Welcome to another week of mobile security news that matters! In preparation for Safer Internet Day on February 6, take a moment to consider how improved mobile security practices can make the internet safer, especially for the youngest users out there.
This week’s #MobSec5 includes:
- US soldiers’ routines revealed through Strava’s global heat map of activity
- Debrief from Google on 2017 security in Google Play
- Emergence of malware exploiting Meltdown and Spectre
Thanks for reading. Have a great weekend, be good, and stay safe.
Subscribe now to receive #MobSec5 updates each Friday in your inbox.
U.S. soldiers are revealing sensitive and dangerous information by jogging
(The Washington Post)
“Strava’s Global Heat Map shows where soldiers may be sleeping, exercising, patrolling and eating in some of the most sensitive and secretive military sites in the world.”
A series of mobile apps all built by or connecting with the STRAVA social network have been sharing and publishing activity by geolocation – including what should be highly confidential information about U.S. personnel and military staff locations. Seemingly unbeknownst to soldiers, their FitBits, Garmin, Jawbones, iWatch, AndroidWear, and more have been uploading their aggregated tracking information to STRAVA and then sharing out with the world. Furthermore, this data isn’t actually anonymized as many users probably believed it to be. This incident with STRAVA’s data collection and sharing practices illuminates the need to assess risk associated with mobile apps. On the NowSecure blog, we provide recommendations on how to protect your organization and staff from risks like STRAVA data sharing.
“Oracle has issued a fix, but many Micros systems could still be vulnerable.”
“Google set the record straight on Android security Tuesday, announcing that in 2017 it booted 700,000 apps from Google Play for violating marketplace policies.”
How we fought bad apps and malicious developers in 2017
(Android Developers Blog)
“Last year we’ve more than halved the probability of a user installing a bad app, protecting people and their devices from harm’s way, and making Google Play a more challenging place for those who seek to abuse the app ecosystem for their own gain.”
Malware Exploiting Spectre, Meltdown Flaws Emerges
“Researchers have discovered more than 130 malware samples designed to exploit the recently disclosed Spectre and Meltdown CPU vulnerabilities. While a majority of the samples appear to be in the testing phase, we could soon start seeing attacks.”
“These range from fairly simple to quite advanced in execution – this blog will try to cover each one without getting too bogged down in situation-specific details.”
“While multiple reports suggest Apple has decided to place a greater focus on improving the performance and security of iOS and macOS, which will delay some new features until next year, it appears the company still aims to introduce the ability for Macs to run iPhone and iPad apps later this year.”
“Apple has removed Telegram’s official app from its iOS App Store. The app disappeared yesterday, shortly after Telegram launched a rewritten Telegram X app for Android.”
“The following is a writeup of the analysis of the RAT [remote access trojan].”
If you want to receive #MobSec5 updates each Friday in your inbox, subscribe now.