Mobile Security | SC Media

Mobile Security

Reports: Israeli officials’ devices hacked; data possessed by Iran

By

Hackers stole information from former Israeli prime minister Ehud Barak’s computer and phone months ago and sold it to Iran, according to multiple news outlets, citing a TV report by Israel’s Channel 12 this past weekend. The news reportedly broke several days after a separate Channel 12 story that said Iranian intelligence directly hacked the…

Malicious SDK installs SimBad adware on apps downloaded millions of times

By

The developers of 210 mobile applications found on the Google Play Store were apparently tricked into building their programs using a malicious software developer kit that secretly implanted adware in their apps. The apps, many of which were packaged as driving or racing simulator games, were downloaded nearly 150 million times by Android device users,…

iphone

Facebook phishing campaign hitting iOS users

By

A new phishing campaign targeting mainly iOS users asking them to login in with their Facebook account and give away their credentials. The report by Myki said the attackers create fake copies of legitimate sites to attract victims. The victim is then asked to login in using his or her social media credentials, like Facebook.…

Android officially adopts FIDO2 authentication standard as alternative to passwords

By

Google’s Android operating system is now certified to employ the FIDO2 open authentication standard, a development that could help owners of more than a billion Android devices phase out the use of passwords when logging in to online services. As an alternative to potentially insecure passwords, FIDO2 instead offers the option of using fingerprints or…

Google Play announces 2019 malicious app crackdown

By

Google Play announced it will continue its crackdown on malicious apps into 2019 by focusing more on user privacy, developer integrity and harmful app contents and behavior. Google said it plans to introduce additional policies for device permissions and user data throughout the year, according to a Feb. 13 blog post. “In addition to identifying…

Adiantum boosts encryption for low-end Android devices

By

Google has developed a new storage encryption solution that will boost encryption capabilities for low-end Android devices that don’t have the hardware to support AES. Researchers said the new solution, called Adiantum, allows the use of the ChaCha stream cipher “in a length-preserving mode, by adapting ideas from AES-based proposals for length-preserving encryption such as HCTR and HCH,”…

Report: Apple demands companies obtain consent before recording users’ app sessions

By

Apple has reportedly issued an ultimatum to companies that rely on “session replay” tools to track the way users interact with their iPhone apps: disclose the practice and seek explicit consent for it, or be removed from the app store. Apple’s mandate comes after a TechCrunch report last Wednesday revealed that Air Canada, Hollister, Expedia,…

Amazon Logo

National Enquirer threat to reveal intimate Bezos pics trains focus on privacy protection

By

By going public with alleged extortion attempts, Amazon CEO Jeff Bezos may have thwarted the National Enquirer’s attempts to quash the Washington Post’s probe into the tabloid media company’s practices, but the incident also turned a harsh spotlight on unethical, potentially illegal acts and ratcheted up concerns about privacy. In a Thursday blog post, Bezos…

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple patches two flaws reportedly exploited in zero-day attacks; also nixes FaceTime eavesdropping bug

By

Apple yesterday released security updates for iOS and macOS Mojave, repairing four vulnerabilities, including two that a Google researcher says were exploited in the wild as zero days. The two exploited flaws consisted of memory corruption issues caused by insufficient input validation. The first, CVE-2019-7286, is a privilege escalation vulnerability in the Foundation framework that…

spyware

Cybercriminals secretly bundle anti-censorship app with spyware framework

By

A legitimate application that’s supposed to help users access censored or blocked websites was secretly bundled with Android spyware and made available for download on third-party marketplaces last year. The app, known as Psiphon and packaged as com.psiphon3, has been safely downloaded from the official Google Play Store over 50 million times. But users who attained…

Next post in Security News