The Federal Trade Commission (FTC) recently completed and announced the terms of a settlement with GoldenShore Technologies, a one-man development shop based out of Idaho and creator of the popular “Brightest Flashlight” application for Android. Back in December the FTC, in response to a number of complaints, began investigating the app, which was doing a […]
It should be the goal of every worker to expend less time and energy to achieve a task, while still maintaining, or even increasing, productivity. As an iOS penetration tester, I find myself repeating the same manual tasks for each test. Typing out the same commands to run various tools that are required to help […]
The news regarding the NSA and its British counterpart discussed how the Angry Birds app was targeted as a means to collect personal information about app users. Presumably the agencies were collecting data that the app was already accessing as part of its normal operations. What data is being accessed and should it concern us?
We performed a behavioral analysis on Angry Birds for Android with our mobile application reputation service. Here’s what we found.
It’s easy to be lulled into a false sense of security when you’re using an iphone, but is iOS really the better smartphone operating system when it comes to malware?
According to F-Secure Labs’ latest Mobile Threat Report, malware authors continue to concentrate on the Android platform with 252 new threat families and variant families. The report also shows that 81% of discovered threats are profit motivated. So what does this mean? Most bad guys are still looking for cash with their malware!
Top weather app in Google Play ‘Weather Channel VDO‘ looks to be serving more than the forecast. Capabilities include accessing device and carrier information, and examining account and file system. This app is performing Trojan like-capabilities, downloading a 466 kB file from an IP address listed as a known virus site. Findings also include an association with known adware.
Learn more about Veracode’s mobile application reputation service.
As a pentester, it’s always a different story when we are the ones writing the report. Being on the receiving end is stressful, even more so when you throw compliance into the mix. I figured since I have been fielding questions left and right about what to do when it comes to mobile applications and HIPAA compliance, I would simply write a blog post on the topic.
I like to think about myths as common ideas that seem to perpetuate regardless of the rapid pace of technology change that is part of the modern world. When I’m out talking to folks about securing mobile apps I find that the same ideas about what enterprise security being perpetuated.
Many of the myths that I come across appear to offer panaceas that are comforting to the status quo. The idea that the newest iPhone or Samsung device will automatically make enterprise mobility safe. If enterprise data is encrypted then it is perfectly safe. If we put a wall around our apps and data then no one will be able to get in. These are comforting myths.
One of my national cyber security month activities was participating in an employee awareness day at NYU Langone Medical Center. Kudos to the infosec team for putting on a nice event.
Since the audience was doctors, nurses and students my goal was to present mobile security statistics in a memorable way. I had two slides showing at a very high level how mobile malware works, but one of the main points I wanted to convey was an app doesn’t have to be malware to do you harm.
We know that any type of software is bound to be hacked eventually, but Apple is claiming that nothing will get past its new fingerprint scanning technology. While its security implications far exceed those of a traditional PIN, could a hack of this nature truly be dangerous to high profile individuals? What would a hack like this mean for an enterprise or government agency? In part three of our discussion of Apple’s fingerprint scanning technology for the iPhone 5S, we discuss where these attacks are likely to come from and what this means for your mobile security.
Apple’s Fingerprint Scanner: Claims, Concerns, and Implications – Mobile Device Security Series 2 of 3
Apple’s making a lot of claims about how well they securely store that fingerprint and who can access it and what’s actually being stored. Nobody’s ever been really too deeply verify any of this yet. We do have a few hints from patent filings, from documentation of the company that makes the sensor, documentation of the trust zone technology that Apple says they’re using to store. Apple really put quite a bit of engineering effort into this, so they claim a couple of things.