Google has failed to implement certificate pinning in its official iOS Gmail application, which could enable Man-in-the-Middle attacks exposing encrypted user communications.
Browsing Category: Mobile Security
A pair of Android vulnerabilities in ever version prior to KitKat could give an attacker the ability to make and end phone calls and send USSD codes using a malicious application.
Oftentimes, looking at a given security vulnerability or mistake by a vendor, it’s easy to wonder how on earth the bug got through in the first place or the company didn’t catch the problem earlier. That definitely could have been the case with the recently disclosed bypass of PayPal’s two-factor authentication mechanism, but, as is[...]
Researchers at IBM disclosed a serious buffer overflow vulnerability in Android 4.3 and earlier that could lead to code execution. The bug is patched in KitKat, but most users are on older versions.
A cloned banking application targeting customers of a large bank in Israel has been removed from Google Play after it was discovered to be stealing users’ log-in credentials.
There’s a vulnerability in the way that PayPal handles certain requests from mobile clients that can allow an attacker to bypass the two-factor authentication mechanism for the service and transfer money from a victim’s account to any recipient he chooses.
Researchers from Kaspersky Lab and Citizen Lab released a report today with extensive details on the HackingTeam’s controversial RCS spyware, in particular its extensive global command infrastructure and mobile malware.
Google and Microsoft will implement ‘kill switches’ into their mobile offering in response to petitions from elected officials claiming that a similar Apple feature has deterred theft and violent crime.
Geohot’s latest Android rooting tool relies on a privilege root access, escalation vulnerability affecting the majority of commercial Android builds.
AT&T has notified some of its mobile customers that employees of one of its contractors accessed some customer information, including birth dates and Social Security numbers, in an effort to generate codes that could be used to unlock devices. The company did not specify how many customers were affected by the breach, and it doesn’t appear[...]