Mobile

(get it in RSS or Atom)

SSCC 156 - Warbiking in Manhattan, hubris for Google, and how less can be more [PODCAST]

chet-chat-logo-featured-250

Sophos experts Chester Wisniewski and Paul Ducklin are back with this week's security podcast, turning plain old news into advice you can use.

iPhones are a security threat to the state, China claims

iPhone's a security threat to the state, China claims

China has cited Apple iPhone's ability to track and time-stamp users' whereabouts as reason to declare the mobile phone hazardous to state security.

Australian police using tower dumps to slurp mass phone data

Australian police using tower dumps to slurp mass phone data

Australian federal and state police have joined the ranks of mega-data slurpers - namely, the US, where 1 in 4 law enforcement agencies have reportedly used a "tower dump" - ordering phone providers to hand over personal information about thousands of mobile phone users, regardless of whether or not those people are under investigation.

Google's Android security chief: Don't bother with anti-virus. Is he serious?

android-antivirus-250

Google's chief security engineer for Android, Adrian Ludwig, claims that most users shouldn't bother with anti-virus and that security companies are overstating the problem of Android malware. Can he be serious? ...

Monday review - the hot 22 stories of the week

dow-250

It's weekly roundup time!

Here's all the great stuff we've written in the past seven days.

Is Apple slack at security on iOS? 60 Sec Security [VIDEO]

60ss-video-250

What went wrong with PayPal's 2FA? Why did Microsoft do an email U-turn? Is Apple slack at security on iOS?

It'll only take a minute to find out...

SSCC 154: Fraud, viruses, patches and encryption (in that order!) [PODCAST]

chet-chat-logo-featured-250

Where does your country sit on the fraud list? Just how much can you trust SMSes on Android? Is Apple serious enough about iOS security? And will Google's End-To-End email encryption plugin save the world?

Find out with Chet and Duck in this week's Chet Chat podcast...

Coinbase wallet app in SSL/TLS SNAFU

Bitcoin digital wallet

The popular Bitcoin wallet Coinbase has a security flaw in its Android apps which could allow an attacker to steal authentication codes and access users' accounts, according to a security researcher.

Coinbase is far from alone in leaving its wallet app users vulnerable, so what should you do to stay safe when using mobile banking apps?

Anatomy of a buffer overflow - Google's "KeyStore" security module for Android

ks-250

Here's a cautionary tale about a bug, courtesy of IBM.

Not that IBM had the bug, just to be clear: Google had the bug, and IBM researchers spotted it.

Apple ships updates, including Snow Leopard (ONLY KIDDING!)‏

apple-250

Apple just published its latest round of updates for iOS, Apple TV, Safari and OS X, including dozens of security fixes.

OS X Snow Leopard users...we're afraid you missed out once again.

Anatomy of an Android SMS virus - watch out for text messages, even from your friends!

slf-logo-250

Paul Ducklin looks into "Andr/SlfMite-A", an Android SMS virus.

The malware sends itself to your top 20 contacts and foists an third party app for an alternative Android software market onto your device...

"Towelroot" app makes it easy to root Galaxy S5 and other locked Androids...

towels-250

Galaxy S5 users will be cheering. System administrators are probably groaning.

Paul Ducklin looks at an Android-era variant of Hamlet's dilemma: "To root or not to root, that is the question."

Is that Google Glass wearer stealing your iPad passcode?

Tablet. Image courtesy of Shutterstock.

What about the one with a smartwatch? Snoopers can catch your code from nearly 10 feet away with Google Glass or Samsung's smartwatch and from almost 150 away using a HD camcorder, thanks to researchers' custom-coded, shadow-tracking recognition algorithm.

SSCC 153: TrueCrypt, Towelroot, Cryptowall, and spam in Canada [PODCAST]

chet-chat-logo-featured-250

Chester Wisniewski and Paul Ducklin present this week's edition of the regular Sophos security podcast, the "Chet Chat."

In this episode: the TrueCrypt saga continues; the Towelroot software for unlocking Androids; ransomware after CryptoLocker; and Canada's long, long, long-awaited anti-spam law.

BoringSSL wants to kill the excitement that led to Heartbleed

Bored girl

Some things just aren't meant to be exciting. In fact some things are supposed to be so far from novelty, surprise and frivolity that any whiff of excitement at all is a bad sign indeed. Introducing Boring SSL...

'Yo' app hacked by college students, hires one of the hackers

'Yo' app hacked by college students

A Georgia Tech student claims he and two roommates were able to get any user's phone number, that they texted the founder (who, he said, called him back), to spam any user, and to send any text they want. Now it looks like one of them will be working for the company.

Privacy and iOS 8, USMS blunder and Cryptowall ransomware - 60 Sec Security [VIDEO]

60ss-video-250

One minute of fun with a serious side...

60 Second Security - 21 June 2014

Google and Microsoft want to kill your phone if it's stolen. Do you feel safer?

Kill switch

The law enforcement group Secure Our Smartphones is claiming victory after Google and Microsoft announced they will add a "kill switch" to their mobile operating systems.

What's next for ransomware? Cryptowall picks up where CryptoLocker left off

Cryptowall-250

With many victims paying up, ransomware is a lucrative business for cybercrooks, and CryptoLocker has inspired copycats who want in on the loot.

John Zorabedian looks at ransomware that seems to be filling the void left by CryptoLocker's takedown last month...