The summer days may have been long but not lazy this week for the security community in Las Vegas. Sin City was the place to be as Black Hat wrapped and DEF CON continues through the weekend.
It’s indeed been a busy week in the world of mobile application security, so let’s get to it. Here are your highlights from this week:
- Pentagon restricts wearable tech geolocation use by deployed troops
- Bypassing Google Play makes Fortnite an even bigger boon for hackers
- Snap removed leaked source code of its iOS Snapchat app from GitHub
- Google serves up security enhancements in Android 9 Pie
- West Virginia will pilot mobile voting for troops serving overseas
- Healthcare IoT programs require hardened cyberdefenses
- Research shows North Korea malware reuses code
- Apple says iPhones don’t record while listening for Siri commands
- And More!
Subscribe now to receive #MobSec5 updates each Friday in your inbox.
Fitbits and fitness-tracking devices banned for deployed troops
“The rapidly evolving market of devices, applications, and services with geolocation capabilities presents a significant risk to the Department of Defense personnel on and off duty, and to our military operations globally,” the Pentagon said in a statement accompanying the new smart device policy.”
The wearable tech policy had been under review since Strava released a heat map that revealed the location and patrol routes of military locations around the world. However, data collection and social sharing present risks to the average citizen, too – read NowSecure’s insight about how to protect yourself and your organization.
“A wider release will come next month but Fortnite’s developer has decided to not make the popular game available through Google Play, meaning Android users could be more exposed to online scammers seeking to make a profit with fake versions.”
Snapchat Source Code Leaked and Posted to GitHub
“Earlier this year, Snap—the company behind social media network Snapchat—exposed some of the source code of the network’s iOS app, Snap confirmed to Motherboard on Tuesday. After someone archived that exposed code on GitHub, Snap told GitHub to remove the data with a copyright act request, Snap told Motherboard.”
“Android 9 is designed to take better advantage of the hardware-level security enhancements—such as strong encryption and tamper resistant modules—that are becoming available on modern smartphones and tablets. Among other things it allows administrators to require different PINs for accessing work and personal profiles on the device and to implement policies for preventing data sharing between work and personal apps.”
Looking to learn what else is sweet about Android Pie? Join the NowSecure webinar on August 23 to hear about the latest security enhancements.
“The state’s decision to pioneer mobile voting comes even as the United States grapples with Russian interference in its elections. A recent federal indictment outlined Russia’s attempts to hack US voting infrastructure during the 2016 presidential race, and US intelligence agencies have warned of Russian attempts to interfere with the upcoming midterm election.”
As app and IoT device use rises, so do security concerns
(Health Data Management)
“An app or IoT device program should not be put in place until appropriate intrusion detection tools, malware protection and auditing processes are established, warns John Halamka, MD, chief information officer at Beth Israel Deaconess Medical Center.”
Organizations in all types of industries can find expert help building secure mobile programs with with NowSecure’s complement of services for penetration testing, program development and training.
“North Korea uses old products for a ton of its own internal security. But the extent to which malware and hacking tools are connected – and the degree of overlap – is certainly noteworthy. It will be a boon to security researchers, law enforcement and the intelligence community to detect and thwart attacks in the years to come, the researchers said.”
Apple Says iPhones Do Not Listen in on Users
“In the letter, Apple also said that it requires users to explicitly approve microphone access and that third-party apps have to display a signal that the app is listening in. The company also stated that it has removed apps from its App Store if they violate its privacy rules, but wouldn’t say whether any developers were banned.”
If you want to receive #MobSec5 updates each Friday in your inbox, subscribe now.