An Android vulnerability has been uncovered that allows attackers to modify apps in an undetected way, without affecting their signatures.
CS Digest Section: Mobile Security
Researchers from Vietnamese security company Bkav demonstrated that they could fool the technology to unlock the phone with a mask constructed with a 3D printer, some silicone, makeup and two-dimensional images—about $150 in materials.
A new malware has been uncovered that uses an updated methodology to abuse the previously patched Android Toast overlay vulnerability, which once installed, can download additional malware as well as use various permissions to access the phone. The malware is called ToastAmigo, detected by Trend Micro as ANDROIDOS_TOASTAMIGO, and is believed to represent
White House officials believe that chief of staff John Kelly's personal cellphone was compromised, potentially as long ago as December, according to three U.S. government officials.
Do you want the user's Apple ID password, to get access to their Apple account, or to try the same email/password combination on different web services? Just ask your users politely, they'll probably just hand over their credentials, as they're trained to do so.
The idea is to marry current 2FA with systems that "reduce mobile identity risks by analyzing data and activity patterns on a mobile network to predict, with a high degree of certainty, whether the user is who they say they are," according to the news release. The problem with SMS authentication is that skilled hackers have successfully hijacked SMS codes
Palo Alto Networks Unit 42 researchers have uncovered a high severity vulnerability in the Android overlay system, which allows a new Android overlay attack by using the "Toast type" overlay. All Android devices with OS version < 8.0 are affected by this vulnerability and patches are available as part of the September 2017 Android Security Bulletin.
Android bootloader components from five major chipset vendors are affected by vulnerabilities that break the CoT (Chain of Trust) during the boot-up sequence, opening devices to attacks. The vulnerabilities came to light during research carried out by a team of nine computer scientists from the University of California, Santa Barbara.
People with cracked touch screens or similar smartphone maladies have a new headache to consider: the possibility the replacement parts installed by repair shops contain secret hardware that completely hijacks the security of the device.
We recently found on Google Play a type of mobile ransomware that does not encrypt files. This malware extorts a payment to prevent the attacker from spreading a victim's private information. LeakerLocker claims to have made an unauthorized backup of a phone's sensitive information that could be leaked to a user's contacts unless it receives "a modest