People with cracked touch screens or similar smartphone maladies have a new headache to consider: the possibility the replacement parts installed by repair shops contain secret hardware that completely hijacks the security of the device.
CS Digest Section: Mobile Security
LeakerLocker: Mobile Ransomware Acts Without Encryption
We recently found on Google Play a type of mobile ransomware that does not encrypt files. This malware extorts a payment to prevent the attacker from spreading a victim's private information. LeakerLocker claims to have made an unauthorized backup of a phone's sensitive information that could be leaked to a user's contacts unless it receives "a modest
Satellite Phone Encryption Calls Can be Cracked in Fractions of a Second
Security researchers have discovered a new method to decrypt satellite phone communications encrypted with the GMR-2 cipher in "real time" -- that too in mere fractions of a second in some cases.
http://thehackernews.com/2017/07/satellite-phone-encryption.html
Dvmap: the First Android Malware with Code Injection
Dvmap is very special rooting malware. It uses a variety of new techniques, but the most interesting thing is that it injects malicious code into the system libraries - libdmv.so or libandroid_runtime.so.
https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/
News Release: DHS Delivers Study on Government Mobile Device Security to Congress
The Department of Homeland Security (DHS) has submitted a report to Congress that details current and emerging threats to the Federal government’s use of mobile devices and recommends security improvements within the mobile device ecosystem.
Can Google Win Its Battle with Android Malware?
Both iOS and Android devices are targeted by hackers, but data suggests there is more Android malware in circulation than for iOS; a recent report by F-Secure goes so far as to say 99 percent of all malware that targets mobile devices is designed for Android.
http://www.zdnet.com/article/can-google-win-its-battle-with-android-malware/
Hundreds of Apps Using Ultrasonic Signals to Silently Track Smartphone Users
Your smartphone may have some apps that are continuously listening inaudible, high-frequency ultrasonic sounds from your surroundings and they know where you go, what you like and dislike - all without your knowledge.
http://thehackernews.com/2017/05/ultrasonic-tracking-signals-apps.html
Why The Google Docs Email Scam Was Such a Sophisticated Phishing Attack
It's a phishing scheme that even multifactor authentication and changing your password won't fix.
http://www.newsweek.com/google-docs-sophisticated-email-scam-594443
NIST forms 5G alliance of 130 companies
NIST’s establishment of the alliance has brought together more than 130 participants, including representatives from Qualcomm, Intel, Samsung, Keysight and Echostar, to solve the most pressing modeling and measurement challenges facing the deployment of 5G wireless Communications.
http://www.nextbigfuture.com/2017/04/nist-forms-5g-alliance-of-130-companies.html
When Apps Secretly Team Up to Steal Your Data
When the researchers set DIALDroid loose on the 100,206 most downloaded Android apps, they turned up nearly 23,500 app pairs that leak data. More than 16,700 of those pairs also involved privilege escalation, which means the second app received a type of sensitive information that it's typically forbidden from accessing.
https://www.theatlantic.com/technology/archive/2017/04/when-apps-collude-to-steal-your-data/522177/
