Mobile Security News, Articles and Updates

Man-in-the-Disk attacks leave Android users exposed to data manipulation

Check Point researchers discovered a new attack surface for Android applications that leverages external storage, dubbed Man-in-the-Disk attacks.

Hundreds of Netflix, HBO, DirecTV and Hulu credentials for sale on dark web

In Aprils 2018, Irdeto researchers discovered 854 listings of OTT credentials from 69 unique sellers across more than 15 dark web marketplaces.

Omarosa recording her firing in Situation Room raises security concerns

Omarosa's firing occurred a month before the White House banned staffers from using their personal cellphones.

DHS-backed researchers spot serious vulnerabilities built into phones used by all major U.S. carriers

Kryptowire researchers funded by the Department of Homeland Security spotted vulnerabilities built into phones at all major U.S. carriers.

Hackers could spoof WhatsApp messages, sender names

Hackers could exploit the very things -- encryption and digital certificates -- that ensure privacy and provide authentication between devices, apps, and clouds.

Fortnite's Android version will require disabling security settings to install

Fortnite's Android version will be ditching the Google Play Store after a dispute over Google's 30 percent revenue share, opting instead to distribute through the Epic Games, the game's creator, website.

Report: DNC's chief security officer warns Democratic candidates to avoid ZTE, Huawei devices

Democratic candidates for political office have been warned by their party to avoid using devices by Chinese telecom companies ZTE Corp and Huawei, according to a report from Reuters last Friday.

Malicious Windows executable files hidden in Google Play Apps

Palo Alto Unit 42 researchers identified several Google Play apps infected with malicious Window's Executable Files.

Valedictorian allegedly stole $2M in cryptocurrency by hacking cell phones

A high school valedictorian who went on to attend the University of Massachusetts Boston is now being charged with stealing $2 million in cryptocurrency by hacking cell phones.

Kentucky city cites the risk of terrorism for not releasing surveillance details

When a local resident filed an Open Records Act request after noticing surveillance cameras had been installed in a public park without prior notice, the police department denied his request.

Android P security updates include hardware security module

Android has announced its latest version, Android P, will include several security improvements such as a hardware security module, improved biometric authentication, and protected confirmation.

Idaho inmates hack prison tablets, steal $225,000 in commissary credits

The Idaho Department of Corrections reported that 364 inmates hacked into tablets used in various penitentiary facilities crediting almost $225,000 worth of credits into their personal prison accounts.

Bluetooth vulnerability could allow man in the middle attacks

U.S. CERT issued an advisory note warning Bluetooth firmware or operating system software drivers are missing a required cryptographic step enabling man in the middle attacks to take place.

Free-for-all: Dangerous Android banking trojan's source code reportedly leaked

A dangerous mobile banking trojan that can infect even the most modern versions of Android has reportedly had its source code leaked online -- a development that could spur on attacks from myriad actors who benefit from this windfall.

SmartTVs, mobile devices susceptible to Satori Mirai variant

A new exploit is taking advantage of the on-going open port problem that plague many IoT devices by using TCP port 5555 to spread the Satori variant of the Mirai botnet.

NIST developing guidelines on mobile app testing and vetting

The National Institute of Standards and Technology (NIST) has issued a revised draft and a call for public comment for Special Publication 800-163 Vetting the Security of Mobile Applications that is designed to give organizations basic guidance on app security.

U.S. lifts ZTE ban amid congressional concerns, company shares jump

The company has paid a $1.4 billion fine, $400 million of which goes into escrow at a U.S. bank, and changed its management and board to meet terms laid out by the U.S.

Israel indicts man for allegedly trying to sell spy company's secrets

Charges include trying to damage property in a way that would harm national security, theft by an employee, activities to market defense material without a permit, and obstruction and interfering with computer material.

Reports: Israel military says Hamas spied on troops using fake World Cup, dating apps

Israeli soldiers have recently been enticed into downloading malicious Android World Cup and dating apps that secretly allowed Hamas militants to spy on their fellow troops, according to various reports citing Israeli military intelligence

Samsung glitch randomly sends users pictures to contacts

A glitch in Samsung's Messaging app is causing user's phones to quietly send picture messages to random contacts without leaving a trace on the sender's phone.

RAMpage vulnerability impacts every Android device since 2012

Dubbed RAMpage, the vulnerability, tracked as CVE-2018-9442, is a variation of the Rowhammer attack and is caused by a hardware bug in memory cards.

Customers still trust social media and messaging apps to secure data, study

Researchers surveyed 1,500 U.S. customers and found that despite recent social media user data controversy, the majority of consumers still trust their apps to use their data in honorably.

Uber's drunk passenger patent could be a 'privacy nightmare for consumers

Uber recently applied for a patent to use artificial intelligence to spot drunken drivers

U.S. counterspy warns World Cup travelers to leave electronics stateside

American's traveling to Russia for the World Cup games have been advised to leave their personal electronic devices stateside.

Tapplock Smart locks found to be physically and digitally vulnerable

Tapplock Smart locks contain several physical and digital vulnerabilities, each of which could allow an attacker to crack the lock with some attacks taking as little as two seconds to execute.

Device makers still shipping products with Android Debug Bridge enabled, despite risks

Mobile and IoT device manufacturers continue to ship products with the Android Debug Bridge feature automatically enabled -- a dangerous default setting that enables potential adversaries to connect to these devices.

Apple discloses new protections against snoopy apps and websites at WWDC event

Apple's newest enhancements to its Safari browser will inhibit websites and apps -- including Facebook -- from using cookies and fingerprinting techniques to track users across the internet.