Welcome to your RSA Conference Eve edition of #MobSec5, which includes:
- A number of remote-code-execution and privilege-elevation vulnerabilities in this month’s Android Security bulletin
- So really, which is more secure — Android or iOS?
- Samsung batteries continue to burn: “Nothing to see here. Please disperse.”
If you’ll be there, come see NowSecure at RSA Conference 2017 at booth N3334 in the North Expo Hall.
Thanks for reading. Have a great weekend, be good, and stay safe.
Android Security Bulletin—February 2017
(Android Open Source Project)
“The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.”
This month’s security update is packed with patches for critical- and high-severity remote-code-execution and elevation-of-privileges vulnerabilities – a nasty combination. As always, the bulletin states “Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.” Unfortunately, statistics published by Google this week show that only 1.2 percent of users have updated to the latest version of Android.
Enterprise Android Vs iOS: Which is More Secure?
“The answer is not as simple as you think. A mobile security expert parses the pros and cons.”
Both Google and Apple continue to enhance the security of their mobile platforms. But it’s naive to think that anything – let alone Android or iOS – will ever be 100 percent secure. And sometimes Google’s/Apple’s well-intentioned efforts actually make it harder for defenders and incident responders to detect and contain a mobile security incident. NowSecure CEO Andrew Hoog will explain the pros and cons of those security enhancements and introduce his free/open-source ios-triage tool that helps overcome some of those obstacles during his RSA Conference 2017 presentation “How Android and iOS Security Enhancements Complicate Threat Detection” next week. Save your seat now for this highly anticipated talk.
“Recent research suggests that many VPNs for Android have privacy and security flaws, and the problem of choosing a reliable VPN goes even further.”
More mobile VPN apps on Google Play do harm than do good is the conclusion drawn by an analysis of 283 mobile VPN apps on the store.
The Promise & Peril Of The App Era
“Sure, apps are convenient. But when not properly assessed, they can cause security holes.”
Popular hacker warkit Metasploit now hacks hardware and cars
“Popular offensive hacking toolkit Metasploit now works on hardware, including cars, after a major update to the 13-year old platform.”
“A new industry consortium publishes a manifesto it hopes will foster cooperation on the security of autonomous vehicles.”
Why mobile will determine the future of IT
“The increased use of mobile devices in the enterprise means IT must pay close attention to security and assess the risks.”
This article makes the case for using mobile device management (MDM) technology to protect against mobile threats. MDM can help reduce certain mobile risks, but it’s only part of a comprehensive mobile security program – not a cure-all. Motivated attackers can bypass MDM protections and MDM technology itself can be exploited. You also need a strategy for getting visibility into the security posture of the apps employees install on their devices, both internally developed apps and those from third parties, via mobile app security testing. For more about what to look for in mobile app security testing solutions, download the free evaluation guide we published this week.
“…the St. Petersburg team transmits a list of timing markers to a custom app on the operative’s phone; those markers cause the handset to vibrate roughly 0.25 seconds before the operative should press the spin button.”
Lifting the (Hyper) Visor: Bypassing Samsung’s Real-Time Kernel Protection
(Google Project Zero)
“Traditionally, the operating system’s kernel is the last security boundary standing between an attacker and full control over a target system. As such, additional care must be taken in order to ensure the integrity of the kernel.”
“Actuator driver has multiple functions freeing up the same memory which may cause a double free. This may cause device memory corruption or reset.”
“The Galaxy S4, in its day, was a pretty capable smartphone. However, with its fourth birthday fast approaching, its update period has long since passed. No matter to T-Mobile, though; the company has just pushed the latest February 2017 security patches to it and the older Galaxy Tab 3… but they’re still on Android 4.4 KitKat.”
“A fire broke out at Samsung SDI Co Ltd factory in China, where Galaxy 8 production is, caused by faulty Note 7 batteries.”
SSL Kill Switch and the iOS 10 Network Stack
“After doing some investigation, I discovered that the network stack on iOS 10 has changed significantly compared to iOS 9, and I will describe in this post what has changed, why it affected SSL Kill Switch, and how I fixed it.”
P.S. If you want to receive #MobSec5 updates each Friday in your inbox, subscribe now via the NowSecure Subscription Center.