Articles about mobile security

spying

Evil third-party screens on smartphones are able to see all that you poke

Smartphone hackers can glean secrets by analysing touchscreen user interactions, according to new research. Boffins from Ben-Gurion University in Israel have shown it's possible to impersonate a user by tracking touch movements on smartphones with compromised third-party touchscreens, whether they're sending emails, conducting …
John Leyden, 10 Jul 2018
coders

Don't fear 1337 exploits. Sloppy mobile, phishing defenses a much bigger corp IT security threat

AppSec EU IT admins should focus on the fundamentals of network security, rather than worry about sophisticated state-sponsored zero-day attacks, mobile security expert Georgia Weidman told London's AppSec EU conference on Thursday. Weidman, founder and CTO of mobile security testing firm Shevirah, cut her teeth in the industry six …
John Leyden, 5 Jul 2018
OnePlus 6 product bottom up perspective

OnePlus 6 smartphone flash override demoed

The recently released ‪OnePlus 6‬ smartphone allows the booting of arbitrary images, security researchers at Edge Security have discovered. According to the researchers, the trick is possible using the fastboot boot image.img feature on the BBK Electronics phone – even when the bootloader is completely locked and in secure …
John Leyden, 12 Jun 2018
Possibly zombie woman holds laptop as blood runs down face in post apocalyptic future...

You're the IT worker in charge of securing the cloud for your company. Welcome to Hell

Once upon a time, you’d go into the office, do your work during the day at your desk, then leave everything behind and go home. Well, end users would - IT workers have been lugging home the on-call laptop since the dial-up modem was invented. Back then, securing the information and the IT assets of a desk-based workforce …
Sonia Cuff, 5 Feb 2018

What do you press when flaws in Bluetooth panic buttons are exposed?

Security researchers have uncovered flaws in Bluetooth-based panic buttons that, in a worst-case scenario, make the affected kit "effectively useless." Duo Labs put a range of Bluetooth-based personal protection devices – aka panic buttons – from ROAR, Wearsafem, and Revolar through their paces. These gadgets typically connect …
John Leyden, 29 Jan 2018
lock

Android ransomware DoubleLocker encrypts data and changes PINs

Crooks have come up with a strain of Android ransomware that both encrypts user data and locks victims out of compromised devices by changing PINs. DoubleLocker combines a cunning infection mechanism with two powerful tools for extorting money from its victims. "Its payload can change the device's PIN, preventing the victim …
John Leyden, 13 Oct 2017
Virtual money enters man's online wallet

Mo' money mo' mobile payments... Security risks? Whatever!

Analysis A survey on global mobile wallet adoption, published Tuesday, has sparked a lively debate about how banks and fintech might face off in the expanding market for mobile payments. Global payments software firm ACI Worldwide found that security concerns, while present, are not holding back uptake. Steven Murdoch, a security …
John Leyden, 6 Sep 2017
Vodafone adds payment cards to mobile wallet

UK not as keen on mobile wallets as mainland Europe and US

The UK is lagging behind other countries in mobile wallet adoption, according to a new survey out today. Consumers in the US and Europe are catching up with those in fast-growing economies in Asia and Latin America where mobile wallets have already become the dominant payment platform, according to an online survey of 6,000 …
John Leyden, 5 Sep 2017
Apple

Wallet-snatch hack: ApplePay 'vulnerable to attack', claim researchers

Black Hat USA Security researchers say they have come up with two separate "attacks" against ApplePay, highlighting what they claim are weaknesses in the mobile payment method. One of the attacks developed by the white hats, and presented at Black Hat USA yesterday, requires a jailbroken device to work, but the other assault does not. In …
John Leyden, 28 Jul 2017

No one still thinks iOS is invulnerable to malware, right? Well, knock it off

The comforting notion that iOS devices are immune to malicious code attacks has taken a knock following the release of a new study by mobile security firm Skycure. Malicious mobile apps in Apple's App Store are mercifully rare (XcodeGhost aside) compared to the comparative "Wild West" of the Google Play store, which has come …
John Leyden, 20 Jul 2017

Facebook users pwnd by phone with account recovery vulnerability

Facebook account recovery using pre-registered mobile numbers is poorly implemented and open to abuse, according to critic James Martindale. Martindale wrote an article on Medium, titled I kinda hacked a few Facebook accounts using a vulnerability they won't fix, highlighting his concerns in a bid to push the social network …
John Leyden, 17 Jul 2017

Paranoid Android: Antivirus app-makers resolve MitM vulnerability

An Android anti-malware application from Panda Mobile Security has been updated after researchers discovered that an insecure update mechanism left users vulnerable to man-in-the-middle attacks. Tom Moreton, a security researcher at Context, found that an insecure update mechanism in the product, which is available via Google …
John Leyden, 10 May 2017
Twitter Trump photo via Shutterstock

President Trump tweets from insecure Android, security boffins roll eyes

President Donald Trump is still using a conventional Android phone to post on Twitter since moving into the White House. The New York Times reports that the USA's newly installed president is using his old phone mainly to post to Twitter rather than make calls. Security experts nonetheless warn that Trump's use of a personal …
John Leyden, 26 Jan 2017
Karmera secured Pixel phone photo2 by Kaymera

Security hardened, pah! Expert doubts Kaymera's mighty Google's Pixel

The arrival of a security hardened version of Google’s supposed "iPhone killer" Pixel phone from Kaymera has received a sceptical reception from one expert. Kaymera Secured Pixel is outfitted with Kaymera’s own hardened version of the Android operating system and its security architecture. This architecture is made up of four …
John Leyden, 12 Jan 2017

Build your own IMSI slurping, phone-stalking Stingray-lite box – using bog-standard Wi-Fi

Black Hat EU Wi-Fi networks can tease IMSI numbers out of nearby smartphones, allowing pretty much anyone to wirelessly track and monitor people by their handsets' fingerprints. Typically, if you want to stalk and identify strangers via their IMSI numbers, you use a Stingray-like device, or any software-defined radio, that talks to …
John Leyden, 3 Nov 2016

App proves Rowhammer can be exploited to root Android phones – and there's little Google can do to fully kill it

Security researchers have demonstrated how to gain root privileges from a normal Android app without relying on any software bug. The unprivileged application is able to gain full administrative permissions by exploiting the Rowhammer vulnerability present in modern RAM chips. Essentially, malicious code can change the content …
John Leyden, 24 Oct 2016

Hacking mobile login tokens tricky but doable, says reverse-engineer

Mobile apps that generate on-screen tokens for two-factor authentication can be examined and cloned by malware, a security researcher warns. Fraudsters and crooks can take these clones and generate the codes necessary to login into bank accounts and other online services as their victims. Banks are increasingly relying on …
John Leyden, 2 Sep 2016
Android strapped to rocket. Photo by shutterstock

Two-speed Android update risk: Mobes face months-long wait

Motorola pushes out Android updates faster than any other manufacturer bar Google Nexus manufacturers, according to a new study. Mobile app metrics firm Apteligent examined device data for Samsung, LG, Sony, HTC, Motorola, and ZTE to determine which manufacturer pushes out OS updates the soonest. It compared the time it took …
John Leyden, 19 Aug 2016

Create a news alert about mobile security, or find more stories about mobile security.

Biting the hand that feeds IT © 1998–2018