White House officials believe that chief of staff John Kelly's personal cellphone was compromised, potentially as long ago as December, according to three U.S. government officials.
CS Digest Section: Mobile Security
Do you want the user's Apple ID password, to get access to their Apple account, or to try the same email/password combination on different web services? Just ask your users politely, they'll probably just hand over their credentials, as they're trained to do so.
The idea is to marry current 2FA with systems that "reduce mobile identity risks by analyzing data and activity patterns on a mobile network to predict, with a high degree of certainty, whether the user is who they say they are," according to the news release. The problem with SMS authentication is that skilled hackers have successfully hijacked SMS codes
Palo Alto Networks Unit 42 researchers have uncovered a high severity vulnerability in the Android overlay system, which allows a new Android overlay attack by using the "Toast type" overlay. All Android devices with OS version < 8.0 are affected by this vulnerability and patches are available as part of the September 2017 Android Security Bulletin.
Android bootloader components from five major chipset vendors are affected by vulnerabilities that break the CoT (Chain of Trust) during the boot-up sequence, opening devices to attacks. The vulnerabilities came to light during research carried out by a team of nine computer scientists from the University of California, Santa Barbara.
People with cracked touch screens or similar smartphone maladies have a new headache to consider: the possibility the replacement parts installed by repair shops contain secret hardware that completely hijacks the security of the device.
We recently found on Google Play a type of mobile ransomware that does not encrypt files. This malware extorts a payment to prevent the attacker from spreading a victim's private information. LeakerLocker claims to have made an unauthorized backup of a phone's sensitive information that could be leaked to a user's contacts unless it receives "a modest
Security researchers have discovered a new method to decrypt satellite phone communications encrypted with the GMR-2 cipher in "real time" -- that too in mere fractions of a second in some cases.
Dvmap is very special rooting malware. It uses a variety of new techniques, but the most interesting thing is that it injects malicious code into the system libraries - libdmv.so or libandroid_runtime.so.
The Department of Homeland Security (DHS) has submitted a report to Congress that details current and emerging threats to the Federal government’s use of mobile devices and recommends security improvements within the mobile device ecosystem.