Your digest of mobile security news this week includes:
- Bad milk from a Dirty COW
- “Half the Internet” went down at varying points today
- Samsung doesn’t have a sense of humor about the Galaxy Note7
Thanks for reading. Have a great weekend, be good, and stay safe.
This vulnerability impacts numerous technologies including Android-based mobile devices. NowSecure Mobile Security Analyst Sergi Àlvarez i Capilla explained Dirty COW and its impact on mobile devices on the NowSecure blog.
Internet Attack Disrupts Major Websites
(The New York Times)
Many people were frustrated this morning and afternoon because they couldn’t reach sites such as GitHub, Reddit, Twitter, and more. This was the result of a distributed denial of service (DDoS) attack on Dyn Managed DNS. Last month, Bruce Schneier published a warning about just such an attack. At one point, Dyn Chief Strategist Kyle York told the New York Times, “The number and types of attacks, the duration of attacks and the complexity of these attacks are all on the rise.” Brian Krebs reports that the Mirai malware, which enlists Internet of Things (IoT) devices as bots, contributed to the attack. As of Friday evening, Dyn reported on their status page that the incident has been resolved.
DOT Bans All Samsung Galaxy Note7 Phones from Airplanes
(Department of Transportation)
As of Friday, October 14 at 12 p.m. EDT, bringing a Samsung Galaxy Note7 onto an airplane could result in a civil penalty of $179,933 and criminal prosecution resulting in fines, up to 10 years in prison or both. Obviously the DOT and FAA don’t consider the phones a laughing matter. Luckily, you can exchange your Galaxy Note7 at some airports. Samsung isn’t laughing either, apparently filing copyright claims against people posting videos on YouTube of the video game Grand Theft Auto V with a modification that adds exploding Galaxy Note7 devices to players’ arsenal. Here’s perhaps our favorite humorous take on the fiery phones – the fire hazard Halloween costume.
Adding a phone number to your Google account can make it LESS secure
Feds Walk Into A Building, Demand Everyone’s Fingerprints To Open Phones
In his “You can’t change your fingerprint” webinar discussing biometrics and how they affect mobile security, NowSecure CEO Andrew Hoog explained that you can be compelled to provide a fingerprint, but not a passcode/PIN.
Android Developers Blog: Now available: Android 7.1 Developer Preview
(Android Developers Blog)
Nothing Unites Banks Like the Threat of Hackers and Cybercrime
The article quotes Troels Oerting as saying, “The organized crime groups in cyber are sharing much better than we are at the moment. They are sharing methodologies, knowledge, tools, practices—what works and what doesn’t.” The quote drives FireEye Chief Security Strategist Richard Bejtlich “up the wall” because he argues that actually good guys share more than bad guys.
Sign-up to get the #MobSec5 weekly e-mail newsletter in your inbox.