Weekly Mobile Security News Roundup

 
This week’s blog covers quite a few significant topics. While some broke news around the world (Angry Birds), others might have missed your inbox. • New leaked NSA documents reveal massive data collection from mobile apps. Agencies have been targeting metadata that has been leaking from mainstream apps, such as Angry Birds, Google Maps, Facebook, Flickr, LinkedIn & Twitter. By intercepting this type of traffic, user data ranging from personal details and GPS location to entire messages, is up for grabs. ...

OldBoot: A New Bootkit for Android

 
First mentioned in a Chinese blog post, we’d like to provide more details on the first persistent Android malware. Research revealed a new Bootkit malware, currently the only one of its’ kind, that is already present in over 500,000 android devices in China. It goes by the name: Oldboot. Oldboot appears to install several malicious APKs which then communicate with a C&C server based in China. Essentially, the attacker receives full Root access and permissions and becomes privy to all incoming and outgoing data. Unlike previous similar malware, due to its’ unique presence on the boot partition, it will reinstall itself every time the ...

Weekly Mobile Security News Roundup

 
One story crept under the radar this week - on the face of it, it seemed small but it in fact carries a major significance, both in terms of users’ security awareness and the enterprise’s response. In last week’s roundup, we discussed the disclosure of a serious vulnerability in Starbucks’s iPhone app. The flaw, which existed for at least 6 months before Starbucks found out, and for a further month after they were alerted, caused all of the user’s credentials to be saved as plain text in a local file. In essence, once someone achieved physical or remote access to the device and navigated to the file’s ...

Weekly Mobile Security News Roundup

 
Busy week? We have you covered with the summary of the most important and relevant mobile security news items. 1. Separate researches highlight mobile app vulnerabilities. Whether the apps are financial-oriented or super popular, they leak sensitive data. a. 40 top iOS home banking apps are vulnerable - http://blog.ioactive.com/2014/01/personal-banking-apps-leak-info-through.html?m=1 b. Starbucks’ mobile app stores passwords in clear text - http://threatpost.com/starbucks-app-stores-user-information-passwords-in-clear-text/103649 Why should you care? Your mobile ...

Weekly Mobile Security News Roundup

 
What’s new on the mobile security front? We present the weekly mobile security news round up to keep you updated on the most relevant items. 1. A new botnet that has infected more than 20,000 android devices worldwide has been uncovered. Named “XXXX.apk”, the malware illicitly collects information about the user’s location, nearby wireless hotspots and potentially targets the user’s connection to their PC and home wireless network. http://www.scmagazineuk.com/thousands-of-smartphones-infected-with-spy-malware/article/328207/ Why should you care? In the meanwhile, the malware acts as an information gatherer ...

Weekly Mobile Security News Roundup

 
Happy New Year! As a way to kick-start 2014, we’re going to start releasing a weekly summary of the important events and trends in the Mobile Security world. 1. The latest chapter in the series of NSA leaks, shines new light on the NSA’s methods for collecting material from mobile devices & networks. According to the leak, since 2008, the NSA has had the capability to deploy software implants on Apple's iPhone that grants remote access to various assets such as text messages, location data and microphone audio. Named DROPOUT JEEP, the tool previously required physical access with remote implementation ...