Rediscovery of NetUSB Vulnerability in Broadband Routers

Figure 1 Connecting UART connections to the target device

Recently NewSky Security Labs performed white-box testing on a Netgear networking product, the R6050 model. During our investigation into the system, we found an exploitable vulnerability in the NetUSB module present in the system. NetUSB is a proprietary technology developed by the Taiwanese company KCodes, intended to provide “USB over IP” functionality. NetUSB is included in…

Critical Stagefright flaw, millions affected

In late July, researchers with Zimperium announced the discovery of a critical flaw in the Android library libstagefright, potentially affecting 95% of all Android devices, from Android Froyo (2.2) to Lollipop (5.0). The flaw could result in the device getting owned if successfully exploited. Google illustrates Android media architecture and framework in the following diagram:…

Mobile Intelligence Case Study: General vs Medical apps

In this post, we share some of our findings from submitted apps.  This data reflects our common vision on mobile app vulnerabilities and risks.  On the one hand, malware is not the only threat vector in the mobile space. This is particularly true for sandbox architecture platforms such as Android and iOS, where it is more difficult for…