Weekly Mobile Security News Roundup

 
This week’s summary highlights just how varied and dynamic mobile security is becoming. New motives for using malware are appearing and demand attention. Additionally, it’s becoming apparent that the borders between private and work-related use of a mobile device are disappearing. Apple IDs targeted in phishing scam through hacked Electronic Arts servers The servers of video game publisher Electronic Arts have apparently been compromised, with a new phishing page set up with the intend of stealing Apple ID usernames, passwords, and credit card information. The server hosted an outdated calendar that ...

Weekly Mobile Security News Roundup

 
This week’s summary touches on several major security headlines that broke this week. We continue to witness security lapses both by major app developers and by the architects of the operating systems themselves – Google, Apple and now Microsoft. GimmeRAT: Windows Attack Tool implements Android Functionality Winspy, a Remote Access Trojan (RAT) that until now solely targeted Windows machines, has been given Android attack features. This serves as an additional indication that attackers continue to perceive Android as a major target for collecting confidential user data. Researchers discovered the ...

Weekly Mobile Security News Roundup

 
The release of iOS 7.1 can serve as a metaphor for this week’s summary. Perhaps the most substantial part of Apple’s update was a major security patch that dealt with more than 40 issues. The patch addresses a vast range of different security flaws, signifying how diverse the world of malware is. It also says a lot about the security of iOS (presumed to be the more secure of the two main OSs) as well as about the robustness of the major players in the mobile world. Even (or maybe, especially) Apple and Google aren’t invulnerable to malware, let alone the smaller developers. As mentioned, Apple released iOS 7.1 earlier this week. Apple have published the list of security flaws ...

Security Updates in iOS 7.1 – Reading Between the Lines

 
Earlier this week, Apple released iOS7.1. The update contained 46 vulnerabilities, 20 of which deemed to be critical issues. While Apple’s efforts are laudable and should be encouraged, it is important to note that there are two problems that cannot be patched: In the iOS world, IT managers have no visibility into exploits of actual vulnerabilities. There are some inherent key vulnerabilities that do not provide the complete required solution. Although Apple addressed specific related vulnerabilities, these only touch the problem, but not the underlying design issues which cannot be fixed. What are they? ...

Weekly Mobile Security News Roundup

 
This week’s summary sheds light on several emerging trends in the mobile malware world. As it grows and develops, malware is becoming the means to a new end (Crypto-Currency Mining for instance). The second major point focuses on the growing and evolving business of mobile malware – reputation, reliability and innovation are expected and required from malware creators and distributors. Automatic App installation from Google Play poses a substantial risk Android users usually download and install applications via the Google Play store through several interactions with the service - including viewing the app’s ...

Weekly Mobile Security News Roundup

 
In some ways, this week’s summary somewhat highlights the polarity of the mobile security world. With the year’s biggest security conference in the form of RSA finishing today, we can see that while awareness to the severity and size of the issue of mobile security is growing and evolving, so are the threats. A brand new mRAT (Mobile Remote Access Trojan), based on Tor, that targets Android devices has been discovered. The first of its kind, a Tor network client, Orbot, has been modified to act as a malicious bot. It uses the Tor network's .onion proxy servers to disguise the origin and location of its Command and Control ...