There are a number of undocumented and hidden features and services in Apple iOS that can be used to bypass the backup encryption on iOS devices and remove large amounts of users’ personal data.
Browsing Category: Mobile Security
The EFF is working on an open wireless router firmware that’s designed to be a secure and flexible alternative to the existing software that runs on home and small business routers, much of which is notoriously insecure. The Open Wireless Router project, which the organization announced at the HOPE X conference over the weekend, is[...]
The latest update to Chrome on Android fixes two bugs, including a critical flaw in the browser that could have let an attacker trick a user into visiting a malicious site.
Google has failed to implement certificate pinning in its official iOS Gmail application, which could enable Man-in-the-Middle attacks exposing encrypted user communications.
A pair of Android vulnerabilities in ever version prior to KitKat could give an attacker the ability to make and end phone calls and send USSD codes using a malicious application.
Oftentimes, looking at a given security vulnerability or mistake by a vendor, it’s easy to wonder how on earth the bug got through in the first place or the company didn’t catch the problem earlier. That definitely could have been the case with the recently disclosed bypass of PayPal’s two-factor authentication mechanism, but, as is[...]
Researchers at IBM disclosed a serious buffer overflow vulnerability in Android 4.3 and earlier that could lead to code execution. The bug is patched in KitKat, but most users are on older versions.
A cloned banking application targeting customers of a large bank in Israel has been removed from Google Play after it was discovered to be stealing users’ log-in credentials.
There’s a vulnerability in the way that PayPal handles certain requests from mobile clients that can allow an attacker to bypass the two-factor authentication mechanism for the service and transfer money from a victim’s account to any recipient he chooses.
Researchers from Kaspersky Lab and Citizen Lab released a report today with extensive details on the HackingTeam’s controversial RCS spyware, in particular its extensive global command infrastructure and mobile malware.