Articles about mobile security

Archer cracks the ISIS mainframe's password

Vodafone hounds Czech customers for bills after they were brute-forced with Voda-issued PINs

Two crooks scammed Vodafone customers in the Czech Republic out of $26,000 thanks to weak telco-issued PIN codes. Vodafone preset the online passwords for their customers with a numerical password of 4-6 digits. A pair of chancers with no technical skills were able to launch a brute-force attack that reportedly involved trying …
John Leyden, 7 Sep 2018
Sad Android

We're all sick of Fortnite, but the flaw found in its downloader is the latest way to attack Android

A newfound way to hack Android using a technique dubbed "Man-in-the-Disk" is central to the recent security flap about Fortnite on the mobile platform. Man-in-the-Disk can circumvent sandboxes and infect a smartphone or tablet using shared external storage through a seemingly harmless Android application. Sandboxing isolates …
John Leyden, 29 Aug 2018
Tablet-based payment system

You can't always trust those mobile payment gadgets as far as you can throw them – bugs found by infosec duo

Black Hat Those gadgets and apps used by small shops and traders to turn their smartphones and tablets into handheld sales terminals? Quite possibly insecure, you'll no doubt be shocked to discover. These mobile terminals are often seen in cafes, gyms, and other modest-sized businesses to take non-cash payments. The merchant taps out a …
John Leyden, 10 Aug 2018
spying

Evil third-party screens on smartphones are able to see all that you poke

Smartphone hackers can glean secrets by analysing touchscreen user interactions, according to new research. Boffins from Ben-Gurion University in Israel have shown it's possible to impersonate a user by tracking touch movements on smartphones with compromised third-party touchscreens, whether they're sending emails, conducting …
John Leyden, 10 Jul 2018
coders

Don't fear 1337 exploits. Sloppy mobile, phishing defenses a much bigger corp IT security threat

AppSec EU IT admins should focus on the fundamentals of network security, rather than worry about sophisticated state-sponsored zero-day attacks, mobile security expert Georgia Weidman told London's AppSec EU conference on Thursday. Weidman, founder and CTO of mobile security testing firm Shevirah, cut her teeth in the industry six …
John Leyden, 5 Jul 2018
OnePlus 6 product bottom up perspective

OnePlus 6 smartphone flash override demoed

The recently released ‪OnePlus 6‬ smartphone allows the booting of arbitrary images, security researchers at Edge Security have discovered. According to the researchers, the trick is possible using the fastboot boot image.img feature on the BBK Electronics phone – even when the bootloader is completely locked and in secure …
John Leyden, 12 Jun 2018
Possibly zombie woman holds laptop as blood runs down face in post apocalyptic future...

You're the IT worker in charge of securing the cloud for your company. Welcome to Hell

Once upon a time, you’d go into the office, do your work during the day at your desk, then leave everything behind and go home. Well, end users would - IT workers have been lugging home the on-call laptop since the dial-up modem was invented. Back then, securing the information and the IT assets of a desk-based workforce …
Sonia Cuff, 5 Feb 2018

What do you press when flaws in Bluetooth panic buttons are exposed?

Security researchers have uncovered flaws in Bluetooth-based panic buttons that, in a worst-case scenario, make the affected kit "effectively useless." Duo Labs put a range of Bluetooth-based personal protection devices – aka panic buttons – from ROAR, Wearsafem, and Revolar through their paces. These gadgets typically connect …
John Leyden, 29 Jan 2018
lock

Android ransomware DoubleLocker encrypts data and changes PINs

Crooks have come up with a strain of Android ransomware that both encrypts user data and locks victims out of compromised devices by changing PINs. DoubleLocker combines a cunning infection mechanism with two powerful tools for extorting money from its victims. "Its payload can change the device's PIN, preventing the victim …
John Leyden, 13 Oct 2017
Virtual money enters man's online wallet

Mo' money mo' mobile payments... Security risks? Whatever!

Analysis A survey on global mobile wallet adoption, published Tuesday, has sparked a lively debate about how banks and fintech might face off in the expanding market for mobile payments. Global payments software firm ACI Worldwide found that security concerns, while present, are not holding back uptake. Steven Murdoch, a security …
John Leyden, 6 Sep 2017
Vodafone adds payment cards to mobile wallet

UK not as keen on mobile wallets as mainland Europe and US

The UK is lagging behind other countries in mobile wallet adoption, according to a new survey out today. Consumers in the US and Europe are catching up with those in fast-growing economies in Asia and Latin America where mobile wallets have already become the dominant payment platform, according to an online survey of 6,000 …
John Leyden, 5 Sep 2017
Apple

Wallet-snatch hack: ApplePay 'vulnerable to attack', claim researchers

Black Hat USA Security researchers say they have come up with two separate "attacks" against ApplePay, highlighting what they claim are weaknesses in the mobile payment method. One of the attacks developed by the white hats, and presented at Black Hat USA yesterday, requires a jailbroken device to work, but the other assault does not. In …
John Leyden, 28 Jul 2017

No one still thinks iOS is invulnerable to malware, right? Well, knock it off

The comforting notion that iOS devices are immune to malicious code attacks has taken a knock following the release of a new study by mobile security firm Skycure. Malicious mobile apps in Apple's App Store are mercifully rare (XcodeGhost aside) compared to the comparative "Wild West" of the Google Play store, which has come …
John Leyden, 20 Jul 2017

Facebook users pwnd by phone with account recovery vulnerability

Facebook account recovery using pre-registered mobile numbers is poorly implemented and open to abuse, according to critic James Martindale. Martindale wrote an article on Medium, titled I kinda hacked a few Facebook accounts using a vulnerability they won't fix, highlighting his concerns in a bid to push the social network …
John Leyden, 17 Jul 2017

Paranoid Android: Antivirus app-makers resolve MitM vulnerability

An Android anti-malware application from Panda Mobile Security has been updated after researchers discovered that an insecure update mechanism left users vulnerable to man-in-the-middle attacks. Tom Moreton, a security researcher at Context, found that an insecure update mechanism in the product, which is available via Google …
John Leyden, 10 May 2017
Twitter Trump photo via Shutterstock

President Trump tweets from insecure Android, security boffins roll eyes

President Donald Trump is still using a conventional Android phone to post on Twitter since moving into the White House. The New York Times reports that the USA's newly installed president is using his old phone mainly to post to Twitter rather than make calls. Security experts nonetheless warn that Trump's use of a personal …
John Leyden, 26 Jan 2017
Karmera secured Pixel phone photo2 by Kaymera

Security hardened, pah! Expert doubts Kaymera's mighty Google's Pixel

The arrival of a security hardened version of Google’s supposed "iPhone killer" Pixel phone from Kaymera has received a sceptical reception from one expert. Kaymera Secured Pixel is outfitted with Kaymera’s own hardened version of the Android operating system and its security architecture. This architecture is made up of four …
John Leyden, 12 Jan 2017

Build your own IMSI slurping, phone-stalking Stingray-lite box – using bog-standard Wi-Fi

Black Hat EU Wi-Fi networks can tease IMSI numbers out of nearby smartphones, allowing pretty much anyone to wirelessly track and monitor people by their handsets' fingerprints. Typically, if you want to stalk and identify strangers via their IMSI numbers, you use a Stingray-like device, or any software-defined radio, that talks to …
John Leyden, 3 Nov 2016

Create a news alert about mobile security, or find more stories about mobile security.

Biting the hand that feeds IT © 1998–2018