Android ‘Fake ID’ can Impersonate your Trusted Apps

 
Google bug 13678484, aka Android ‘Fake ID’, was just disclosed. What is this vulnerability all about? In a nutshell, this vulnerability enables a threat actor to compromise specific applications or sensitive device data by falsifying its identity. As a result, a threat actor can either access app data, access private NFC payment data or obtain device management capabilities. Customers of Lacoon Mobile Security are secure against the threat of exploiting this vulnerability. Lacoon has been aware of this vulnerability and has had a solution for it for some time now. Threat Walk-Through What would an attack exploiting ...

Mobile Security Weekly – Trust Issues

 
Three items populate this week’s news summary. The one thing they have in common is the element of trust. Apple is in danger of losing users’ trust - it seems to be intentionally hiding things that might put them in danger. Users are also being made aware that they need to think long and hard before trusting the sites and services they use - whether it’s a banking site or a message from the “F.B.I”. Apple confirms “backdoors” exist in iOS. Following a knowledge base article discussing hidden services that run on iOS, Apple have essentially admitted that they have left what can only be described as backdoors in iOS for their ...

In 2014, No Country is Safe from Mobile Threats

 
If you have been reading recent malware studies and articles, you may have noticed that many different different countries have been named as the ones “most targeted” or with the “most new mobile threats”: Great Britain has the highest level of mobile malware “...Russia number one target for global mobile malware in 2013” Other research has shown that in the second half of 2013, 75 percent of the reports originated from Saudi Arabia and India. Other articles name Vietnam and Ukraine as among the countries with the most mobile malware Rather than proving that one country ...

Mobile Security Weekly – Applenterprise ?

 
This week’s news focuses on the business of mobile. Unlike most weeks, where we touch on a new strain of mobile malware or a new vulnerability - this week presents a different point of view on mobile security. It’s critical to keep up to date with this sort of events, as in the long run they will undoubtedly impact all aspects of mobile security in the enterprise. IBM Deal Could Help Apple Become An Integral Part Of Enterprise Infrastructure Apple has announced a strategic partnership with IBM that will see the enterprise giant transfer over 150 of their enterprise and IT apps and tools to ...

Mobile Security Weekly – Have we seen the last of KNOX? (Update – 20th July)

 
Android takes the lead in mobile security news this week. With major decisions being made regarding how Google views the future of Android security, they’ve received another big wakeup call - between 60-70% of Android devices are vulnerable to a substantial vulnerability. iOS users also discovered another blow to their security this week. Several months ago, our researchers at Lacoon Security discovered a vulnerability in the Gmail iOS app which enables a threat actor to perform a Man-in-the-Middle attack - and by doing so, view, and even modify, encrypted communications. As mentioned, we’ve released a ...

Security Disclosure: Google’s iOS Gmail App Potential Target for Threat Actors

 
As part of our ongoing research into Apple’s iOS environment, we analyze mobile apps from various perspectives. During a routine analysis of the Gmail iOS app we unexpectedly came across a vulnerability which enables a threat actor that is performing a Man-in-the-Middle attack to view, and even modify, encrypted communications. Secure  Mobile Communications 101 In general, secure communications rely on encryption, i.e. SSL, between an app and the back-end server to prevent prying eyes from seeing into content during transmit. The problem with using just SSL is that a threat actor can impersonate the back-end server ...

Mobile Security Weekly – Threats are Everywhere

 
This week’s issue contains four entirely different but all highly volatile mobile security threats. New vulnerabilities and threat vectors are rapidly appearing. These aren’t small issues either - they potentially place millions of devices and users in danger and all need receive due attention. ...

Is Android Fragmentation making the OS as fragile as glass?

 
What is fragmentation and how does it affect the security of the Android-based devices? Join our podcast here. Dan Koretsky, our sr. security researcher at Lacoon Security, provides a brief overview of Android fragmentation and its implications on enterprise security. For those that prefer the written word, here’s a short summary. Android: The liberal, open source and diverse world that Google has created has allowed a technological version of Darwinian evolution that makes the best platforms and versions even stronger while at the same time killing off the weaker ones. The most commonly used ...