Last year, at DEF CON‘s Recon Village and Bsides Las Vegas, I gave a talk explaining a new OSINT technique to obtain a target’s phone number by knowing their email address. Feel free to read the detailed post explaining the techniques or watch the talk. If you insist on a TL;DR, I demonstrate how the …
From email to phone number, a new OSINT approach
Lately I’ve been spending time researching weaknesses and attack vectors in password reset options. At BSides Las Vegas I presented a tool called “Ransombile”. It automates the password reset process over SMS for many Alexa top 100 websites and facilitates targeted attacks when having physical access to locked mobile devices for a short period of …
GoogleMeetRoulette: Joining random meetings
A while ago, I was at a friend’s house and he mentioned he had to join a work meeting. He used Google Meet to join. The WiFi was acting weird and he was not able to follow the discussion. Someone suggested that he could “call in” making a regular phone call. I overheard that and immediately found …
Ransombile: Yet another reason to ditch SMS
There are more mobile devices than actual people on this planet. These contain loads of personal information, private files and sensitive data. We carry them everywhere at all times and as such, we are prone to lose them or leave them unattended. What are the real consequences of doing so? News like the Apple vs FBI …
Compromising online accounts by cracking voicemail systems
I just achieved one of my career goals, giving a talk at DEF CON. What an incredible experience, I cannot thank enough the amazing people that make this con happen. My talk’s title was “Compromising online accounts by cracking voicemail systems” and I thought I write a blog post about it for people that was …
DIY Spy Program: Abusing Apple’s Call Relay Protocol
Introduction Apple introduced a new set of features in iOS 8 and Yosemite under the name “Continuity”. These features allow iPhones to work with other iDevices such as Macs and iPads in new ways. Handoff, Instant hotspot and Airdrop are some of the new services offered by Continuity. Among these new services is one named …
Design flaws in Lastpass 2FA implementation
As part of a Red Team engagement I found myself looking for a way to bypass two-factor authentication (2FA) in Lastpass. Unfortunately this happened before Tavis Ormandy reported multiple 0-days in Lastpass. Would have saved us so much time! Anyway, 2FA is an additional layer of security to protect user accounts from attackers that have already compromised your password. I mention …
How to steal $2,999.99 in less than 2 minutes with Venmo and Siri
Venmo is a very popular mobile app which simplifies payments among friends. Once you link your bank account or credit card, you can start sending money to others, instantly. With Venmo, you are not limited to just make payments. It allows you to charge others as well. Say your friend had no cash for that tasty burrito …
Even the LastPass Will be Stolen, Deal with It!
I am back from Amsterdam after presenting our research at Blackhat “Even the LastPass Will be Stolen, Deal with It!” together with Alberto Garcia. We had a blast at the conference and we got great feedback from the audience. Many asked for the video, slides, etc. so I though it was worth writing a post …
About today’s LastPass breach
Today, LastPass issued a security notice on their blog explaining that they detected some suspicious activity on their network. They believe that “LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised” but also that the encrypted passwords (the vault) was not accessed. What does all this really mean? I found …