Mobile Security

ASEF Android Tool Analyzes App Security and Behavior

A researcher at Qualys has released a new tool designed to allow users–even non-technical ones–to evaluate the security and behaviors of the apps installed on their Android devices. Known as the Android Security Evaluation Framework, the tool not only looks at the general security of an app, but also at what kind of data the app is collecting and what it’s doing with that information.

Millions of Mobile Phone Users’ Data Leaked in South Korea Scam

Two men have been arrested in South Korea for allegedly leaking the information of almost nine million of the nation’s mobile phone users, including details of the users’ monthly plans, according to a report issued by the Korea National Police Agency’s (KNPA) Cyber Terror Response Center (CTRC) over the weekend.

Q&A: Adrian Stone of the BlackBerry Security Team

LAS VEGAS–Here’s something that you might not know about RIM: it has a rather large security response and research team. The maker of the BlackBerry phones–once the must-have fashion accessory for executives and Barack Obama–historically has been almost silent on the way that it handles product security and vulnerabilities. But that’s beginning to change, in large part perhaps because the security response team at RIM is full of veterans of Microsoft’s Security Response Center, who learned the value of communication the hard way.

LAS VEGAS–An odd thing happened at Black Hat on Thursday: an Apple security official gave a talk. Seats began filling early, 20 minutes before the talk began, and expectations were high, with many people wondering how much the speaker would reveal about the inner workings of iOS security. And then the talk began and it was fairly clear that the answer to that question was, not much.

LAS VEGAS–Do not stand near Charlie Miller. Actually, you might not even want to let him walk past you. It’s not that Miller is a bad person, you understand. The problem is that Miller has figured out a couple of methods that enable him–or an attacker–to use the NFC chip in some phones to exploit vulnerabilities in the phones’ software and force users to visit a Web site or even gain complete control of the phone. 

There is a new variant of the OpFake mobile malware making the rounds, and this version comes bundled with a version of the legitimate Opera Mini mobile browser. The malware targets Android phones and steals money from victims by sending SMS messages without the user’s knowledge to premium-rate numbers and also collects data about the device it infects.

Mobile security has become a major concern both for consumers and for enterprises worried about the integrity of their sensitive data. Part of that worry centers on the security of the apps on mobile devices, something that’s largely unknowable in a lot of cases right now. Duo Security today is releasing a new app called X-Ray that scans Android devices for known vulnerabilities and alerts users to which ones remain unpatched.

Apple’s iOS and Google’s Android have been on opposite ends of the security continuum for the last few years, with iOS remaining resistant to malware and Android becoming a frequent target for attackers and malware authors. Google has been taking steps to change that in recent releases, and the latest version of its mobile operating system, Android 4.1 Jelly Bean, includes several new exploit mitigations and a more extensive implementation of ASLR to help defeat many kinds of exploits.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.