Safari Bugs Buzzing, South Korea Spie on Teens, Apple Watch Time Out – Mobile Security Weekly
The world of mobile security has been going in many different directions over the last two week. From state-sponsored monitoring tools to Apple Watch security issues, or even more classic problems with iOS security, mobile security certainly never stays still for long as threats grow and spread.
A New Safari Bug Has Buzzed Into Town
Researchers have published details of a serious bug within Safari, both on iOS and OSX. The bug enables attackers to perform address-spoofing to trick Safari users on iPhone, iPad or Mac into thinking they are visiting a known or trusted site, when in fact, their browser is connected to an entirely different address (a malicious credential-stealing site for instance). The bug can be exploited on patched and updated versions of iOS and OSX, and could be employed as part of a large mobile attack.
Why is this Significant?
Some of the more knowledgeable OS X and iOS users may be able to spot an attack if and when an attack is being used against them, but that’s beside the point. The fact that even a small threat exists in such a widely used (and Apple developed) application says a lot about the state of iOS security.
South Korean Lawmakers Say Yes to Spyware on Teen’s Smartphones
A new South Korean law requiring mass installation of spyware on teenagers’ smartphones makes you think that it might not just be North Korea keeping one too many tabs on its citizens.
The Republic of South Korea’s Communications Commission, a media regulator modeled after the US Federal Communications Commission, now requires telecom companies and parents to ensure some form of monitoring app is installed on smartphones used by anybody under the age of 19. Currently, the law is applicable to Android devices only, but Android devices are vastly more popular than iOS in South Korea. There are a range of monitoring tools that do everything from logging how and what the kids use, location data, and look for specific “dangerous” keywords.
Since the law doesn’t actually require old smartphones to be updated, it will take some time before the rules take full hold of the population. It’s worth noting however, that most schools in South Korea sent out letters to parents encouraging them to install the software anyway.
Why is this Significant?
Besides the fact that this is legalized data collection on minors, there’s no telling how this issue will escalate. Most of the criticism is coming from a privacy and free speech perspective, but these tools could also be exploited for other reasons. They could be installed on phones without the owner’s knowledge and be used for data collection against adults too.
Time for a Substantial Apple Watch Security Patch
Apple has patched over a dozen security flaws in its Watch, including FREAK and two vulnerabilities allowing arbitrary code execution. The updates cover a wide range of problems found in Apple’s newest operating system. Before the patch was released, attackers could steal SSL and TLS connections thanks to the acceptance of weak RSA keys and, in some cases, redirect users to attack sites.
Why is this Significant?
We believe this is just the beginning of security faults for the Apple Watch. Even though it’s just a few months old, security issues are springing up constantly. It was almost a given that attackers would find ways to target users and with the watch gaining traction within the market, it won’t be long before Apple Watch use could place enterprises in danger.