Also, big week for our research team with Frida 10.8 release and r2con 2018 announcement. More on these, Twitter’s hashing issues, and other mobile application security highlights including:
- Bored hacker reveals how they hijacked hotel webcam with a smartphone
- Rowhammer “GLitch” attack exposes Android vulnerability to remote attack
- GDPR fine could sink mid-market companies
- BLU Products reaches settlement with FTC over deceptive data practices
- Chinese authorities can retrieve deleted WeChat conversations
- And more!
Thanks for reading. Have a great weekend, be good, and stay safe.
Subscribe now to receive #MobSec5 updates each Friday in your inbox.
Keeping your account secure
“Due to a bug, passwords were written to an internal log before completing the hashing process. We found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.”
Check out some additional tips to best secure your Twitter account moving forward.
“Needless to say, when fined with a minimum of €20 million euros, most mid-market companies will have to seek futile steps, such as abandoning a profitable mobile app or worse — closing down.”
NowSecure products and services include GDPR compliance checks to help protect against vulnerabilities during mobile application development that could lead to hefty fines later. Request a free report, including a GDPR health check, for your app today.
“Since that attack exploits the most fundamental properties of computer hardware, no software patch can fully fix it. And now, for the first time, hackers have found a way to use Rowhammer against Android phones over the internet.”
“Chinese authorities revealed over the weekend that they have the capability of retrieving deleted messages from the almost universally used WeChat app. The admission doesn’t come as a surprise to many, but it’s rare for this type of questionable data collection tactic to be acknowledged publicly.”
Mobile Phone Maker BLU Reaches Settlement with FTC over Deceptive Privacy and Data Security Claims
(Federal Trade Commission)
“In its complaint, the FTC alleges that BLU and its co-owner and President Samuel Ohev-Zion misled consumers by falsely claiming that they limited third-party collection of data from users of BLU’s devices to only information needed to perform requested services.”
At the end of day, 3rd-party libraries may send data to unexpected locations. NowSecure INTEL detects network connections, including locations, during dynamic analysis to help customers know where mobile applications are sending data. Request a free report.
“Welcome back to r2con (5-8 September of 2018) ! Many people enjoyed previous editions, so why not repeat once again? Check the CFP (deadline is end of June) if you want to present.”
Frida 10.8 Released
“Get ready for a major upgrade. This time we have solved our three longest standing limitations – all in one release.”
Hack a webcam with a smartphone
(Medium via @viscido)
“Recently I was on vacation with my girlfriend. One night I couldn’t sleep so I decided to play around with the hotel WiFi, armed of my phone only.”
If you want to receive #MobSec5 updates each Friday in your inbox, subscribe now.