7ASecurity worked with Bridgefy to complete a whitebox pentest of the mobile app, SDK, cloud infrastructure, and privacy to help improve Bridgefy’s overall security posture. What is Bridgefy? Bridgefy, a popular mobile messaging app, allows you to send offline messages by leveraging Bluetooth technology. This app aims to provide secure messaging when infrastructure is not …
Android, Bridgefy, cloud, Cloud Audit, iOS, messaging app, Mobile Application Security, Mobile Application Security Verification Standard, Mobile Security, Mobile Security Testing Guide, OWASP Application Security Verification Standard, OWASP Testing Guide, OWASP Top 10, Penetration Testing, Pentest, Security News, Web Security
This blog post summarizes a whitebox security review conducted by 7ASecurity against the ArgoVPN platform. What is ArgoVPN? ArgoVPN is a free VPN with an unlimited bandwidth that is developed for Android devices. It allows users to visit blocked websites, online services, social media and messaging apps. The developers designed ArgoVPN to meet the needs …
Android, ArgoVPN, Mobile Application Security, Mobile Application Security Verification Standard, Mobile Security, Mobile Security Testing Guide, OWASP Top 10, Penetration Testing, Pentest, Security News, VPN
Are you testing MitM of an old protocol that starts using clear-text communications?You should consider spoofing server replies with some downgrade attack! This old trick still works sometimes against protocols that like:XMPP, SMTP, POP3 and others Let’s illustrate this with an XMPP example from the field 🙂 Introduction: In XMPP, credentials are not supposed to …