Mobile Security news & analysis | SC Media Mobile Security

Mobile Security News and Analysis l SC Media

Exploited Android flaw ‘StrandHogg’ enables phishing overlays, malicious permissions

Attackers have been actively exploiting an Android vulnerability that allows malicious apps to display dangerous permission requests and phishing overlays under the guise of a legitimate app. Dubbed StrandHogg (an old Norse Viking term), the flaw resides in Android’s taskAffinity control setting, and can be successfully abused without having to first gain root access, according…

Facebook, Twitter ban malicious SDK that removed member info

Twitter warned its users that a software development kit (SDK) developed by oneAudience could have allowed that company to obtain account information. Facebook also posted a notice concerning not only the oneAudience SDK, but also for fellow SDK maker Mobiburn. OneAudience confirmed the problem and then shut down the SDK along with its associated websites…

Design flaw leaves Bluetooth devices vulnerable

An engineering and computer science professor and his team from The Ohio State University discovered a design flaw in low-powered Bluetooth devices that leaves them susceptible to hacking. Zhiqiang Lin, associate professor of computer science and engineering at the university, found the commonly used Bluetooth Low Energy devices, such as fitness trackers and smart speakers,…

Trump call with Sondland in Ukraine restaurant raises concerns over security breach

A mobile call between President Trump and U.S. EU ambassador, Gordon Sondland, as he sat in a restaurant in Kyiv, Ukraine, over the summer and heard by a member of the State Department’s diplomatic corps, opened the conversation up to the prying eyes and ears of foreign intelligence organizations. The breach of security protocol, referred…

System bug gives Facebook access to iPhone cameras

A bug in the latest version of iOS opens iPhone cameras as users peruse their Facebook feeds, letting the social media giant access the cameras. “We have seen no evidence of photos or videos being uploaded due to this bug,” a spokesman told the Guardian, confirming that glitch would let the Facebook app “navigate to…

49 Google Play app titles found to deliver pesky ads

Researchers recently uncovered 49 adware-laced Android apps that were downloaded from the Google Play store more than 3 million times, collectively, before they were reportedly removed. Many of the apps were disguised as games, video editors and stylized photo and filter programs. Sample titles included Cut Out Studio Pro, Tattoo Maker, Bubble Effect, CLOWN MASK,…

Imaginative attack scenarios elicit intrigue at NYU’s CSAW cyber event

Using AI to create artificial fingerprints that can unlock strangers’ phones… abusing electric vehicle charging stations to overwhelm the power grid… exploiting 3D printer technology to execute an all-new form of supply chain attack… These may have once sounded like far-flung ideas, but top cyber minds at New York University have been actively exploring such…

Google forms App Defense Alliance

Google has announced the creation of the App Defense Alliance, a collaboration of the search giant and three cybersecurity firms to vet apps prior to being placed in the Google Play Store. To accomplish this task ESET, Lookout, and Zimperium, gratis, will integrate their scanning engines with the Google Play Protect detection systems. “This will…

Next post in Security News