Articles about mobile security

Lock on a board. Photo by shutterstock

Chinese Android smartphone firm: It packs a dedicated crypto chip

Chinese smartphone manufacturer Gionee has released a device with a dedicated encryption chip it calls "equivalent to a black box" that offers the "most advanced" mobile data protection to date. Experts we asked were sceptical about the claims, which at minimum show that improved security is becoming a differentiator in the …
John Leyden, 2 Aug 2016
Pokemon Go game

Silently clicking on porn ads you can't even see – this could be you...

Security firms have repeated warnings that unofficial versions of Pokemon Go are likely tainted with spyware or trojans. RiskIQ has found more than 215 unofficial versions of the app in more than 21 app stores. Separately security researchers at security software firm ESET warn that the first ever fake lockscreen app on the …
John Leyden, 15 Jul 2016

You really do want to use biometrics for payments, beam banks

Two in three European consumers actively want to use biometric technology when making payments, according to a new Visa-sponsored survey. Nearly three in four (73 per cent) see two-factor authentication – where a form of biometrics is used in conjunction with a payment device – as a secure payment authentication method. More …
John Leyden, 14 Jul 2016

UEFA's Euro 2016 app is airing football fans’ privates in public

The official UEFA Euro 2016 app is leaking football fans’ personal data, security researchers warn. The app is transmitting user credentials - including usernames, passwords, addresses and phone numbers - over an insecure internet connection, mobile security outfit Wandera discovered. The lack of encryption in the app, which …
John Leyden, 1 Jul 2016
Silhouette of spy discerning password from code uses a command on graphic user interface

SS7 spookery on the cheap allows hackers to impersonate mobile chat subscribers

Flaws in the mobile signalling protocols can be abused to read messaging apps such as WhatsApp and Telegram. Security researchers at Positive Technologies found they can intercept messages and respond as if they were the intended recipient in services such as WhatsApp or Telegram. This is not a man in the middle attack: …
John Leyden, 10 May 2016

Apple needs silver bullet to slay App Store's escaped undead – study

Online software bazaars – such as Apple's App Store and Google Play – need to claim responsibility for "dead applications" and notify people when their programs have been revoked or removed, a study by security firm Appthority recommends. “Dead apps” are those that have been removed from an app store, but remain on devices – …
John Leyden, 6 May 2016

Google can't hold back this malware running riot in its Play store

Security researchers have discovered a strain of Android malware that keeps finding its way onto Google Play – despite the store supposedly being scrubbed clean of infiltrated apps. The software nasty – Android.Spy.277.origin – is hidden in more than 100 applications on Google Play. Sketchy programs harboring the malware …
John Leyden, 26 Apr 2016
Ted Cruz

Ted Cruz knows where you live – if you downloaded his app

Many US presidential primary apps gather users’ personal information and leave their sensitive data vulnerable to attackers, security researchers at Symantec warn. Data exchanged through many of the apps can be intercepted by attackers and shared with third parties because of weak security practices. Symantec analysed the …
John Leyden, 26 Apr 2016
Kinder egg on a bed of Kinder chocs. Photo by Radu Bercan/Shutterstock/Editorial use only

Magic Kinder app developer: Surprise! No security holes

Developers have responded to warnings about massive privacy problems with the Magic Kinder App for children by casting off insecure code, dropping poorly implemented functionality in the process. A lack of encryption within the Magic Kinder smartphone app and other security shortcomings created a severe security risk, as …
John Leyden, 14 Apr 2016
Android figurine (silver) hangs off building at Mountain View HQ. Photo by Nick Fox, Shutterstock.com</a>

Academics claim Google Android two-factor authentication is breakable

Computer security researchers warn security shortcomings in Android/Playstore undermine the security offered by all SMS-based two-factor authentication (2FA). The issue - first reported to Google more than a year ago - revolves around an alleged security weakness rather than a straightforward software vulnerability. The …
John Leyden, 8 Apr 2016
SHUT UP!

Surprise! Magic Kinder app could let hackers send vids to your kids

Security watchers have warned of massive privacy problems with the Magic Kinder App for children. A lack of encryption within the Magic Kinder smartphone app and other security shortcomings open the doors for all sorts of exploits, they claim. Hacktive Security alleges that a malicious user could "read the chat of the …
John Leyden, 5 Apr 2016

Infosec bods pop mobile money crypto by 'sniffing' e-mag radiation

Researchers have broken the encryption schemes used in mobile money transfers by “sniffing” electromagnetic radiation from smartphones. The work, by researchers from the Check Point Institute for Information Security at Tel Aviv University and the University of Adelaide, offers further evidence that TEMPEST-style side channel …
John Leyden, 17 Mar 2016
Mobile banking, image via Shutterstock

NatWest tightens online banking security after hacks' 'hack' exposé

NatWest is tightening up its internet banking systems after security shortcomings were exposed by journalists. BBC hacks were able to hijack a colleague's NatWest online bank account and transfer money without knowing her password. The UK bank's parent, Royal Bank of Scotland (RBS) Group, is also shoring up its security. …
John Leyden, 8 Mar 2016

iOS app that smuggled pirated software into China is booted out of Apple's walled garden

A dodgy application that evaded Apple's hardline code reviewers and made it into Cupertino's official App Store has been turfed out. The program – which featured a hidden smugglers' cove of software – was ejected after it was fingered by third-party security researchers. The team at Palo Alto Networks explained over the …
John Leyden, 22 Feb 2016

Android Xbot trojan poses as banking app, nicks your login creds

Miscreants have crafted a new attack designed to steal banking credentials and credit card information via phishing pages crafted to mimic Google Play’s payment interface. The so-called Xbot trojan also weaves its malicious spell by presenting victims with login pages of seven different banks’ apps, six of which relate to …
John Leyden, 19 Feb 2016

Android device manager app vuln leaves millions at risk of pwnage

Flaws in a widely used Android device manager app leave users at risk of phone data hijacking and malicious code execution unless they update their smartphones, security researchers warn. Flaws in the AirDroid, a free device manager app which allows users to access their Android devices through their computers, leave an …
John Leyden, 19 Feb 2016

When it comes to spaffing your login creds, Android biz apps are the business

Business apps for Android are three times more likely to leak login credentials than the average app, according to a new study by security firm NowSecure. An analysis of more than 400,000 apps available from the Google Play store discovered that a quarter of all apps have at least one high risk security flaw, with 11 per cent …
John Leyden, 12 Feb 2016

For pity's sake, enterprises, upgrade your mobile OS - report

Nine out of 10 enterprise mobile devices are using out-of-date operating systems, according to a new study, with upgrade issues increasing users' exposure to breaches, Duo Security warns. The analysis of more than one million actual iOS and Android mobile devices users in enterprises revealed that running updates is still hit …
John Leyden, 20 Jan 2016

Create a news alert about mobile security, or find more stories about mobile security.

Biting the hand that feeds IT © 1998–2018