Mobile

(get it in RSS or Atom)

Anatomy of a buffer overflow - Google's "KeyStore" security module for Android

ks-250

Here's a cautionary tale about a bug, courtesy of IBM.

Not that IBM had the bug, just to be clear: Google had the bug, and IBM researchers spotted it.

Apple ships updates, including Snow Leopard (ONLY KIDDING!)‏

apple-250

Apple just published its latest round of updates for iOS, Apple TV, Safari and OS X, including dozens of security fixes.

OS X Snow Leopard users...we're afraid you missed out once again.

Anatomy of an Android SMS virus - watch out for text messages, even from your friends!

slf-logo-250

Paul Ducklin looks into "Andr/SlfMite-A", an Android SMS virus.

The malware sends itself to your top 20 contacts and foists an third party app for an alternative Android software market onto your device...

"Towelroot" app makes it easy to root Galaxy S5 and other locked Androids...

towels-250

Galaxy S5 users will be cheering. System administrators are probably groaning.

Paul Ducklin looks at an Android-era variant of Hamlet's dilemma: "To root or not to root, that is the question."

Is that Google Glass wearer stealing your iPad passcode?

Tablet. Image courtesy of Shutterstock.

What about the one with a smartwatch? Snoopers can catch your code from nearly 10 feet away with Google Glass or Samsung's smartwatch and from almost 150 away using a HD camcorder, thanks to researchers' custom-coded, shadow-tracking recognition algorithm.

SSCC 153: TrueCrypt, Towelroot, Cryptowall, and spam in Canada [PODCAST]

chet-chat-logo-featured-250

Chester Wisniewski and Paul Ducklin present this week's edition of the regular Sophos security podcast, the "Chet Chat."

In this episode: the TrueCrypt saga continues; the Towelroot software for unlocking Androids; ransomware after CryptoLocker; and Canada's long, long, long-awaited anti-spam law.

BoringSSL wants to kill the excitement that led to Heartbleed

Bored girl

Some things just aren't meant to be exciting. In fact some things are supposed to be so far from novelty, surprise and frivolity that any whiff of excitement at all is a bad sign indeed. Introducing Boring SSL...

'Yo' app hacked by college students, hires one of the hackers

'Yo' app hacked by college students

A Georgia Tech student claims he and two roommates were able to get any user's phone number, that they texted the founder (who, he said, called him back), to spam any user, and to send any text they want. Now it looks like one of them will be working for the company.

Privacy and iOS 8, USMS blunder and Cryptowall ransomware - 60 Sec Security [VIDEO]

60ss-video-250

One minute of fun with a serious side...

60 Second Security - 21 June 2014

Google and Microsoft want to kill your phone if it's stolen. Do you feel safer?

Kill switch

The law enforcement group Secure Our Smartphones is claiming victory after Google and Microsoft announced they will add a "kill switch" to their mobile operating systems.

What's next for ransomware? Cryptowall picks up where CryptoLocker left off

Cryptowall-250

With many victims paying up, ransomware is a lucrative business for cybercrooks, and CryptoLocker has inspired copycats who want in on the loot.

John Zorabedian looks at ransomware that seems to be filling the void left by CryptoLocker's takedown last month...

Has Apple killed off location analytics with this simple privacy enhancement?

wifi-location-iphone-250

A small change in iOS 8 will make privacy advocates happy, although it's going to be a tough pill to swallow for mobile marketers.

SSCC 151 - Measuring vulns, Apple and Wi-Fi privacy, Android ransomware and more [PODCAST]

sscc-151-250

It's our weekly security pocast!

Chester Wisniewski and Paul Ducklin dig into the latest security news for lessons we can all learn...

Ransom-taking iPhone hackers busted by Russian authorities

iphone-lock-250

The mystery of the ransom messages from "Oleg Pliss," and the iDevice locking attack that popped up in Australia and the US last month, appears to have been solved.

Feds swoop in, snatch mobile phone tracking records away from ACLU

Feds swoop in, snatch mobile phone tracking records away from ACLU

After the Feds seized the surveillance records, US Marshals then moved the physical records 320 miles away, meaning the ACLU wouldn't be able to learn how, and how extensively, police use snooping devices.

Mobile malware, Gameover, CryptoLocker, and SSL/TLS holes - 60 Sec Security [VIDEO]

2014-06-07-thumb-250

How long has mobile malware been around? Is it really game over for Gameover and CryptoLocker? Which cryptographic security libraries need patching?

It'll only take a minute to find out...

CryptoLocker wannabe "Simplelocker" scrambles your files, holds your Android to ransom

sl-bars-250

"If the crooks keep copying Windows threats that were financially lucrative," you're thinking, "we'll soon see Android ransomware that doesn't just lock your device, but locks up your data instead, or as well."

Guess what?

Facebook's new audio feature won't snoop on us, it says

Not listening. Image courtesy of Shutterstock.

Listening in and identifying your TV and music is opt-in only, Facebook's security head honcho said, and no, he wouldn't want it in his pocket either if it was recording everything going on around him.

SSCC 150 - TrueCrypt, Gameover, CryptoLocker and whither mobile malware? [PODCAST]

sscc150-thumb-250

This week, Chet and Duck dig into the bafflement of the disappearing TrueCrypt encryption software: did it jump, or was it pushed?

They also look at the takedown of Gameover and CryptoLocker, and look into what we can learn from ten years of mobile malware.

Unhappy birthday to you - mobile malware turns 10

10yomm-feat-3-250

It's 10 years since June 2004, when the first mobile malware appeared.

We don't want to *celebrate* this anniversary, you understand, but we thought we'd look back to see what we can learn...