Android

(get it in RSS or Atom)

Coinbase wallet app in SSL/TLS SNAFU

Bitcoin digital wallet

The popular Bitcoin wallet Coinbase has a security flaw in its Android apps which could allow an attacker to steal authentication codes and access users' accounts, according to a security researcher.

Coinbase is far from alone in leaving its wallet app users vulnerable, so what should you do to stay safe when using mobile banking apps?

Anatomy of a buffer overflow - Google's "KeyStore" security module for Android

ks-250

Here's a cautionary tale about a bug, courtesy of IBM.

Not that IBM had the bug, just to be clear: Google had the bug, and IBM researchers spotted it.

Anatomy of an Android SMS virus - watch out for text messages, even from your friends!

slf-logo-250

Paul Ducklin looks into "Andr/SlfMite-A", an Android SMS virus.

The malware sends itself to your top 20 contacts and foists an third party app for an alternative Android software market onto your device...

"Towelroot" app makes it easy to root Galaxy S5 and other locked Androids...

towels-250

Galaxy S5 users will be cheering. System administrators are probably groaning.

Paul Ducklin looks at an Android-era variant of Hamlet's dilemma: "To root or not to root, that is the question."

SSCC 153: TrueCrypt, Towelroot, Cryptowall, and spam in Canada [PODCAST]

chet-chat-logo-featured-250

Chester Wisniewski and Paul Ducklin present this week's edition of the regular Sophos security podcast, the "Chet Chat."

In this episode: the TrueCrypt saga continues; the Towelroot software for unlocking Androids; ransomware after CryptoLocker; and Canada's long, long, long-awaited anti-spam law.

What's next for ransomware? Cryptowall picks up where CryptoLocker left off

Cryptowall-250

With many victims paying up, ransomware is a lucrative business for cybercrooks, and CryptoLocker has inspired copycats who want in on the loot.

John Zorabedian looks at ransomware that seems to be filling the void left by CryptoLocker's takedown last month...

SSCC 151 - Measuring vulns, Apple and Wi-Fi privacy, Android ransomware and more [PODCAST]

sscc-151-250

It's our weekly security pocast!

Chester Wisniewski and Paul Ducklin dig into the latest security news for lessons we can all learn...

Mobile malware, Gameover, CryptoLocker, and SSL/TLS holes - 60 Sec Security [VIDEO]

2014-06-07-thumb-250

How long has mobile malware been around? Is it really game over for Gameover and CryptoLocker? Which cryptographic security libraries need patching?

It'll only take a minute to find out...

Latest OpenSSL flaws can lead to information leakage, code execution and DoS

Only two months after the Heartbleed vulnerability in OpenSSL captured global headlines we have another critical update for OpenSSL fixing 6 new flaws.

CryptoLocker wannabe "Simplelocker" scrambles your files, holds your Android to ransom

sl-bars-250

"If the crooks keep copying Windows threats that were financially lucrative," you're thinking, "we'll soon see Android ransomware that doesn't just lock your device, but locks up your data instead, or as well."

Guess what?

Unhappy birthday to you - mobile malware turns 10

10yomm-feat-3-250

It's 10 years since June 2004, when the first mobile malware appeared.

We don't want to *celebrate* this anniversary, you understand, but we thought we'd look back to see what we can learn...

FitzRoy, Oleg Pliss, Spotify and TrueCrypt - 60 Sec Security [VIDEO]

2014-05-31-thumb-250

Did FitzRoy get hacked? Who is Oleg Pliss? What's up with Spotify? Where has TrueCrypt gone?

60 Second Security - 31 May 2014

Yes, your smartphone camera can be used to spy on you...

smartphone-camera-250

A researcher claims to have written an Android app that takes photos and videos using the device camera, even while the screen is turned off - so you wouldn't even know the camera was spying on you.

Spotify warns its Android app users of breach, says to download new version

Spotify logo

Spotify has told users of its music-streaming app for Android to upgrade to a new version, after the company spotted unauthorized access to its systems and internal company data.

Many Spotify users will no doubt be annoyed at the company for the inconvenience, but we think it's worth it for their own security.

Monday review - the hot 26 stories of the week

dow-250

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Android "police warning" ransomware - how to avoid it, and what to do if you get caught

android-police-250

With ransomware like "Koler" making its way to Android, locking your device and demanding $300 to keep you out of trouble with the police, it's important to keep informed about Android threats.

John Zorabedian gives you five tips on how to keep your Android safe...

First Aid for Android: How to unlock your ransomed phone

first-aid-android-250

What do you do when your Android device freezes or locks up so you can't do anything useful...especially if it wants $300 to let you get back to work?

Here's an Android troubleshooting technique for emergencies of this sort...

Monday review - the hot 26 stories of the week

dow-250

Make sure you're up to date with everything we wrote in the last seven days - it's weekly roundup time.

Microsoft devours Nokia and charges ahead with Windows Phone 8.1

microsoft-nokia

Microsoft's multi-billion-dollar deal to acquire the devices arm of mobile phone maker Nokia is finally done, and smartphones under the name Microsoft Mobile will soon be rolling out of Nokia's former factories. But will Windows Phone 8.1 security features help Microsoft make inroads in the enterprise market?

Samsung Galaxy S5 fingerprint reader hacked - it's the iPhone 5s all over again!

samsung_galaxy_s5_fingerprint_scanner-250

The Samsung Galaxy S5 fingerprint scanner can be fooled with wood glue, just like Apple's "Touch ID" sensor in the iPhone 5s.

So why are both Apple and Samsung touting fingerprint scanners as more secure than passwords?