Smart devices as Bitcoin mining slaves

Recently, we blogged about unintentionally installing Android ransomware to an Android HD media player. It is possible and probable that other unwanted programs, such as Bitcoin mining trojans could be installed on a smart device. Background Bitcoin (BTC) is one of several popular digital (virtual) currency payment systems. It is decentralized and functions peer-to-peer (P2P)…

Stagefright scan and removal tool

0xID Labs has created a utility to scan for and remove malformed media files that match certain criteria that resemble a Stagefright exploit. Update August 6, 2015: In light of the recent disclosure by Zimperium at Black Hat 2015, we’ve updated coverage for additional threat vulnerabilities. This tool is for immediate release to use by…

Critical Stagefright flaw, millions affected

In late July, researchers with Zimperium announced the discovery of a critical flaw in the Android library libstagefright, potentially affecting 95% of all Android devices, from Android Froyo (2.2) to Lollipop (5.0). The flaw could result in the device getting owned if successfully exploited. Google illustrates Android media architecture and framework in the following diagram:…

Removing Android ransomware from my tv

In July, you may have read how I unwittingly installed Android ransomware to my HiMedia HD600a HD Media player.   Well I wasn’t going to just toss out my device, I wanted it back, so I worked on getting rid of the ransomware. Timing is everything I have to say, it was very tricky to…

OBD Case Study: Gone in 6 Seconds

History Prior to the 1980s, vehicle diagnostics were more hands-on,¬†and on-board computers were not fully developed. Identifying a car’s trouble meant testing fuses, relays, and opening up components and performing visual inspections, or using timing lights. During the 1980s and early 1990s, cars became more computer-controlled, such as controlling engine idle, vehicle speed and so…