Wi-Fi Direct Vulnerable, iOS Gets an Update, BlackPhone Gets Patched – Mobile Security Weekly

 
How different companies take sometimes very different approaches when addressing security issues is the main focus of this week’s post. On one hand, we have an Android vulnerability that Google might not even deal with. Ohad Bobrov is co-founder and CTO at Lacoon Mobile Security. On the other, a “secure” mobile device that just isn’t secure enough and which needs patching. Finally, Apple has again temporarily addressed Jailbreaking. But if history has taught us anything, the hackers will regain the lead in this never-ending race very soon. Android Wi-Fi Direct Vulnerability Left Open A bug in Android OS, which ...

Threat Advisory – CVE-2014-7911: A New Root Exploit for Android

 
In late November, we sent a customer advisory and published a blog post regarding a new privilege escalation exploit that affects all versions of Android prior to 5.0 (Lollipop). We’d like to update you on the existence of two new Android exploits based on this vulnerability and that were published at the beginning of January. This new Privilege Escalation vulnerability has recently been exploited in the wild by two rooting tools. At this time, this vulnerability is being exploited on two devices, the Sony Xperia Z3 and Z3C,  but it could be exploited on any device running a version of Android older than Lollipop. How does the attack work? ...

Cyber Security Gets A Presidential Nod, Fast Tapping Unlocks LG G3, iOS 8 Adoption Slows – Mobile Security Weekly

 
Ohad Bobrov is co-founder and CTO at Lacoon Mobile Security. When mobile and cyber security get mentioned in the President’s State of the Union address, it’s obvious just how big the threat really is. With both world leaders and Fortune 500 execs realizing just how critical it is for them to keep a much closer watch on their cyber security strategies, we’re definitely in for an exciting 2015. In other news, there’s a surprisingly simple new threat to Android, as well as some interesting new iOS stats. We’ll help you read between the lines. Cyber Security Has Become a Top Issue for Politicians and Executives The dangers of breaches ...

Presto Change-o, Pixel Battery Saver Transforms into Potential Malware

 
Pixel Battery Saver once promised Android users a way to conserve battery life by applying a mesh of darkened pixels to the screen that dim the device display. With over 50,000 downloads, the app enjoyed some modest success, until recently. The developer of Pixel Battery Saver was unable to monetize the app successfully, and instead sold it -- and it’s user base -- to a third party. Last week, the new owner updated the app on Google Play, but when the app was updated on installed devices, it actually became a different app called Complete Virus Protection. Unsuspecting users were left with an unknown and questionable app masquerading as an A/V solution which ...

Google Cuts Android Security Updates, Apple iCloud Wants Your Biometrics – Mobile Security Weekly

 
Ohad Bobrov is co-founder and CTO at Lacoon Mobile Security. This week’s edition focuses on one main story that is rapidly turning into a bit of a nightmare for Google. Thanks to the elevated awareness of security researchers and bloggers, Google’s controversial policies regarding users of older versions of Android are being brought to light. Google Cuts Security Fixes for Older Android Versions Google this week revealed that it will be cutting back on security updates for older versions of Android, leaving millions of existing users vulnerable to a growing number of attacks. Around 60% of Android’s existing user base is on Jelly Bean ...

Free Interview, Copied Fingerprints, and Super Cookies! – Mobile Security Weekly

 
Ohad Bobrov is co-founder and CTO at Lacoon Mobile Security. Despite many of us taking time off for the holidays and the new year, the world of mobile security didn’t take a vacation. In our first weekly summary of 2015 we see another spillover from the Sony hack, of one of the biggest cyber security news events of 2014, as well as a story that raises urgent issues regarding the future of using biometric scanners. Finally, we get a reminder that iOS’s “secure-ness” isn’t always a good thing.   Release of Controversial Movie “The Interview” Inspires Malware Campaign The fallout from the Sony cyber-attack ...

Diving into a Silverlight Exploit and Shellcode – Analysis and Techniques

 
In recent years, exploit-kits have become one of the most common platforms for malware distribution. One of the exploits coming from Infinity exploit-kit exploits a security vulnerability in Microsoft Silverlight. Compared to other technologies like Java, PDF, Flash, etc. – Silverlight exploits are less common. Just to get a rough feeling, according to cvedetails.com, from 2010 to 2014, 15 vulnerabilities were reported for Microsoft Silverlight , while Adobe Acrobat Reader had 268 vulnerabilities, Adobe Flash Player had 321 vulnerabilities; Microsoft Internet Explorer had 392 vulnerabilities and Java with at least 358 vulnerabilities. However, Microsoft Silverlight exploits, ...