doubleagent.net

doubleagent.net

Sign in Subscribe

How did Facebook spy on encrypted traffic from a mobile VPN app?

How did Facebook spy on encrypted traffic from a mobile VPN app?

A technical investigation into claims made in a class action lawsuit that Facebook had intercepted encrypted traffic from user's devices running the Onavo Protect app in order to gain competitive insights.

GTPDOOR - A novel backdoor tailored for covert access over the roaming exchange

malware Featured

GTPDOOR - A novel backdoor tailored for covert access over the roaming exchange

Discovery and analysis of a magic packet type implant that communicates C2 traffic over the GTP-C 3GPP protocol.

Gamified tooth brushing

Gamified tooth brushing

A quick look into a connected toothbrush. Surprisingly this one was rather well behaved.

Battling the dynamic linker with lazy bindings and the AFL++ fuzzer

Battling the dynamic linker with lazy bindings and the AFL++ fuzzer

Notes on fuzzing with AFL and shared libraries can't resolve symbols

BM2 - Dumping and modifying the battery monitor firmware

BM2 - Dumping and modifying the battery monitor firmware

Part 4 of the battery monitor series - Two methods to obtain the firmware from the hardware for analysis and modification

That battery monitor that spied on it's users. What happened after it was exposed?

That battery monitor that spied on it's users. What happened after it was exposed?

8th May 2024 - The following is an "archive" of the investigation done live over X / Twitter to find out what changes had been made after my expose on a popular car battery monitor which you can read here. At the time of the original postings, it had

A smart Wi-Fi power plug that almost killed me (literally)

A smart Wi-Fi power plug that almost killed me (literally)

Exploring a Smart Wi-Fi plug when something goes very wrong ..

Mate, your smart lightbulb is tracking your location

Mate, your smart lightbulb is tracking your location

Answering a friends question on why his lightbulb app was asking for location permissions. An archive of the "live tweeting" which lead to the answer ...

BM2 - Reversing the BLE protocol of the BM2 Battery Monitor

BM2 - Reversing the BLE protocol of the BM2 Battery Monitor

Part 3 of the battery monitor series -Analysing the BLE protocol in a car battery monitor to set the foundations to replace the application which tracks user’s location

BM2 - An analysis of location tracking in the AMap mobile SDK

BM2 - An analysis of location tracking in the AMap mobile SDK

Part 2 of the battery monitor series - A deep dive into the location tracking functionality of a popular location SDK package.

Discovering that your car battery monitor is siphoning up your location data

Discovering that your car battery monitor is siphoning up your location data

Reverse engineering an Android app for a Bluetooth connected car battery monitor with some startling discoveries ...

TP-Link VR1600v2 / AC1600 router firmware extraction

TP-Link VR1600v2 / AC1600 router firmware extraction

Extract firmware out of the TP-Link VR/AC 1600 router with a simple hardare modification