The security industry can be a giant repetitive, follow-the-loser echo chamber of unoriginal thoughts, familiar flaws and copycat theories. But if ever there was a year in which folks could stand back and look at what’s gone on and say, what in the hell just happened, 2011 was it. So rather than going in for the typical year-in-review or top stories shtick, let’s just have a look back at some of the more absurd, unexpected and amusing twigs and berries from the last 12 months, shall we?
Browsing Category: Mobile Security
VIEW SLIDESHOW Threatpost Top Security News Stories of 2011We’ve compiled our list of the Top Security Stories of 2011, presented here in no particular order. These are the issues that shook the world’s markets and kept us awake at night.
Mobile security researchers at the firm Viaforensics say they have created a malicious mobile application that requires the phone user to grant no permissions during installation, but could give remote attackers the ability to install and execute malicious code on mobile devices running the Android operating system.
The security of Android devices has come under quite a lot of scrutiny in recent months, with researchers identifying various root exploits and permission leaks that could be exploited. In this video, researcher Thomas Cannon of ViaForensics demonstrates a method for setting up a remote shell on an Android device without using any exploits or vulnerabilities. The method works on various versions of Android, up to and including Gingerbread.
Sprint has decided to stop using Carrier IQ’s diagnostic software in light of the ongoing controversy about user privacy, according to reports.
The latest generation of desk-jockey’s admitted in a recent CISCO study that they frequently ignore and/or circumvent the information technology (IT) policies of their employers, heightening corporate risk.
Carrier IQ, the embattled software company at the center of the controversy over alleged data collection on mobile devices, has released a new document that details the ways in which carriers deploy the software, how it works on devices and what data it is capable of collecting. The company also admitted in the document that its software has a bug that, in some specific cases, could cause the application to collect the contents of SMS messages.
There has been another round of malicious apps discovered in the official Android Market, with this wave containing hidden functionality to send SMS messages to premium-rate numbers. The apps, which Google has pulled from the Market already, are counterfeit versions of popular games, including Angry Birds.
A lot has been said about the Carrier IQ software, the way that it’s used by carriers and whether it’s capable of intercepting calls, texts and data on users’ handsets. It’s still not clear exactly what’s going on, but one lesson that has emerged from all of this is this: The mobile devices people buy and use for personal and sensitive taks every day simply do not belong to them.
The controversy over stealthy monitoring software by CarrierIQ has raised important questions about user privacy and business ethics in the Brave New World of smart phones, tablets and the like. In the uproar over CarrierIQ’s surreptitious monitoring of mobile phone users, various tools have appeared that claim to be able to detect the software. However – removing CarrierIQ from your phone is another matter entirely. And,while some sites have offered instructions on doing so, Kaspersky Lab researcher Tim Armstrong said that, for all but a few mobile phone hardware experts, doing a CarrierIQ-pendectomy is a bad idea.