Articles about mobile security

Apple

Wallet-snatch hack: ApplePay 'vulnerable to attack', claim researchers

Black Hat USA Security researchers say they have come up with two separate "attacks" against ApplePay, highlighting what they claim are weaknesses in the mobile payment method. One of the attacks developed by the white hats, and presented at Black Hat USA yesterday, requires a jailbroken device to work, but the other assault does not. In …
John Leyden, 28 Jul 2017

No one still thinks iOS is invulnerable to malware, right? Well, knock it off

The comforting notion that iOS devices are immune to malicious code attacks has taken a knock following the release of a new study by mobile security firm Skycure. Malicious mobile apps in Apple's App Store are mercifully rare (XcodeGhost aside) compared to the comparative "Wild West" of the Google Play store, which has come …
John Leyden, 20 Jul 2017

Facebook users pwnd by phone with account recovery vulnerability

Facebook account recovery using pre-registered mobile numbers is poorly implemented and open to abuse, according to critic James Martindale. Martindale wrote an article on Medium, titled I kinda hacked a few Facebook accounts using a vulnerability they won't fix, highlighting his concerns in a bid to push the social network …
John Leyden, 17 Jul 2017

Paranoid Android: Antivirus app-makers resolve MitM vulnerability

An Android anti-malware application from Panda Mobile Security has been updated after researchers discovered that an insecure update mechanism left users vulnerable to man-in-the-middle attacks. Tom Moreton, a security researcher at Context, found that an insecure update mechanism in the product, which is available via Google …
John Leyden, 10 May 2017
Twitter Trump photo via Shutterstock

President Trump tweets from insecure Android, security boffins roll eyes

President Donald Trump is still using a conventional Android phone to post on Twitter since moving into the White House. The New York Times reports that the USA's newly installed president is using his old phone mainly to post to Twitter rather than make calls. Security experts nonetheless warn that Trump's use of a personal …
John Leyden, 26 Jan 2017
Karmera secured Pixel phone photo2 by Kaymera

Security hardened, pah! Expert doubts Kaymera's mighty Google's Pixel

The arrival of a security hardened version of Google’s supposed "iPhone killer" Pixel phone from Kaymera has received a sceptical reception from one expert. Kaymera Secured Pixel is outfitted with Kaymera’s own hardened version of the Android operating system and its security architecture. This architecture is made up of four …
John Leyden, 12 Jan 2017

Build your own IMSI slurping, phone-stalking Stingray-lite box – using bog-standard Wi-Fi

Black Hat EU Wi-Fi networks can tease IMSI numbers out of nearby smartphones, allowing pretty much anyone to wirelessly track and monitor people by their handsets' fingerprints. Typically, if you want to stalk and identify strangers via their IMSI numbers, you use a Stingray-like device, or any software-defined radio, that talks to …
John Leyden, 3 Nov 2016

App proves Rowhammer can be exploited to root Android phones – and there's little Google can do to fully kill it

Security researchers have demonstrated how to gain root privileges from a normal Android app without relying on any software bug. The unprivileged application is able to gain full administrative permissions by exploiting the Rowhammer vulnerability present in modern RAM chips. Essentially, malicious code can change the content …
John Leyden, 24 Oct 2016

Hacking mobile login tokens tricky but doable, says reverse-engineer

Mobile apps that generate on-screen tokens for two-factor authentication can be examined and cloned by malware, a security researcher warns. Fraudsters and crooks can take these clones and generate the codes necessary to login into bank accounts and other online services as their victims. Banks are increasingly relying on …
John Leyden, 2 Sep 2016
Android strapped to rocket. Photo by shutterstock

Two-speed Android update risk: Mobes face months-long wait

Motorola pushes out Android updates faster than any other manufacturer bar Google Nexus manufacturers, according to a new study. Mobile app metrics firm Apteligent examined device data for Samsung, LG, Sony, HTC, Motorola, and ZTE to determine which manufacturer pushes out OS updates the soonest. It compared the time it took …
John Leyden, 19 Aug 2016
Lock on a board. Photo by shutterstock

Chinese Android smartphone firm: It packs a dedicated crypto chip

Chinese smartphone manufacturer Gionee has released a device with a dedicated encryption chip it calls "equivalent to a black box" that offers the "most advanced" mobile data protection to date. Experts we asked were sceptical about the claims, which at minimum show that improved security is becoming a differentiator in the …
John Leyden, 2 Aug 2016
Pokemon Go game

Silently clicking on porn ads you can't even see – this could be you...

Security firms have repeated warnings that unofficial versions of Pokemon Go are likely tainted with spyware or trojans. RiskIQ has found more than 215 unofficial versions of the app in more than 21 app stores. Separately security researchers at security software firm ESET warn that the first ever fake lockscreen app on the …
John Leyden, 15 Jul 2016

You really do want to use biometrics for payments, beam banks

Two in three European consumers actively want to use biometric technology when making payments, according to a new Visa-sponsored survey. Nearly three in four (73 per cent) see two-factor authentication – where a form of biometrics is used in conjunction with a payment device – as a secure payment authentication method. More …
John Leyden, 14 Jul 2016

UEFA's Euro 2016 app is airing football fans’ privates in public

The official UEFA Euro 2016 app is leaking football fans’ personal data, security researchers warn. The app is transmitting user credentials - including usernames, passwords, addresses and phone numbers - over an insecure internet connection, mobile security outfit Wandera discovered. The lack of encryption in the app, which …
John Leyden, 1 Jul 2016
Silhouette of spy discerning password from code uses a command on graphic user interface

SS7 spookery on the cheap allows hackers to impersonate mobile chat subscribers

Flaws in the mobile signalling protocols can be abused to read messaging apps such as WhatsApp and Telegram. Security researchers at Positive Technologies found they can intercept messages and respond as if they were the intended recipient in services such as WhatsApp or Telegram. This is not a man in the middle attack: …
John Leyden, 10 May 2016

Apple needs silver bullet to slay App Store's escaped undead – study

Online software bazaars – such as Apple's App Store and Google Play – need to claim responsibility for "dead applications" and notify people when their programs have been revoked or removed, a study by security firm Appthority recommends. “Dead apps” are those that have been removed from an app store, but remain on devices – …
John Leyden, 6 May 2016

Google can't hold back this malware running riot in its Play store

Security researchers have discovered a strain of Android malware that keeps finding its way onto Google Play – despite the store supposedly being scrubbed clean of infiltrated apps. The software nasty – Android.Spy.277.origin – is hidden in more than 100 applications on Google Play. Sketchy programs harboring the malware …
John Leyden, 26 Apr 2016
Ted Cruz

Ted Cruz knows where you live – if you downloaded his app

Many US presidential primary apps gather users’ personal information and leave their sensitive data vulnerable to attackers, security researchers at Symantec warn. Data exchanged through many of the apps can be intercepted by attackers and shared with third parties because of weak security practices. Symantec analysed the …
John Leyden, 26 Apr 2016

Create a news alert about mobile security, or find more stories about mobile security.

Biting the hand that feeds IT © 1998–2017