Mobile Security News, Articles and Updates

Uber's drunk passenger patent could be a 'privacy nightmare for consumers

Uber recently applied for a patent to use artificial intelligence to spot drunken drivers

U.S. counterspy warns World Cup travelers to leave electronics stateside

American's traveling to Russia for the World Cup games have been advised to leave their personal electronic devices stateside.

Tapplock Smart locks found to be physically and digitally vulnerable

Tapplock Smart locks contain several physical and digital vulnerabilities, each of which could allow an attacker to crack the lock with some attacks taking as little as two seconds to execute.

Device makers still shipping products with Android Debug Bridge enabled, despite risks

Mobile and IoT device manufacturers continue to ship products with the Android Debug Bridge feature automatically enabled -- a dangerous default setting that enables potential adversaries to connect to these devices.

Apple discloses new protections against snoopy apps and websites at WWDC event

Apple's newest enhancements to its Safari browser will inhibit websites and apps -- including Facebook -- from using cookies and fingerprinting techniques to track users across the internet.

Buffalo Wild Wings apologizes after racist tirade from hacked account

Buffalo Wild Wings apologized for a series of racist and vulgar tweets sent from its Twitter account which appears to have been hacked Friday night.

Apple releases security updates for macOS, tvOS, iOS and more

Apple released security updates for macOS High Sierra, Sierra, El Capitan, Safari, Windows iCloud, Safari and other Appel operating systems.

Mobile users ignore shady app permissions at their own risk, warns NY State Cyber Command

Mobile users who download untrustworthy apps on their phone often agree to dangerous permissions requests that give attackers essentially unfettered access to their devices' data and functions -- as demonstrated yesterday by two New York State Cyber Command employees at SC Media's RiskSec NY 2018 conference.

Face, iris scanners gaining ground on fingerprint readers as a security measure

The biometric side of the cybersecurity equation is getting ready to put fingerprint readers in its rear-view mirror as newer technologies coming into the market prove more capable.

Trump administration says close to deal to help ZTE, report

ZTE was also pegged by the intelligence community as posing a security risk to the U.S. after researchers discovered backdoors in its Android phones that could allow the monitoring of user behavior.

T-Mobile bug exposed personal customer data

A glitch in T-Mobile's employee website allowed anyone to look up customer account details.

Mozilla Firefox rolls out two step authentication

Mozilla announced the rollout of its two-step verification program for all Firefox Accounts designed without support for SMS-based codes.

Confucius cybergang shifts social engineering strategy for Android malware

The Confucius cybergang has recently altered its social engineering campaign in its on-going attempt to download Android malware on its victims.

Trump's mobile phone security questioned

While Barack Obama's Blackberry use was restricted during his presidency and former Secretary of State Hilary Clinton was pilloried for using her private smart device for work purposes, President Trump still wields at least two two devices issued to him by the government.

Researchers find abundance of legitimate apps used to stalk intimate partners

Researchers from various universities conducted what was described as the first large-scale study of apps used by stalkers to track their intimate partners.

Roaming Mantis malicious redirection campaign preys on Android, iOS and PC users

A recently discovered a DNS hijacking campaign that was found spreading banking trojan malware to Android smartphone users largely in Asia has expanded it reach to iOS and PC users as well, while targeting speakers of 27 different languages.

Sun Team's RedDawn campaign targets North Korean defectors and journalist

The second campaign from the "Sun Team" hacking group managed to sneak its way into the Google Play Store that actively targeted North Korean defectors.

Securus hacked after reports cops used it for tracking location

The hacker at the very least snatched a spreadsheet that housed 2,800 logins and passwords.

President Trump reverses position on ZTE ban despite security warnings, House committee rebukes

The Trump administration is working to lift sanctions on the Chinese telecommunications giant ZTE despite top intelligence officials' warnings that the company poses a security risk to the U.S.

Google may contractually require OEMs to perform regular patching

Google is looking into the possibility of requiring device manufacturers to regularly patch their devices, by incorporating such a provision into future OEM agreements, Google head of Android security David Kleidermacher announced in a presentation at the Google I/O Developer Conference last week.

Sens. Markey, Blumenthal call for FTC investigation of Google geolocation practices

Senators from Connecticut and Massachusetts have asked the Federal Trade Commission to investigate whether or not Google, through its Android devices, has deceitfully gathered geo-location data from device users.

Wyden demands FCC probe into wireless carriers allowing law enforcement "unrestricted" access to location data

Noting that law enforcement can obtain location data by going through a Securus web portal, Wyden asked what carriers were doing to prevent abuse of private customer data.

Chrome update for desktop operating systems repairs critical sandbox escape bug

Google's latest stable channel update for the Windows, Mac and Linux versions of Chrome fixes four vulnerabilities, including a critical bug that can lead to sandbox escape.

Mia Khalifa themed malware targets Android and Windows devices

Cybercriminals were spotted using the likes of a former adult film star to spread a multiplatform spyware disguised as an adult game.

LG patches RCE bug in smartphone keyboards

LG on Monday released a security update fixing a high-severity remote code execution vulnerability found in the default keyboards of all its mainstream smartphone models.

Select Volkswagen vehicles found susceptible to hack through Wi-Fi system

A Harman International auto entertainment system was once again at the center of a potential car hacking issue as Dutch researchers have used the device's Wi-Fi connection to exploit an open port enabling remote code execution.

SC Video: DHS's Vincent Sritapan discusses adopting mobile security solutions

SC Media's Rob Abel chats with DHS S&T's Vincent Sritapan discusses the adoption of mobile security solutions for federal agencies.

Dem lawmakers ask White House, Secret Service, for answers on security of Trump's personal Android use

Rep. Ted Lieu and Rep. Ruben Gallego have asked the White House Communications Agency, the Secret Service and the ODNI to answer a series of questions about the security of President Trump's personal Android use.

Proof of concept released for Nintendo Switch arbitrary code attack

Researchers released a coldboot vulnerability in Nintendo Switch devices which allows attackers to run full unauthenticated arbitrary code execution.

Apple updates fix code execution, privilege escalation and spoofing issues

Apple on Tuesday released security updates for the Safari browser and its MacOS and iOS operating systems, fixing a total of four vulnerabilities.