Mobile Security | SC Media

Mobile Security

Google updates Chrome for desktop, Android

By

Google yesterday issued a stable channel update for the desktop version of its Chrome browser for Windows, Mac and Linux, addressing a high-level vulnerability in the process. The bug, CVE-2018-17481, is a use after free flaw in PDFium that was originally repaired in an earlier Chrome release. However, yesterday’s update to version 71.0.3578.98 introduces additional…

Syrian Electronic Army claims it obtained U.S. Central Command docs via hack

Researchers: Syrian Electronic Army targeting secure messaging app users with spyware

By

The Syrian Electronic Army hacker group has reportedly been investing heavily in a scheme to infect Android device users with a spyware tool hidden inside fake app updates. Known for its ardent support of Syrian President Bashar al-Assad, the threat group is targeting in particular  users of secure messaging apps such as WhatsApp and Telegram. The SEA is…

Apple releases security updates for iOS, iTunes, more

By

Apple has released security updates for several of its products to address vulnerabilities that could allow an attacker to take control of an infected system. The vulnerabilities affect  iCloud for Windows, Safari, iTunes, various macOS versions, tvOS and iOS, among other products, according to a Dec. 5 US-CERT advisory. “NCCIC encourages users and administrators to…

Tackling the security complexity in 5G IoT devices

By Yogendra Shah, Senior Principal Engineer, InterDigital IoT is one of three major use cases driving the development of 5G and it brings untold complexity and inherent risk that threatens to undermine the opportunity even before it gets started. 5G networks are expected to connect tens of billions of IoT devices, and, as opposed to…

The Chaos Computer Club (CCC) became the first group to bypass Apple's Touch ID.

Fake fitness apps steal money using Apple’s Touch ID feature

By

Apple has removed a pair of fake fitness apps from its App Store after they tricked users into making expensive purchases via the Touch ID biometrics feature. Named the “Fitness Balance app” and “Calories Tracker app,” the two malicious programs cleverly instruct victims to scan their fingerprints in order to view their personalized calorie tracker and…

Drake’s Fortnite account hacked, Travis Scott may also be affected

By

After taking home a Soul Train Award Toronto rapper Drake may be looking to change his Fortnite account password after someone hijacked his account to spew racial slurs during a charity livestream event. Livestreamer Tyler “Ninja” Blevins was streaming for The Ellen Fund, a wildlife conservation fund created by Ellen host Ellen DeGeneres, when he received an invite…

Automakers pen 'privacy principles' for in-car technology

Taken for a ride: Malicious driving game apps installed half a million times

By

A malicious actor recently smuggled 13 malicious apps disguised as driving simulator games into Google Play, resulting in more than 560,000 installations before they were removed. Each of the sketchy apps was found to download and launch in the background an additional malicious APK, titled “Game Center.” This APK hides its own icon and displays ads…

Privilege escalation bug patched in Accelerated Mobile Pages WordPress plug-in

By

A WordPress plug-in used to build faster-loading web pages was discovered to contain a privilege escalation vulnerability that allows unauthorized attackers to inject malicious HTML code into the main page. In a company blog post yesterday, researchers at WebARX disclosed the bug, which resides in the “MP for WP – Accelerated Mobile Pages” plug-in. The…

Google’s first Android security transparency report highlights dangers of third-party app stores

By

Android users who download from Google Play are less likely to install potentially harmful apps than those who download from unofficial third-party stores, according to the inaugural edition of Google’s quarterly Android Ecosystem Security Transparency Report. The data published in the online report last Thursday was collected from users who enabled the Google Play Protect…

A flaw that allowed users to break through the passcode screen was eliminated in iOS 7.0.2.

Group FaceTime for iOS exposes users’ full contact info

By

A researcher has apparently found a way to exploit the new Group FaceTime feature in iOS 12.1 in order to access iPhone users’ contact information. The Hacker News has reported that Spanish researcher Jose Rodriguez made the discovery just hours after the release of version 12.1 last Oct. 31, and subsequently created a video of his…

Next post in Mobile Security