Mobile Security | SC Media

Mobile Security

Google camera app flaw endangered millions of devices

A vulnerability in the Google Camera Application left millions of Google and Samsung smartphones open to being potentially abused potentially letting a malicious actor to take photos, download images and video and listen in to phone calls. The flaw, CVE-2019-2234, is a permission bypass issue that enables real-time access to a phone through the camera…

49 Google Play app titles found to deliver pesky ads

Researchers recently uncovered 49 adware-laced Android apps that were downloaded from the Google Play store more than 3 million times, collectively, before they were reportedly removed. Many of the apps were disguised as games, video editors and stylized photo and filter programs. Sample titles included Cut Out Studio Pro, Tattoo Maker, Bubble Effect, CLOWN MASK,…

Imaginative attack scenarios elicit intrigue at NYU’s CSAW cyber event

Using AI to create artificial fingerprints that can unlock strangers’ phones… abusing electric vehicle charging stations to overwhelm the power grid… exploiting 3D printer technology to execute an all-new form of supply chain attack… These may have once sounded like far-flung ideas, but top cyber minds at New York University have been actively exploring such…

Patched bug allows beaming of malicious apps to NFC-enabled Android devices

Google last month patched an Android bug that could allow attackers to transfer a malicious application to a nearby NFC-enabled device via the Android Beam feature, bypassing security mechanisms in the process. The vulnerability was discovered in early 2019 by the research team at Nightwatch Cybersecurity, which late last month published a company blog post…

APT 41 using MessageTap malware to gather SMS traffic

A new malware that is being deployed by the Chinese hacking group APT 41 monitors SMS traffic and other mobile information en masse and is being used against a telecommunications firm to target specific customer phone numbers. The malware, called MessageTap, has been used in cyberespionage and financially motivated attacks, reported FireEye. MessageTap was first…

Facebook sues surveillance tool provider and hosts of hacking websites

Facebook this week filed a lawsuit against a reputed spyware provider that allegedly exploited a WhatsApp vulnerability to enable smartphone hacking, and also pursued legal action against the domain hosts of multiple websites that allegedly offer tools for hacking the social network. On Tuesday, Facebook and its encrypted messaging subsidiary WhatApp filed a complaint against…

mobile security

Kernel privilege escalation bug actively exploited in Android devices

Researchers have discovered a zero-day kernel privilege escalation bug that can result in the full compromise of certain Android devices and is apparently being exploited in the wild. Devices known to be affected by the high-level, use-after-free vulnerability include the Pixel 1, 1X:, 2 and 2 XL; the Huawei P20; the Xiaomi Redmi 5A; the…

Criminals’ security lapses enable discovery of Geost mobile banking trojan

Thanks in no small part to the perpetrators’ own sloppy operational security, researchers have uncovered a large Android banking trojan scheme that may have impacted hundreds of millions of Russians. Dubbed Geost, the malware is distributed via a malicious cybercriminal botnet operation consisting of 13 command-and-control servers and more than 140 malicious domains, according to…

New checkm8 exploit can jailbreak millions of iOS devices

An independent researcher who goes by the Twitter handle axi0mX has discovered and published an iOS jailbreak exploit that applies to hundreds of millions of devices and cannot be patched. Named checkm8, the exploit leverages a race condition vulnerability found in the bootrom, a read-only memory chip that contains the first code that initially loads…

Apple updates software, fixes flaw affecting third-party keyboard apps

Apple last week released a series of software updates that repaired vulnerabilities in iOS, iPadOS, macOS Mojave, macOS High Sierra, macOS Sierra, watchOS, tvOS, Apple TV Software and Safari. This included a fix for an iOS/iPadOS flaw that, due to improper sandbox restrictions, can grant third-party keyboard extensions full access to iPhone, iPad and iPod…

Next post in Security News