Mobile Security news & analysis | SC Media

Mobile Security News and Analysis l SC Media

StrandHogg 2.0 bug enables Android app hijacking, poses patching challenge

A critical elevation-of-privilege vulnerability found in Android devices could potentially be exploited, without root access or user permission, to hijack virtually all mobile apps in order to spy on individuals or steal their login credentials. Google has developed a security patch for Android versions 8, 8.1 and 9 — alerting its partners of the update…

Hacker group announces jailbreak for iOS 11 – 13.5

Users of iPhones, iPads and iPod Touches that run on iOS 11 through 13.5 can now jailbreak their devices with new downloadable software from the hacking group Unc0ver. The jailbreak is reportedly made possible thanks to a zero-day kernel vulnerability discovered by Unc0ver hacker @Pwn20wnd. [1, 2, 3] Jailbreaks are hotly anticipated events for certain tech…

Device owners demand opt-out power from COVID-19 contact tracing apps

To encourage widespread acceptance of Bluetooth-based COVID-19 contact tracing applications, developers should allow consumers to opt out of data sharing at any time, and they should also be more forthcoming about their security efforts and data usage, according to the results of a new survey. For the study, Checkmarx polled 1,500 Americans and found that…

Mobile Flaws

44M leaked Pakistani mobile user records apparently belong to Jazz

A month after hacker peddled 115 million records of Pakistani mobile users, information on 44 million of them have been leaked online. The data leaked include PII and other information such as mobile and landline numbers, names, addresses, subscriptions and national identification numbers, according to ZDNet, which, after comparing the 44 million records to 55…

‘About Coronavirus’ app locks Android screens with repackaged malware

An existing version of the Android device screen-locking malware SLocker has apparently been copied and repackaged in the form of a mobile coronavirus app, in hopes of drawing in victims and encouraging downloads from third-party marketplace sites. Researchers at Bitdefender found the malicious app, which has been targeting users in Ukraine, Russia, Kazakhstan, Turkmenistan and…

Banking trojan attack exposes dangers of not securing MDM solutions

A global conglomerate had 75 percent of its mobile devices infected by a variant of the Cerberus Android banking trojan after an attack compromised the company’s mobile device management (MDM) server and used it to spread the malware. In a company blog post report, Check Point Software Technologies identifies MDM as a fairly novel malware…

PluginPhantom

PhantomLance campaign slipped trojanized apps into marketplaces for years

A long-running malware campaign whose activity dates back to 2016 has been using a sophisticated playbook of tricks to sneak trojanized Android apps into the Google Play Store as well as third-party marketplaces. Researchers from Kaspersky have dubbed the campaign PhantomLance and, based on certain calling cards, have attributed it with medium confidence to the…

20M Aptoide accounts exposed by leak on hacker forum

More than 20 million accounts registered with the software marketplace application Aptoide have been reportedly exposed after a unknown actor posted stolen user data on a hacking forum. Researchers with Under the Breach discovered the data dump and disclosed the incident via Twitter. ZDNet reported additional details the same day. Aptoide is a blockchain-based decentralized…

Security in 2015: Biometrics

Researchers fool devices’ biometric scanners with replicated fingerprints

Researchers at Cisco Talos said they were able to fool biometrics-based user authentication technology on eight mobile devices by using 3D-printed molds to create replicates of users’ fingerprints. The process Talos researchers developed to fabricate a user’s biometric signature required a painstaking effort, and in real life would require either direct or indirect access to…

Next post in Security News