A good amount of money has been stolen from my bank account bypassing the double factor authentication.

rootbert said:
If I would place a bet, I'd say you are victim to an exploit of CVE-2025-11708
Click to expand...

Can u help me to find the test to check if Firefox installed on my Android phone is affected by this bug ? And this bug allows to disable the bank app and to read all the informations stored on the phone ?
 
MrBSD said:
Not all banking apps are checking for IMEI number, but if they dont, thats a huge security risk right there. You have to understand that banking apps are not classic android apps. They tie to your phone IMEI, email address, and even phone number. On top of that, many of them are calculating unique identifier number that gets tied to your phone, and they calculate that number based on phone number, imei...etc. As long as your Pinephone has a valid IMEI number, you can use it. Check IMEI number by typing *#06* on phone keypad and validate it here.
Click to expand...

The Pinephone running Linux is a real phone with IMIEI and other features... if it could run Android, it would allow to install the banking app, which would be running on an exotic environment. And therefore, it has some differences that could disturb hackers,who certainly wouldn't expect a user to use something so odd, so that their attack could fail miserably. The whole point here is that the base operating system is no longer Android, but Linux. So the technique of disabling the banking app is doomed to fail, I think because Android will run in some kind of Sandbox. And even the versions of the applications installed will change from Android to Linux,at least for the host os.
 
ZioMario said:
Can u help me to find the test to check if Firefox installed on my Android phone is affected by this bug ? And this bug allows to disable the bank app and to read all the informations stored on the phone ?
Click to expand...
simply check the version installed. But I thought you used a browser on FreeBSD to do your banking?
 

CVE-2025-11708 Impact, Exploitability, and Mitigation Steps | Wiz

Understand the critical aspects of CVE-2025-11708 with a detailed vulnerability assessment, exploitation potential, affected technologies, and remediation guidance.
www.wiz.io www.wiz.io

How nice of them to exploit the bug.

"Mozilla has addressed this vulnerability in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird ESR 140.4. Users are advised to update to these versions or later to mitigate the risk"

In firefox: help->about firefox.

Firefox on my freebsd 14.3R box says it's version is 144.0. So I have the fix.
 
blackbird9 said:

CVE-2025-11708 Impact, Exploitability, and Mitigation Steps | Wiz

Understand the critical aspects of CVE-2025-11708 with a detailed vulnerability assessment, exploitation potential, affected technologies, and remediation guidance.
www.wiz.io www.wiz.io

How nice of them to exploit the bug.

"Mozilla has addressed this vulnerability in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird ESR 140.4. Users are advised to update to these versions or later to mitigate the risk"

In firefox: help->about firefox.

Firefox on my freebsd 14.3R box says it's version is 144.0. So I have the fix.
Click to expand...

I have 144.0. I have the fix. So he used another approach...Before I was worried about the version of Firefox installed on my Android phone. Isn't this relevant ? Because the bank app is installed on Android. Remember that he (or she ?) took the control of the bank app installed on Android.
 
ZioMario said:
I have 144.0. I have the fix. So he used another approach...Before I was worried about the version of Firefox installed on my Android phone. Isn't this relevant ? Because the bank app is installed on Android. Remember that he (or she ?) took the control of the bank app installed on Android.
Click to expand...
I would have thought it was unrelated unless that bank app runs a headless instance of firefox under the covers... like electron..
 
blackbird9 said:
But did you have 144 on the freebsd system when the hack happened, or have you done a pkg upgrade since then?
Click to expand...

You are right. I've upgraded the packages (also Firefox,that I remember forced me to restart),yesterday at late night. I made a mistake. The fact is that I'm porting the panfrost driver on FreeBSD 15.0 and I did it unconsciously. Now I can't be sure if I had the bugged version. :'‑(
 
ZioMario said:
Can u help me to find the test to check if Firefox installed on my Android phone is affected by this bug ? And this bug allows to disable the bank app and to read all the informations stored on the phone ?
Click to expand...
It's evident by simply reading the CVE description. The CVSS score isn't too terrible.
 
ZioMario said:
I have 144.0. I have the fix. So he used another approach...Before I was worried about the version of Firefox installed on my Android phone. Isn't this relevant ? Because the bank app is installed on Android. Remember that he (or she ?) took the control of the bank app installed on Android.
Click to expand...
Double-check the dates and versions of the software in use at the time. This is one reason why you're supposed to install updates all the time on your phone.
 
astyle said:
Double-check the dates and versions of the software in use at the time. This is one reason why you're supposed to install updates all the time on your phone.
Click to expand...

That's a good point. I was focused and I'm yet focused to Firefox installed on Android,not on FreeBSD. Because the fact that he disabled the bank app makes me think that the vulnerability that really matter is there.
 
ngnicholson said:
The only way to really find out what has happened is to let the professionals do a forensic examination of the phone & computer. Unless it is mega bucks the banks will not do this.
Click to expand...

Partially true in my opinion. Because here there are a lot of experienced and smart guys very able to make realistic and nice hypothesys. And inside all the things we say,there are a lot of little pieces of truth.
 
ngnicholson said:
The only way to really find out what has happened is to let the professionals do a forensic examination of the phone & computer. Unless it is mega bucks the banks will not do this.
Click to expand...

Sure. They do their work. We are here to learn,share and try to understand. Its enough and its a lot.
 
eternal_noob said:
Check the backups.
Click to expand...
I would check the release history of Firefox, and see which version was released around that date. It's fairly safe to assume that OP had a somewhat older version. Sometimes people skip a few releases before updating, but I don't expect people to keep very good notes on what version they actually used. A 'version older than a specific release' is usually a good assumption.
 
You must log in or register to reply here.
Back
Top