Articles about mobile security

UEFA's Euro 2016 app is airing football fans’ privates in public

The official UEFA Euro 2016 app is leaking football fans’ personal data, security researchers warn. The app is transmitting user credentials - including usernames, passwords, addresses and phone numbers - over an insecure internet connection, mobile security outfit Wandera discovered. The lack of encryption in the app, which …
John Leyden, 1 Jul 2016
Silhouette of spy discerning password from code uses a command on graphic user interface

SS7 spookery on the cheap allows hackers to impersonate mobile chat subscribers

Flaws in the mobile signalling protocols can be abused to read messaging apps such as WhatsApp and Telegram. Security researchers at Positive Technologies found they can intercept messages and respond as if they were the intended recipient in services such as WhatsApp or Telegram. This is not a man in the middle attack: …
John Leyden, 10 May 2016

Apple needs silver bullet to slay App Store's escaped undead – study

Online software bazaars – such as Apple's App Store and Google Play – need to claim responsibility for "dead applications" and notify people when their programs have been revoked or removed, a study by security firm Appthority recommends. “Dead apps” are those that have been removed from an app store, but remain on devices – …
John Leyden, 6 May 2016

Google can't hold back this malware running riot in its Play store

Security researchers have discovered a strain of Android malware that keeps finding its way onto Google Play – despite the store supposedly being scrubbed clean of infiltrated apps. The software nasty – Android.Spy.277.origin – is hidden in more than 100 applications on Google Play. Sketchy programs harboring the malware …
John Leyden, 26 Apr 2016
Ted Cruz

Ted Cruz knows where you live – if you downloaded his app

Many US presidential primary apps gather users’ personal information and leave their sensitive data vulnerable to attackers, security researchers at Symantec warn. Data exchanged through many of the apps can be intercepted by attackers and shared with third parties because of weak security practices. Symantec analysed the …
John Leyden, 26 Apr 2016
Kinder egg on a bed of Kinder chocs. Photo by Radu Bercan/Shutterstock/Editorial use only

Magic Kinder app developer: Surprise! No security holes

Developers have responded to warnings about massive privacy problems with the Magic Kinder App for children by casting off insecure code, dropping poorly implemented functionality in the process. A lack of encryption within the Magic Kinder smartphone app and other security shortcomings created a severe security risk, as …
John Leyden, 14 Apr 2016
Android figurine (silver) hangs off building at Mountain View HQ. Photo by Nick Fox, Shutterstock.com</a>

Academics claim Google Android two-factor authentication is breakable

Computer security researchers warn security shortcomings in Android/Playstore undermine the security offered by all SMS-based two-factor authentication (2FA). The issue - first reported to Google more than a year ago - revolves around an alleged security weakness rather than a straightforward software vulnerability. The …
John Leyden, 8 Apr 2016
SHUT UP!

Surprise! Magic Kinder app could let hackers send vids to your kids

Security watchers have warned of massive privacy problems with the Magic Kinder App for children. A lack of encryption within the Magic Kinder smartphone app and other security shortcomings open the doors for all sorts of exploits, they claim. Hacktive Security alleges that a malicious user could "read the chat of the …
John Leyden, 5 Apr 2016

Infosec bods pop mobile money crypto by 'sniffing' e-mag radiation

Researchers have broken the encryption schemes used in mobile money transfers by “sniffing” electromagnetic radiation from smartphones. The work, by researchers from the Check Point Institute for Information Security at Tel Aviv University and the University of Adelaide, offers further evidence that TEMPEST-style side channel …
John Leyden, 17 Mar 2016
Mobile banking, image via Shutterstock

NatWest tightens online banking security after hacks' 'hack' exposé

NatWest is tightening up its internet banking systems after security shortcomings were exposed by journalists. BBC hacks were able to hijack a colleague's NatWest online bank account and transfer money without knowing her password. The UK bank's parent, Royal Bank of Scotland (RBS) Group, is also shoring up its security. …
John Leyden, 8 Mar 2016

iOS app that smuggled pirated software into China is booted out of Apple's walled garden

A dodgy application that evaded Apple's hardline code reviewers and made it into Cupertino's official App Store has been turfed out. The program – which featured a hidden smugglers' cove of software – was ejected after it was fingered by third-party security researchers. The team at Palo Alto Networks explained over the …
John Leyden, 22 Feb 2016

Android Xbot trojan poses as banking app, nicks your login creds

Miscreants have crafted a new attack designed to steal banking credentials and credit card information via phishing pages crafted to mimic Google Play’s payment interface. The so-called Xbot trojan also weaves its malicious spell by presenting victims with login pages of seven different banks’ apps, six of which relate to …
John Leyden, 19 Feb 2016

Android device manager app vuln leaves millions at risk of pwnage

Flaws in a widely used Android device manager app leave users at risk of phone data hijacking and malicious code execution unless they update their smartphones, security researchers warn. Flaws in the AirDroid, a free device manager app which allows users to access their Android devices through their computers, leave an …
John Leyden, 19 Feb 2016

When it comes to spaffing your login creds, Android biz apps are the business

Business apps for Android are three times more likely to leak login credentials than the average app, according to a new study by security firm NowSecure. An analysis of more than 400,000 apps available from the Google Play store discovered that a quarter of all apps have at least one high risk security flaw, with 11 per cent …
John Leyden, 12 Feb 2016

For pity's sake, enterprises, upgrade your mobile OS - report

Nine out of 10 enterprise mobile devices are using out-of-date operating systems, according to a new study, with upgrade issues increasing users' exposure to breaches, Duo Security warns. The analysis of more than one million actual iOS and Android mobile devices users in enterprises revealed that running updates is still hit …
John Leyden, 20 Jan 2016
shutterstock_197375177-doctor

UK NHS-backed health apps 'riddled with security flaws'

As if striking junior doctors weren’t enough, the UK's NHS also has technology worries, according to a study by app security firm Arxan. All of the NHS-approved apps Arxan audited lacked binary protection against code tampering, and most also lacked adequate protection in the transport layer. Flaws also emerged in FDA-approved …
John Leyden, 13 Jan 2016
Mobile banking, image via Shutterstock

iOS banking apps security still not good enough, says researcher

The security of mobile banking apps has improved over the last two years but there’s still scope for improvement. Ariel Sanchez, security consultant for IOActive, has revisited research into the topic first conducted two years ago to see if there’s been any improvement. Although security has increased over the two years, many …
John Leyden, 18 Dec 2015
fail_parking_meter_648

Car parking mobile apps are vulnerable to hacking, say infosec folk

Mobile parking apps are often insecure, according to an investigation by security researchers at NCC Group. Firms running paid-for parking schemes across the UK are introducing mobile applications as an alternative to paying with coins and/or card at the parking meter. Parking vendors generally cater for customers using Apple …
John Leyden, 11 Dec 2015

Create a news alert about mobile security, or find more stories about mobile security.

Biting the hand that feeds IT © 1998–2018