Apple is encouraging developers who create apps for iOS to begin moving their apps to an HTTPS-only model as soon as possible in an effort to thwart eavesdropping on insecure, plaintext HTTP connections. The move is yet one more sign that major Internet and technology companies are becoming ever more resistant to large-scale, passive surveillance[…]
Browsing Category: Mobile Security
Today at Google I/O, the company announced a new system for Android that it hopes will urge developers to seek fewer excessive permissions for mobile applications.
What happens when you build a watch that is essentially an absurdly powerful computer that also tells time? You have to patch that watch. And that’s what Apple has done for the first time, releasing a long list of fixes for security problems with the Apple Watch OS. At least one of the vulnerabilities can[…]
There’s an easily exploitable vulnerability in the Android stock browser that enables an attacker to spoof the URL in the address bar and force a victim to visit a malicious site while believing he is visiting a benign one. Security researcher Rafay Baloch discovered the vulnerability and developed the technique for exploiting it. The problem[…]
Datapp, a Windows program developed at the University of New Haven, sniffs out unencrypted mobile data sent over HTTP.
The idea of needing to disable a computer quickly as the police–or another potential adversary–comes through the door typically has been the concern of criminals. But in today’s climate activists, journalists, and others may find themselves wanting to make their laptops unusable in short order, and that’s where usbkill comes in.
A few weeks after the developers of the AFNetworking library that’s popular among iOS and OS X app developers patched a serious bug in the library that enabled man-in-the-middle attacks, another, similar flaw has surfaced. The new vulnerability is related to how the AFNetworking library handles domain name validation for certificates. As it turns out, the library[…]
Researchers stumbled upon a vulnerability recently that can force any iPhone or iPad into a perpetual reboot loop.
CERT researcher Will Dormann presented an update on his research looking at Android apps that fail to validate SSL; Google meanwhile, says it will get stricter with enforcement.