Hello and welcome to this week’s digest of the mobile security news that matters. This issue of #MobSec5 includes:
- Android 8.0 Oreo is here!
- Google Play Store tricked into admitting apps with malware?
- TD Ameritrade tackles security in Facebook Messenger chatbot
- Android app allows wannabe cybercriminals to build ransomware
Thanks for reading. Have a great weekend, be good, and stay safe.
Subscribe now to receive #MobSec5 updates each Friday in your inbox.
“Google releases Android 8.0 Oreo – Here is a list of 11 new security and performance features that makes Android even better.”
On September 14 @ 1pm CT, we’ll be going over the latest security enhancements for Android 8.0 Oreo and iOS 11. Save your seat for the webinar via BrightTALK.
“A security researcher has found that the popular weather app sends private location data without the user’s explicit permission to a firm designed to monetize user locations.”
“In a sign of the soaring demand for zeroday attacks that target software that’s becoming increasingly secure, a market-leading broker is offering serious cash for weaponized exploits that work against Signal, WhatsApp, and other mobile apps that offer confidential messaging or privacy.”
Google Play Store Security Scans Tricked by …Sigh… In-Dev Malware
“Google has yet to remove two apps infected with dangerous malware that are currently still available for download via the official Google Play Store.”
While Google and Apple continue to make security enhancements to their platforms and respective app stores, it is evident that enterprises must take ownership of managing the risk mobile apps pose to their organization. Enterprises can’t rely on Google and Apple to solve for mobile security, but not all is lost. Last month, we launched an early access program for deep, fast, AlwaysOn security analysis of public apps – NowSecure Intelligence. Read on and apply to get access to our database of public app analysis.
Frida 10.5 Released
“We are going to introduce a brand new way to use new CodeWriter APIs, enabling you to weave in your own instructions into the machine code executed by any thread of your choosing. We’re talking lazy dynamic recompilation on a per-thread basis, with precise control of the compilation process.”
“More than 500 Android mobile apps have been removed from Google Play after it was discovered that an embedded advertising SDK could be leveraged to quietly install spyware on devices.”
How TD Ameritrade tackles security in Facebook Messenger chatbot
“The bot, unveiled Tuesday, will require the unit of Toronto-Dominion Bank to work through the privacy and security issues financial firms face whenever they communicate with customers via third-party platforms such as Messenger and Amazon’s Alexa.”
As more companies push the envelope in using tech to reach their customers, regulated industries, such as banking, must learn how mobile apps fall in scope with the different compliance regimes. The privacy and security issues that financial firms face are no joke, so if you need guidance on where to start, check out this webinar where NowSecure Solutions Engineer, Brian Lawrence, shared an overview of the different regulatory requirements as it relates to mobile app security for banking and financial services.
“A ransomware development kit that doesn’t require any coding skills to use is being sold on underground forums. Now, all a wannabe cybercriminal needs to build their own file-locking malware is an Android phone.”
“What a lot of Mac experts will tell you even today is, ‘Macs don’t get viruses… You just need to be careful with what websites you go to. And that’s not really good advice anymore, if it ever was.”
Hacking a Herb Vaporizer to Set Its Temperature Limit From 190C to 6553.5C Remotely
(evilsocket / Simone)
“Here it is, we can read and write stuff with no authentication whatsoever … so, let’s get evil, shall we?”
Tapping Into Your Digital Fingerprint
“The digital fingerprint, as it turns out, may be just as useful as a physical one when it comes to identifying and authenticating individual consumers.”
“Cybercriminals are using Facebook Messenger to spread adware, duping victims by redirecting them to fake versions of popular websites that are tailored to their browser.”
“Researchers have demonstrated how easy it is to hack consumer and industrial robots to do everything from spy to injure in the hopes of waking up vendors that dismiss security in their product cycles.”
If you want to receive #MobSec5 updates each Friday in your inbox, subscribe now via the NowSecure Subscription Center.