Food for Thought: Mobile Application Security & HIPAA

As a pentester, it’s always a different story when we are the ones writing the report. Being on the receiving end is stressful, even more so when you throw compliance into the mix. I figured since I have been fielding questions left and right about what to do when it comes to mobile applications and HIPAA compliance, I would simply write a blog post on the topic.

Mobile App Privacy Continued…

[UPDATE! April 15: Pandora removes all advertising libraries from its Android and iPhone apps!] The blog post we made earlier this week entitled, Mobile Apps Invading Your Privacy, gives detail around the information being requested by the advertisement libraries embedded inside a popular online radio application. There have been a number of great posts and […]

Mobile Apps Invading Your Privacy

[April 8: We've added some more information in a follow-up post] Background An article in the Wall Street Journal, dated April 5, 2011, disclosed that Federal prosecutors in New Jersey are investigating numerous smart phone application manufacturers for allegedly, illegally obtaining and distributing personal private information to third party advertisement groups. The allegations state that […]

Malicious Mobile Code Meets Exploit Selling

I’ve been focused on conducting research into the mobile spyware arena these last few months and the results have been very interesting. As I’m sure you are aware, I released a fully functional piece of Blackberry Spyware called txsBBSpy at the Shmoocon security conference in February 2010 and have done a number of interviews and […]

Mobile Malware Counterpoints

There have been a lot of great articles written in the wake of my presentation on Mobile Spyware at Shmoocon 2010. Many of them show wonderful insight into the problems that mobile carriers and owners of the mobile applications stores are facing. However, for every handful of great articles, we occasionally come across a technical […]

In Which We Dispel Misconceptions

Some of the media coverage to date has described Tyler Shields’ proof-of-concept spyware as a “BlackBerry hack”, much to our chagrin. In this blog post, we’d like to clarify some of the misconceptions that have surfaced both in the media and in the BlackBerry user community. Feel free to post additional questions in the comments […]

Is Your BlackBerry App Spying on You?

[UPDATE, 2/10/2010: We've written a follow-up blog post to address some of the questions and misconceptions we've been seeing.] Tyler Shields gave a presentation earlier today at ShmooCon 2010 on the threats of mobile spyware, particularly as it relates to data privacy. Smart phones and mobile applications have grown tremendously popular over the past couple […]

Mobile App Security

Neil MacDonald at Gartner asks the question, “Why Don’t Mobile Application Stores Require Security Testing?” I couldn’t agree more that we may be missing an opportunity to bring whitelisting to these new important mobile platforms. We need to leave the “detect and revoke” mentality of the PC world behind as we move to new platforms. […]

BlackBerry Spyware Dissected

Yesterday it was reported by various media outlets that a recent BlackBerry software update from Etisalat (a UAE-based carrier) contained spyware that would intercept emails and text messages and send copies to a central Etisalat server. We decided to take a look to find out more. We’re not sure why the software was delivered in […]

1 2