Mobile security


New Mobile Malware Transmitter.C Spreading

From Zero Day (Dancho Danchev)
Researchers from NetQin Tech. are reporting on a newly discovered mobile malware variant (Transmitter.C) distributed through a modified version of legitimate mobile application. Upon execution, the malware attempts to automatically spread by SMS-ing hundreds of messages linking to a web site where a copy of it (sexySpace.sisx) can be found. Read the full story [ZDNet.com].

Researcher Finds Cracks in Symbian Security

From The H Security
Symbian, found in many mobile phones, especially those from Nokia, is one of the most widely used mobile operating systems and has now been in use for more than ten years. It continues to be viewed as a very secure operating system, with special security functions and a certification system which help to ensure that only signed code can run with high privileges. Anti-virus vendors occasionally report new malware capable of running on the Symbian platform, but so far none have managed to spread widely. Read the full story [The H Security].

New Security Standards for Mobile Payments Coming

From SC Magazine (Angela Moscaritolo)
A financial services technology group is developing standards for making secure mobile payment transactions.  The goal of the project,  an effort of the Financial Services Technology Consortium (FSTC),  is to develop standards and processes so that banking customers are able to securely pay a merchant or another bank customer using their phone, no matter what mobile device or carrier they use.  Read the full story [scmagazine.com]


From DarkReading (Kelly Jackson Higgins)

Texting just keeps getting riskier: Researchers at next month’s Black Hat USA in Las Vegas will demonstrate newly discovered threats to mobile phone users, as well as release a new iPhone application that tests phones for security flaws.

“We set out to create a graphical SMS auditing app that runs on the iPhone,” says Luis Miras, an independent security researcher. The tool can test any mobile phone, not just the iPhone, for vulnerabilities to specific exploits that use SMS as an attack vector.  Read the full story [darkreading.com]

T-Mobile is now saying that the information that was posted to the Full Disclosure security mailing list this weekend is in fact the company’s data. But the company stopped short of confirming that the anonymous hackers have access to customer data and other sensitive information, as they have claimed.

From Reuters (Tarmo Virki)
Accessing your bank account using your mobile phone might seem safe, but security experts say would-be hackers can access confidential information via a simple text message seemingly from your service provider.
People in the industry aware of the risk see it as extremely small, as only a few people use handsets to access their bank accounts, but it is growing as mobile Internet usage rises.  Read the full story [reuters.com]

There is a series of vulnerabilities in the widely used BlackBerry Enterprise Server software that could allow an attacker to compromise BlackBerry devices by sending a malicious PDF file. Research in Motion, the software’s maker, has issued a patch that fixes the problem in BES, as well as in BlackBerry Professional Software.

At a Churchill Club event in Santa Clara, Calif., Peter Solvik, managing director at Sigma Partners, talks to a panel of CIOs about how they’re making mobile devices more secure in the enterprise and whether their employees prefer the BlackBerry over the iPhone. The panel includes: Matt Carey, chief information officer of Home Depot; Karenann Terrell, CIO of Baxter; and Lars Rabbe, former CIO of Yahoo.

From Computerworld (Jeremy Kirk)
Apple security whiz Charlie Miller has discovered a method that may enable attackers to run shellcode on the latest version of the Apple iPhone, something that researchers previously thought to be impossible. In a presentation at Black Hat Europe this week, Miller discussed his findings, but said that in order to get the shellcode working, an attacker would still need an exploit.

By Andrew Storms
The looming mobile malware threat of the past decade has yet to materialize. The reason for its lack of fruition, according to scientists, is due to geography and the lack of a dominant market shareholder.  However well done the math, the scientific study is flawed nonetheless.  “Understanding the Spreading Patterns of Mobile Phone Viruses” a new paper by 4 scientists fails take into account modern malware trends and operational knowledge of security vendors like those of antivirus companies.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.