Mobile Security | SC Media

Mobile Security

Researchers devise method to track Bluetooth devices, despite built-in protections

Researchers from Boston University (BU) have discovered a way to circumvent anonymization protections on Bluetooth Low Energy devices, allowing potentially malicious actors to passively track the movements of these devices and their users. BLE devices rely on non-encrypted advertising messages to signal their availability to other devices to pair up. To prevent third-party actors from…

FTC lodges new set of complaints against alleged cell phone spammers

Sprint customer data breached via Samsung website flaw

Threat actors gained unauthorized access to an undisclosed number of Sprint customer accounts via a compromised Samsung website.   “On June 22, Sprint was informed of unauthorized access to your Sprint account using your account credentials via the Samsung.com ‘add a line’ website,” the wireless provider said in a letter to impacted customers posted on Scribd. “The…

Agent Smith Android malware infiltrates 25 million devices

A new variant of mobile malware dubbed “Agent Smith” has already infected 25 million devices, 15 million of which are in India. Check Point researchers discovered the malware disguised as a Google-related application that leverages known Android exploits and automatically replaces installed apps with malicious imitations without users’ knowledge or interaction, according to a July…

Inconvenience stores: Thieves steal $500K from users of 7-Eleven Japan’s new payment app

Convenience chain 7-Eleven Japan has suspended a brand new mobile cashless payment service after an authorized third party accessed approximately 900 user accounts and made fraudulent charges totally 55 million yen, or roughly $500,000 dollars. The service, 7pay, reportedly had only been launched three days earlier, and allows participating customers to automatically charge purchased goods…

WannaLocker ransomware found combined with RAT and banking trojan

Researchers are warning that a new version of WannaLocker – essentially a mobile derivative of WannaCry ransomware – has been enhanced with spyware, remote access trojan and banking trojan capabilities. Cybercriminals have been using the all-in-one malware package in a campaign targeting Brazilian banks and their Android mobile customers, according to a July 1 blog…

Cirque du Soleil app was an insecure high-wire act for show-goers, researcher says

A mobile app that was designed to enhance the experience of watching a touring Cirque du Soleil show left audience members’ devices vulnerable to an attack by others sharing the same public Wi-Fi network, according to a blog post today by researchers at ESET. The app corresponded to the show TORUK – The First Flight,…

Bouncing Golf campaign takes swing at Android users with info-stealing malware

A newly discovered cyber espionage campaign has been targeting Android users in the Middle East with malware designed to steal scores of device information, snoop on victims and potentially take over mobile devices. Known as GolfSpy, the malware is found in once-legitimate applications that have been repackaged to contain malicious code, according to a June…

Should companies based in authoritarian countries be permitted to invest in sensitive areas of another country’s economy?

5G technology promises to be truly revolutionary. Not only will it make communications virtually instantaneous, but it has the potential to unlock the ‘Internet of Things’. 5G could connect super high-speed internet, with almost no time lag, to physical objects so that they can be remotely controlled or even work autonomously. This could include anything…

applePatch

MacOS 0-Day Flaw exploits ‘Synthetic Clicks’

A security researcher with a history of finding bugs in Apple products discovered a zero-day vulnerability that can bypass Apple’s security protections with “synthetic clicks.” Security researcher Patrick Wardle demonstrated the bug, at the Object by the Sea security conference in Monaco, which affects macOS Mojave and takes advantage of ‘synthetic events’, a macOS automation…

applePatch

Apple patches AirPort Base Station Firmware

Apple released several patches to addressed several vulnerabilities in its 7.9.1 update concerning its AirPort Base Station Firmware. The update is available for AirPort Extreme and AirPort Time Capsule base stations with 802.11ac. The vulnerabilities that could allow a remote attacker to leak memory, cause a denial of service, cause arbitrary code execution, not delete…

Next post in Mobile Security