Browsing Category: Mobile Security

android garden

Critical Android FakeID Bug Allows Attackers to Impersonate Trusted Apps

There is a critical vulnerability in millions of Android devices that allows a malicious app to impersonate a trusted application in a transparent way.

Read more...

android_bot

Harnessing the Power of an Android Cluster for Security Research

When the topic of mobile security comes up, users and researchers often discuss Android as if it’s one monolithic operating system like iOS is. But the fact is that there are nearly as many versions of Android as there are Android devices, which has led to plenty of confusion when it’s time to fix a security[...]

Read more...

Koler popups

Koler Ransomware Infrastructure Complex and Agile

Categories: Malware, Mobile Security

Researchers at Kaspersky Lab report on the infrastructure supporting the Koler ransomware, which not only has components targeting Android devices, but also redirects desktop browsers to other ransomware and exploit kits.

Read more...

iphone 5s

Researcher Identifies Hidden Data-Acquisition Services in iOS

There are a number of undocumented and hidden features and services in Apple iOS that can be used to bypass the backup encryption on iOS devices and remove large amounts of users’ personal data.

Read more...

eff logog

EFF Releases Open Wireless Router Firmware

The EFF is working on an open wireless router firmware that’s designed to be a secure and flexible alternative to the existing software that runs on home and small business routers, much of which is notoriously insecure. The Open Wireless Router project, which the organization announced at the HOPE X conference over the weekend, is[...]

Read more...

chrome_android_patch_update

Chrome for Android Update Fixes Critical URL Spoofing Bug

The latest update to Chrome on Android fixes two bugs, including a critical flaw in the browser that could have let an attacker trick a user into visiting a malicious site.

Read more...

iOS Gmail Certificate Pinning

Lack of Certificate Pinning Exposes Encrypted iOS Gmail App Communication

Google has failed to implement certificate pinning in its official iOS Gmail application, which could enable Man-in-the-Middle attacks exposing encrypted user communications.

Read more...

passwords

PayPal 2FA Bypass Shows Difficulty of Getting Authentication Right

Oftentimes, looking at a given security vulnerability or mistake by a vendor, it’s easy to wonder how on earth the bug got through in the first place or the company didn’t catch the problem earlier. That definitely could have been the case with the recently disclosed bypass of PayPal’s two-factor authentication mechanism, but, as is[...]

Read more...

shutterstock_92190493

Patched Code Execution Bug Affects Most Android Users

Researchers at IBM disclosed a serious buffer overflow vulnerability in Android 4.3 and earlier that could lead to code execution. The bug is patched in KitKat, but most users are on older versions.

Read more...