Software Integrity Blog

Archive for the 'Mobile Application Security' Category

 

Is a career in application security consulting right for you?

In January 2016, Forbes announced that there were one million job openings in cyber security. The shortage of talent has continued to mount while demand is expected to increase to six million globally by 2019. You may be intrigued by the idea of security consulting but aren’t sure how to transition or break through. If […]

Continue Reading...

Posted in Mobile Application Security, Web Application Security

 

Researchers hijack automotive mobile apps

Last month researchers demonstrated how a mobile app for Tesla–or any other connected car — can be hacked, enabling criminal hackers to locate, unlock, and potentially steal a Tesla vehicle. Researchers from Promon disclosed a vulnerability in the mobile app used by Telsa customers to access their vehicles. According to the researchers this attack is […]

Continue Reading...

Posted in Automotive Security, Mobile Application Security

 

Here are the top 10 best practices for securing Android apps

Smartphone, tablet, and other hand-held device sales have skyrocketed in recent years. It’s now critical for businesses to provide a mobile option or experience to customers. Additionally, many companies are even created for the sole purpose of making services and entertainment available to their customers’ fingertips—literally. At the same time, software security initiatives must fall […]

Continue Reading...

Posted in Mobile Application Security, Security Training

 

Stealing authentication tokens from locked machines with a mobile phone

Stealing credentials from locked machines shouldn’t work. And yet, it does. The main reason for this is that the operating system automatically loads device drivers if it has access to them. This is true even when a machine is locked. In the case of locked machines, USB Ethernet adapter drivers ship with every major operating […]

Continue Reading...

Posted in Mobile Application Security

 

Brace yourselves: Application transport security is coming

HTTP is a plaintext protocol. As such, it creates inherent security and privacy concerns when used by applications. Apple, for instance has (finally) decided to start treating the secure alternative, HTTPS, as the de facto Web protocol for iOS mobile apps. At WWDC16, Apple pointed out that enabling HTTPS doesn’t necessarily mean that you’re secure. […]

Continue Reading...

Posted in Mobile Application Security

 

Dangerous iOS flaws patched in emergency update

iPhone and iPad users should update their iOS software to the latest release version as soon as possible following the disclosure of three dangerous vulnerabilities on Thursday. Researchers from Toronto-based Citizens Lab, working with Lookout, said they had discovered three zero days, vulnerabilities not previously known to Apple or others, which could allow third parties […]

Continue Reading...

Posted in Mobile Application Security

 

1.4 billion Android devices vulnerable to hijack attacks

Roughly 80 percent of all Android devices contain a Linux vulnerability that affect unencrypted communications and allow attackers to hijack data. The vulnerability is in the design and implementation of RFC 5961, a relatively new Internet standard. Ironically, it’s intended to prevent certain classes of hacking attacks. The way it is written now, an blind […]

Continue Reading...

Posted in Mobile Application Security, Open Source Security

 

Up to 900 million Android phones vulnerable to Qualcomm flaw

Four major security holes have been disclosed affecting the Qualcomm chips in several recent, popular mobile phones. Dubbed “QuadRooter” by researchers at Checkpoint, the quartet of flaws are in the chip firmware. The flaws could allow potential attackers to “trigger privilege escalations for the purpose of gaining root access to a device.” Once an attacker […]

Continue Reading...

Posted in Mobile Application Security

 

iOS Pokemon GO has full access to your Google account (for now)

Perhaps the number one game app in the world right now, Pokemon GO developers admit their app has too much Google access on iOS devices. On Monday, security researcher Adam Reeve posted that iOS-based Pokemon GO players who used their existing Google email account to create a game account may have given the game full […]

Continue Reading...

Posted in Mobile Application Security, Software Architecture and Design

 

Android full-disk encryption flaw may have been previously known to Google

A vulnerability exploiting full disk encryption of Qualcomm-based Android smartphones may have been disclosed to Google more than one year prior to the patch issued last May. A vulnerability exploiting full disk encryption of Qualcomm-based Android smartphones may have been disclosed to Google up to one year prior to the patch issued last May. In […]

Continue Reading...

Posted in Mobile Application Security, Software Architecture and Design