XOR Crypto FAIL [ MSTG-CRYPTO-1 ] Part 7: AES Crypto FAIL [ MSTG-CRYPTO-1 ] The OWASP Mobile Application Security Verification …
Bully API, Government-Mandated Apps, MASVS, Mobile Application Security Verification Standard, Mobile Security, Mobile Security Testing Guide, MSTG, MSTG-AUTH-1, Password Leak, Smart Sheriff, South Korea
Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] Part 5: RCE in WebView [ MSTG-PLATFORM-7 ] Part 6: XOR Crypto FAIL [ MSTG-CRYPTO-1 ] The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog …
Android, Crypto, Government-Mandated Apps, Java, MASVS, MitM, Mobile Application Security Verification Standard, Mobile Security, Mobile Security Testing Guide, MSTG, MSTG-CRYPTO-1, Smart Sheriff, South Korea
Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] Part 5: RCE in WebView [ MSTG-PLATFORM-7 ] The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog post, under section V3: Cryptography Requirements, as follows: …
Android, Crypto, Government-Mandated Apps, MASVS, Mobile Application Security Verification Standard, Mobile Security, Mobile Security Testing Guide, MSTG, MSTG-CRYPTO-1, Smart Sheriff, XOR
Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog post, under section V6: Platform Interaction Requirements, as follows: MSTG‑PLATFORM‑7: If native methods of the app …
addJavaScriptInterface, Android, Government-Mandated Apps, MASVS, MitM, Mobile Application Security Verification Standard, Mobile Security, Mobile Security Testing Guide, MSTG, MSTG-PLATFORM-7, Smart Sheriff, South Korea