Meet zAnti

zAnti 1.0 - The new ANTI

The new zAnti 1.0 (previously named ANTI during its beta process) Some might remember the Zanti creature from the "Outer Limits" TV show.
Here's a Youtube video of the episode, "Zanti mistfits" (1963).

The Über Scary Zanti

The software is actually named as part of our series including zCore IPS, zDefender and zAppliance, but zAnti might just be as über scary as the monster!

zAnti has almost 100,000 users and lots of feedback. As it grows, we increase our focus on the tools alongside our daily mission - to make this world a safer place.

Some of zAnti 1.0 changes:

- New and improved UI

- Cloud-based reporting - this will allow us to improve your results by providing better analysis for vulnerabilities for Client/Server side attacks - This will allow you to view comprehensive assessment reports from everywhere!

- Additional vulnerabilities recognition (e.g : MS12-020)

- Two new ways of looking at your network: Analyze and Visualize

- zAnti Pentester's world cup !

We’re also continuing development of an iOS zAnti and improving the user performance and ease-of-use to create the best product for our community and for the IT Managers / Penetration Testers and Security enthusiastic people  who appreciate and understand that knowing your security status is important!

Compared to other development teams we are not big, only 9 Ninjas, but since it only took 3 Ninjas to change the world with the original ANTI, 9 allows us to make even bigger improvements to current state of smartphone security.

The first Pentesters Worldcup!

The Pentester’s World Cup is part of Zimperium’s efforts to increase awareness about mobile security, and simultaneously enhance the security of its range of award-winning products.

We live in a dangerous mobile world today, and our goal is to significantly raise awareness about security and take steps toward securing our mobile future. The World Cup also presents an opportunity for the world’s best hackers to challenge our products and make them better.

Competitors will use our zAnti Penetration Testing software for smartphones and perform a variety of tasks such as scanning networks and finding vulnerabilities and security holes in the networks, or even cheating - finding and reporting a bug in our scanning engine will get the finder with 5000 points and a zAnti T-Shirt - while affecting the score of all the cheaters who used the same technique - As you would expect from Hacker's World cup!

Prizes:
The entrants will be scored on their performances and also rewarded for finding bugs.

The winner will be awarded the “Black Card” - entrance ticket worth $2,000 for the Black Hat event during July 25-26 and a hotel accommodation at Las Vegas.
The top 10 players will receive free Platinum, Gold or Silver accounts in zAnti, besides T-shirts and wristbands to enter Zimperium’s closed event at the Las Vegas Black Hat.

The World Cup ends July 16.

 

How have we changed the world with zCore IPS™?

zCore Mobile Intrusion Prevention System (MIPS) is an innovative, patent-pending protection technology that can be implemented at either the firmware or core OS level of a mobile device. It features an advanced Mobile Intrusion Prevention System solution bundled with zMitigation™, offering enterprises and governments tailor-made government-grade exploit protection against network attacks (MITM), targeted attacks (APT), worms and even zero-day threats.
zCore comes with zAppliance™ hardware or cloud-based appliance to control your organization’s network security and protocols.

If you're interested in hearing more about zCore's solutions, feel free to contact us directly at info@zimperium.com

Links & Downloads

zANTI 1.0 Download link : http://zantiapp.com/zanti.apk

Pentesters world cup: http://zantiapp.com/cup

Twitter - @ihackbanme, @z4ziggy  

Twitter - Zimperium : @Zimperium, @antiproject 

Sign up for the upcoming Blackhat event

Special thanks for the great team at Blackhat for sponsoring the winning ticket of the first Pentester's Worldcup!

zCore IPS / zAppliance BETA signups

DEMO Spring 2012 Announcement

We're proud to announce our zCore IPS™ / zAppliance™ Technology which makes your smartphone safer and data secure against modern smartphone cyber-attacks.

zCore IPS : The first Mobile IPS:

We have currently launched the private beta, you may sign up via our site  (zCore IPS / zAppliance).
Current beta is only offered for companies who wish to protect smartphones that connect to internal services such as emails, VPN and internal services (CRM, etc).
I had an email interview with Darlene Storm from ComputerWorld, describing what Zimperium zCore/zAppliance provides, you're welcome to read. She did a really great job, and we're really proud of what she had to say about us.

DEMO2012 was a great experience, we've met with lots of brilliant start-up, entrepreneurs as well as many key people in the Valley. It's been amazing and memorable.

I've had quite an exciting week preparing for DEMO right after Hackito Ergo Sum, which was amazing event in the uniquest venue I've ever spoke at.
I'm happy to say I'll be around in the Valley for another 6 days.

Next stop is at Hack In The Box Amsterdam, where I will speak together with Nir Goldshlager on Web Application hacking in bug bounty programs.

BETA status: Currently available to organizations / mobile carriers and selected security researchers. zCore-Enabled™ devices are expected in early 2013.

I'm glad that the security community keeps appreciating our work and innovation at Zimperium, and really happy to be part of this community with such amazing people!
Thanks for allowing us to Secure Your World.

Best regards,
Zuk


edited:
To fit current changes, status, modified URLs to be active..

Anti - Android Network Toolkit 2.1 is out

The full Android Network Toolkit (Anti) app/APK is located at : http://anti.zimperium.com

In-order to download the App (version 2.1) click on Register & Download, Choose email/password and you may download straight to your phone.
Make sure 3rd party application is enabled on your phone via Settings -> Applications -> Unknown Sources.

p.s:
The app is also available via Android Market (lite version without *ANY* offensive capabilities in-order to fully comply with Android/Google ToS), named : "AntiLite".

Enjoy & Thank you for all the feedback/support!!

Android Network Toolkit (Anti) Capabilities Video

One of the comments asked about how to use the app, I think the best would be posting that recently I helped in designing one of our videos, this is the result:
This video aims to help understand Anti's options quickly.
That was the main purpose, enjoy!

Anti - Android Network Toolkit Release Information

UPDATE: zAnti 1.0 was released
Don't read this post and move to this one : http://imthezuk.blogspot.com/2012/06/meet-zanti.html




===========================

The full Android Network Toolkit (Anti) app/APK is located at : http://anti.zimperium.com

In-order to download the App (version 2.1) click on Register & Download, Choose email/password and you may download straight to your phone.
Make sure 3rd party application is enabled on your phone via Settings -> Applications -> Unknown Sources.

p.s:
The app is also available via Android Market (lite version without *ANY* offensive capabilities in-order to fully comply with Android/Google ToS), named : "AntiLite".

Enjoy & Thank you for all the feedback/support!!

Older posts:
The App is not available to general public now. App is available to BETA testers, read end of post.
We're working very hard to get an public official release ASAP.
The APK will be available via the official market.

Please DO NOT WRITE your emails in the comments : you may register for pre-release at : Anti - Android Network Toolkit Site
RC1 is out. and has many improvements (such as: RC1's Spy Plugin is now supporting direct link browsing & username/password sniffing capabilities).
 Press contact : press@zImperium.com
Future updates will be posted on zImperium's website

UPDATE (EOD 15/10/2011): Anti - Android Network Toolkit BETA
UPDATE (20/10/2011): New version of Anti BETA is out!

We've done major improvements on both Anti the app, and on our server side.
Major fixes done:
        - Exploit server is now online.
        - After successful PC exploitation options are:  Screenshot, Process list, Execute command, Reboot, and more to be implemented soon.
        - While exploiting - New progress bar.
        - Uploading files to HTTP Server running on the phone
        - Spy plugin works now.
        - Minimum version required for Anti now is Android 2.1Update1 which means, more devices are capable of running Anti now!.
        - UI Fixes.
        - New design for attack circle.
        - Small bug fixes.
If you're currently in the beta, uninstall your current version and download the new plugins from the BETA Site

PLEASE DO NOT POST EMAILS IN COMMENTS.

1st Place at 'Vulnerable Mobile Application' Contest

Our submission to the vulnerable APP contest won the 1st place - Motorola XOOM tablet!

Here's one way to exploit the app:

• Simple command injection input : "/sdcard/xyz.log:thisifa`/system/bin/id > /sdcard/zukilog.log`fakeemail@gmail.com:this is my new message"

I will share the source and more possible ways to exploit it post Blackhat/DEFCON...

Creating a vulnerable Android application

Vulnerable Android App

Follow me on twitter @ihackbanme


Okay, so this was a little journey to create the most vulnerable Android app for a competition by Jack Mannino (first prize was Motorola XOOM).

I must say, I've been creating lots of vulnerable programs in the past as PoCs/research, but it was usually just one security bug or two, so it was easy to determine when it was the actual security bug for the research or another bug, by mistake.
In this app, there are so many bugs, and we've also decided to write it as bad as possible with as much bad code habits we can possibly create (like tons of variables that are used for the same string or not being used at all, etc), a thing which led it to be almost impossible to debug and add features.
What I think we should have done was creating a working application first, and then adding vulnerabilities and making the code as bad as possible.
The App requests more permissions than it uses. In-app exploitation will not lead to root, but will lead to very high capabilities which another app didn't initially have requested upon installation.
Also,this app can be remotely exploited.
Download the MoshZuk Application: contains the following vulnerabilities:

1. Stack Overflow
2. Heap Overflow
3. SQL Injection
4. Command Injection
5. Format Strings
6. Double Free
7. Directory Traversal
8. Race Condition
9. Hardcoded Passwords
10. Bad code habits
11. Overblown permissions
12. Bad file permissions

The best part is, we've specially constructed the vulnerabilities so it can be chained (extra points in this competition):
e.g  Unchecked permissions (or unchecked sender) may lead to -> Directory traversal + RACE Condition + Heap(or stack) Overflows / Command injection.
First the APK will be released only, so you can test it out and use it to find vulnerabilities within it. After a while we will release some demos and exploitation methods. I hope that we will be able to maintain it to add more vulnerabilities + ways to exploit it, remote and locally (possibly via intents to make it easier).

What the app does is to send from one GTalk client to another (must have 2 email accounts). A Gtalk message will be sent to the user which will be able to respond a message according to a protocol of MoshZuk.
What is it being used for? Send yourself quick notes so you can remind yourself later via reading the log file or via reading GTalk history.
The protocol for incoming messages is delimited by ":", any other message will receive a "Not supported in protocol" message [HINT: Only 2 ":" are needed per message].
I can tell more about it, by I prefer that you will reverse it and enjoy it more!

Check logcat for details on debug info!
Download MoshZuk APK is here, I will release the code later on!
Enjoy!

The application was developed by Moshe Vered and Itzhak 'Zuk' Avraham, Feel free to hack it as much as possible, don't forget to write your exploits in the comment section :)