This week’s #MobSec5 includes these topics and more!
- Fast casual restaurant bungles vulnerability response
- Heads up, adware disguised as security apps
- Mapping apps look to include accessibility details
- Healthcare communications increasingly mobile, HIPAA concerns remain
- iOS 12 ETA, Android and Apple April security updates
- And more!
Thanks for reading. Have a great weekend, be good, and stay safe.
Subscribe now to receive #MobSec5 updates each Friday in your inbox.
No, Panera Bread Doesn’t Take Security Seriously
(Medium via @djhoulihan)
“Despite an explicit acknowledgement of the issue and a promise to fix it, Panera Bread sat on the vulnerability and, as far as I can tell, did nothing about it for eight months.”
It’s uncertain why Panera Bread did not heed the initial vuln report nor why it took 8 months and a heavy dose of public shaming to bring about action, but it is certain the security community and their hard work aiding corporations protect personal data should never be taken for granted… or ignored.
iOS 12: Everything We Know
“iOS 12, likely coming this fall, will focus on performance and quality improvements, along with new features like cross-platform iOS and Mac apps.”
Beware ad slingers thinly disguised as security apps
“ESET researchers have analyzed a newly discovered set of apps on Google Play, Google’s official Android app store, that pose as security applications. Instead of security, all they provide is unwanted ads and ineffective pseudo-security.”
Not all apps are created equal – even security apps deployed on the official mobile app stores. When the general public can’t even trust the security of security apps, it’s clear that all mobile apps should be vetted prior to being used. NowSecure INTEL continuously monitors the security posture of mobile apps on the Apple App Store and Google Play. Request a free NowSecure INTEL report here.
Stealing Credit Cards from FUZE via Bluetooth
“After receiving a FUZE Card from @MBHbox (his blog), I decided to take a careful look at it. In the process, I X-rayed the card, fully reverse engineered its Bluetooth protocol, and found a security vulnerability that allows credit card numbers to be stolen via Bluetooth (CVE-2018-9119).”
“Just about every CISO talked about the fact that mobility and cloud have obliterated the old network perimeter. As a result, many organizations are looking at identity and data security as evolving perimeters. While CISOs are prioritizing identity and data security, these topics get little more than lip service at RSA (although they may be jammed into GDPR-specific sessions). SOAPA, business risk, and changing security perimeters.”
Going to RSA and interested in learning more about mobile application security? Drop by NowSecure’s booth (#3229) or book a private meeting with a member of our team. Also, check out NowSecure’s RSA 2018 Insider’s Guide and Top 10 Recommended Sessions covering mobile, IoT, advanced security, and more.
“One reason for the uptick in healthcare mobile adoption is new standards put in place by the U.S. Centers for Medicare and Medicaid Services (CMS). CMS moved from a Medicaid and Medicare reimbursement model based on meaningful use of electronic healthcare records to a value-based care model that reimburses hospitals based on the level of quality, cost effectiveness and patient engagement.”
“In all, Google’s April security update includes 28 fixes; nine rated critical and 19 rated high. Seven of the critical vulnerabilities were tied to the Android OS directly. Each Qualcomm and Broadcom component maker fixed a critical bug.”
US suspects cellphone spying devices in DC
“The devices work by tricking mobile devices into locking onto them instead of legitimate cell towers, revealing the exact location of a particular cellphone. More sophisticated versions can eavesdrop on calls by forcing phones to step down to older, unencrypted 2G wireless technology. Some attempt to plant malware.”
While the mobile security threat these devices pose should be taken very seriously, our team had a light-hearted discussion around the retro look and feel of these spy machines. Wonder if these spies like their martinis shaken, not stirred?
“‘It’s like playing the lottery,’ said Michele Lee, a 35-year-old wheelchair user living in Chicago. Lee has moved about via wheelchair for the last 15 years following a spinal cord injury from a car accident. ‘You never know whether train stations have working elevators or if sidewalks are free of construction or whether the restaurant I want to go to has an accessible bathroom.'”
If you want to receive #MobSec5 updates each Friday in your inbox, subscribe now.