Welcome to #MobSec5.
This week’s edition of the mobile security news that matters includes:
- Apple to hide iMessages in iCloud from itself with iOS 11?
- Questions about Signalling System 7 (SS7) exploit-as-a-service
- Wall Street elites stay mum on mobile
Thanks for reading. Have a great weekend, be good, and stay safe.
Subscribe now to receive #MobSec5 updates each Friday in your inbox.
Apple Is Trying To Make Your iMessages Even More Private
“Apple wants to make its cloud as secure and private as its devices, starting with iMessage.”
“Developers need to make sure they are baking security into the application code and protecting how their apps handle data, but as the so-called HospitalGown security issue shows, they also need to know how the back-end servers and data stores are being configured.”
Some organizations build and host their own mobile app infrastructure. Others use cloud services to manage back-end resources. Either way, app developers have security responsibilities. We provide a five-step plan for securing your mobile app’s back-end infrastructure in our webinar “CYA: Mobile App Security Begins at the Server.”
“For more than a year, a Tor Hidden Service has been offering ongoing access to telecom’s private SS7 network for as little as $500 a month.”
There are doubts that the sellers of this service can actually deliver on their promises. However, there are vulnerabilities in Signaling System 7 (SS7), the protocol that connects the world’s cellular networks, that could allow an attacker to track a mobile phone user’s location and intercept or direct calls and text messages. And in May, a German bank confirmed that attackers had exploited a flaw in SS7 to intercept two-factor authentication codes sent to their customers via SMS.
“If you’re a low-income American, there’s a good chance you have an Android. And unless it’s a newer model, your security could be at risk.”
Nexus 9 vs. Malicious Headphones, Take Two
“In March 2017 we disclosed CVE-2017-0510, a critical vulnerability in Nexus 9, that allowed for quite unique an attack by malicious headphones. Interestingly, its patch was insufficient.”
“We have recently discovered a Trojan Android ad library called Xavier that steals and leaks a user’s information silently.”
U.S. bank bosses succumb to email hoaxer
“Due to concerns about hoaxing and security, a small group of the Wall Street elite refuses to say anything substantive in an email, text or chat, and some will not communicate digitally at all.”
“After years toiling away in secret on a car project, Apple Inc. Chief Executive Officer Tim Cook has for the first time elaborated on the company’s plans in the automotive market.”
Android Things Developer Preview 4.1
(Android Developers Blog)
“Today, we’re releasing a new Developer Preview 4.1 of Android Things, with updates for new supported hardware and bug fixes to the platform. Android Things is Google’s platform to enable Android Developers to create Internet of Things (IoT) devices, and seamlessly scale from prototype to production.”
If you want to receive #MobSec5 updates each Friday in your inbox, subscribe now via the NowSecure Subscription Center.