Software Security

Archive for the 'Mobile Application Security' Category

 

3 presentations you don’t want to miss at AppSec California 2017

The Fourth Annual AppSec California Conference kicks off in one week at the Annenberg Beach House in Santa Monica, California. From January 23-25, security professionals, developers, penetration testers, and QA and testing professionals come together to share their knowledge and experiences about secure systems and secure development methodologies. We’re excited to attend the event as Platinum […]

Continue Reading...

Posted in Application Security, Maturity Model (BSIMM), Mobile Application Security, Security Conference or Event, Software Security Program Development, Threat Modeling | Comments Off on 3 presentations you don’t want to miss at AppSec California 2017

 

Mark your calendar: RSA USA 2017 is almost here

RSA Conference 2017 is taking place at the Moscone Center in San Francisco from February 13-17, 2017. While you’re there, be sure to stop by South Hall booth #1933 where we’ll be hosting prize giveaways, offering product demos, and setting up time to discuss our offerings in more detail. Also stop by to visit us at […]

Continue Reading...

Posted in Application Security, Mobile Application Security, Network Security, Security Conference or Event, Web Application Security | Comments Off on Mark your calendar: RSA USA 2017 is almost here

 

Researchers hijack automotive mobile apps

Last month researchers demonstrated how a mobile app for Tesla–or any other connected car — can be hacked, enabling criminal hackers to locate, unlock, and potentially steal a Tesla vehicle. Researchers from Promon disclosed a vulnerability in the mobile app used by Telsa customers to access their vehicles. According to the researchers this attack is […]

Continue Reading...

Posted in Automotive Security, Mobile Application Security | Comments Off on Researchers hijack automotive mobile apps

 

Here are the top 10 best practices for securing Android apps

Smartphone, tablet, and other hand-held device sales have skyrocketed in recent years. It’s now critical for businesses to provide a mobile option or experience to customers. Additionally, many companies are even created for the sole purpose of making services and entertainment available to their customers’ fingertips—literally. At the same time, software security initiatives must fall […]

Continue Reading...

Posted in Mobile Application Security, Security Training | Comments Off on Here are the top 10 best practices for securing Android apps

 

Stealing authentication tokens from locked machines with a mobile phone

Stealing credentials from locked machines shouldn’t work. And yet, it does. The main reason for this is that the operating system automatically loads device drivers if it has access to them. This is true even when a machine is locked. In the case of locked machines, USB Ethernet adapter drivers ship with every major operating […]

Continue Reading...

Posted in Mobile Application Security, Network Security, Software Security Testing | Comments Off on Stealing authentication tokens from locked machines with a mobile phone

 

Brace yourselves: Application transport security is coming

HTTP is a plaintext protocol. As such, it creates inherent security and privacy concerns when used by applications. Apple, for instance has (finally) decided to start treating the secure alternative, HTTPS, as the de facto Web protocol for iOS mobile apps. At WWDC16, Apple pointed out that enabling HTTPS doesn’t necessarily mean that you’re secure. […]

Continue Reading...

Posted in Mobile Application Security, Software Security Testing | Comments Off on Brace yourselves: Application transport security is coming

 

Dangerous iOS flaws patched in emergency update

iPhone and iPad users should update their iOS software to the latest release version as soon as possible following the disclosure of three dangerous vulnerabilities on Thursday. Researchers from Toronto-based Citizens Lab, working with Lookout, said they had discovered three zero days, vulnerabilities not previously known to Apple or others, which could allow third parties […]

Continue Reading...

Posted in Mobile Application Security | Comments Off on Dangerous iOS flaws patched in emergency update

 

1.4 billion Android devices vulnerable to hijack attacks

Roughly 80 percent of all Android devices contain a Linux vulnerability that affect unencrypted communications and allow attackers to hijack data. The vulnerability is in the design and implementation of RFC 5961, a relatively new Internet standard. Ironically, it’s intended to prevent certain classes of hacking attacks. The way it is written now, an blind […]

Continue Reading...

Posted in Mobile Application Security, Open Source Security | Comments Off on 1.4 billion Android devices vulnerable to hijack attacks

 

Up to 900 million Android phones vulnerable to Qualcomm flaw

Four major security holes have been disclosed affecting the Qualcomm chips in several recent, popular mobile phones. Dubbed “Quadrooter” by researchers at Checkpoint, the quartet of flaws are in the chip firmware. The flaws could allow potential attackers to “trigger privilege escalations for the purpose of gaining root access to a device.” Once an attacker […]

Continue Reading...

Posted in Mobile Application Security | Comments Off on Up to 900 million Android phones vulnerable to Qualcomm flaw

 

iOS Pokemon GO has full access to your Google account (for now)

Perhaps the number one game app in the world right now, Pokemon GO developers admit their app has too much Google access on iOS devices. On Monday, security researcher Adam Reeve posted that iOS-based Pokemon GO players who used their existing Google email account to create a game account may have given the game full […]

Continue Reading...

Posted in Mobile Application Security, Security Risk Assessment | Comments Off on iOS Pokemon GO has full access to your Google account (for now)