Last month researchers demonstrated how a mobile app for Tesla–or any other connected car — can be hacked, enabling criminal hackers to locate, unlock, and potentially steal a Tesla vehicle.
Smartphone, tablet, and other hand-held device sales have skyrocketed in recent years. It’s now critical for businesses to provide a mobile option or experience to customers. Additionally, many companies are even created for the sole purpose of making services and entertainment available to their customers’ fingertips—literally.
Stealing credentials from locked machines shouldn’t work. And yet, it does. The main reason for this is that the operating system automatically loads device drivers if it has access to them. This is true even when a machine is locked. In the case of locked machines, USB Ethernet adapter drivers ship with every major operating system (e.g., Windows, Mac OS X, Linux).
Posted in Mobile Application Security | Comments Off on Stealing authentication tokens from locked machines with a mobile phone
HTTP is a plaintext protocol. As such, it creates inherent security and privacy concerns when used by applications. Apple, for instance has (finally) decided to start treating the secure alternative, HTTPS, as the de facto Web protocol for iOS mobile apps. At WWDC16, Apple pointed out that enabling HTTPS doesn’t necessarily mean that you’re secure. There are many ways in which HTTPS can be improperly configured. Thus, resulting in the use of insecure connections.
Posted in Mobile Application Security | Comments Off on Brace yourselves: Application transport security is coming
iPhone and iPad users should update their iOS software to the latest release version as soon as possible following the disclosure of three dangerous vulnerabilities on Thursday.
Posted in Mobile Application Security | Comments Off on Dangerous iOS flaws patched in emergency update
Roughly 80 percent of all Android devices contain a Linux vulnerability that affect unencrypted communications and allow attackers to hijack data.
Four major security holes have been disclosed affecting the Qualcomm chips in several recent, popular mobile phones.
Posted in Mobile Application Security | Comments Off on Up to 900 million Android phones vulnerable to Qualcomm flaw
Perhaps the number one game app in the world right now, Pokemon GO developers admit their app has too much Google access on iOS devices.
A vulnerability exploiting full disk encryption of Qualcomm-based Android smartphones may have been disclosed to Google more than one year prior to the patch issued last May.
More than a decade’s worth of good deeds were recently memorialized with Microsoft’s announcement that Michael Howard and Steve Lipner’s book The Security Development Lifecycle (PDF) is now available for free online. What a great contribution by Michael, Steve, and Microsoft to the community; and cheers to the continued growth of software and application security as a discipline!