Hello & happy new year! Welcome to 2018!
We’re kicking off the year with the latest mobile security news items that matter:
- Nearly all computing devices affected by Spectre and Meltdown
- Trackmageddon enables exposure of sensitive info
- Brain-to-vehicle technology?
Thanks for reading. Have a great weekend, be good, and stay safe.
Subscribe now to receive #MobSec5 updates each Friday in your inbox.
Too Many People Are Still Using ‘Password’ as a Password
“‘Starwars’ was another popular and bad choice for passwords this year.”
“The two flaws, Spectre and Meltdown, are far reaching and impact a wide range of microprocessors used in the past decade in computers and mobile devices including those running Android, Chrome, iOS, Linux, macOS and Windows. While Meltdown only affects Intel processors, Spectre affects chips from Intel, AMD, ARM and others.”
This week, two security flaws surfaced: Spectre and Meltdown. Nearly all computing devices and operating systems are affected, and vendors like Apple and Google have since shared mitigation information for their respective products. Keep an eye out for security patches from these vendors as they become available.
Top 9 Cybersecurity Trends for 2018
(Booz Allen Hamilton)
“We expect to see a litany of new tactics, from indirect supply chain attacks to compromised industrial control systems (ICS), third-party software libraries, and software development kits.”
Many mobile apps depend on third-party libraries. These could contain exploitable vulnerabilities and expose issues in your code, but how would you know if you’re exposed unless you tested the mobile apps? We did a comprehensive analysis of iOS and Android apps and will share what we found on January 23, 2018. >>>REGISTER for the webinar “85% of App Store Apps Fail OWASP Mobile Top 10: Are you exposed?”
“Google removed 22 malicious adware apps ranging from flashlights, call recorders to wifi signal boosters that together were downloaded up to 7.5 million times.”
“The series of vulnerabilities discovered by two security researchers, Vangelis Stykas and Michael Gruhn, who dubbed the bugs as ‘Trackmageddon’ in a report, detailing the key security issues they have encountered in many GPS tracking services.”
Nissan Is Working On a Car That Can Read Your Mind
“No hands? No problem—soon you’ll be able to control a vehicle with your mind.”
“Critical Same Origin Policy Bypass Flaw (CVE-2017-17692) Found in Popular Samsung Internet Browser for Android devices.”
“The new year marked the beginning of yet another Chinese cybersecurity law that could have a big impact on U.S.-based technology companies.”
Android Security Bulletin—January 2018
(Android Open Source Project)
“The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-01-05 or later address all of these issues.”
Botnet’s Huawei Router Exploit Code Now Public
“Exploit code used by the Satori botnet to compromise Huawei routers via a zero-day vulnerability became public last week, researchers have discovered.”
Google Play Boots 3 Fake Bitcoin Wallet Apps
“Google moved quickly to kick three fake bitcoin wallet apps from its Google Play marketplace after researchers discovered them earlier this month.”
If you want to receive #MobSec5 updates each Friday in your inbox, subscribe now via the NowSecure Subscription Center.