November has arrived and Daylight Saving Time comes to an end this weekend in the United States. Don’t forget to turn your clocks back one hour before you go to bed Saturday night.
Going backwards is a familiar concept to several of the security researchers here at NowSecure who build tools to reverse engineer mobile apps and devices. Our expert team uncovers vulnerabilities and incorporates their findings into automated mobile appsec testing solutions that help customers close security gaps.
To learn more about the roles and responsibilities of a mobile security researcher, check out this interview with our own Francesco Tamagni.
Your highlights for the week are as follows:
- Malicious app snatches personal credentials for legitimate apps
- Wireless home camera review finds security and privacy vulnerabilities
- Chip disconnects microphone when MacBook lid is closed
- Spyware app exposes customer data in HTML code
- Discover secure Android development best practices for iOS developers.
Subscribe now to receive #MobSec5 updates each Friday in your inbox.
“Security and malware researcher, Lukas Stefanko, published a video yesterday exposing how a malicious app, distributed via Google’s Play Store, steals the sensitive data from unsuspecting users. Disguised as a currency conversion tool, the app (called Easy Rates Converter) is actually designed to snatch your personal credentials for a number of legitimate apps.”
D-Link Camera Poses Data Security Risk, Consumer Reports Finds
“Under some circumstances, a wireless home security camera made by D-Link can transmit unencrypted video across the web, a Consumer Reports investigation has found. That could allow the video to be accessed by strangers.”
The Consumer Reports evaluation of wireless home security cameras from Amazon, Arlo, Canary, D-Link and Nest had mixed results for security and privacy. While the D-Link DCS-2630L security risk was only triggered when viewing the camera through the web rather than the mobile app, users are right to worry about who’s watching and listening. A previous NowSecure assessment of video cameras and their accompanying mobile apps revealed security flaws. To avoid being surveilled by unauthorized third parties, users would be wise to lock down their devices and be cautious about the mobile apps they use.
Xnore spyware app’s poor security lets you see other customers’ texts and call logs
The Download Blog – CNET Download.com
“Because of what these apps can do, and the secretive manner in which they operate, they are strictly banned from the App Store and Google Play Store. Not only that, but the security of the data they collect is routinely weak, exposing texts, call logs, photo galleries, and other highly private data to the general public, if you have an aptitude for HTML code. This is largely because the private data is rarely encrypted or password-protected.”
“In a security pamphlet released after Apple’s press event on Tuesday, the company revealed that the chip will completely cut off access to the device’s microphone when the MacBook lid is shut. ‘This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed,’ the pamphlet reads.'”
Android for iOS Developers: Kotlin Edition 2018
“This book provides an iOS developer’s perspective on Android, using the Kotlin programming language, highlighting the similarities and the major differences between both platforms. The author hopes that these lines will help other developers to jump to the fascinating world of Android using their hard earned iOS knowledge.”
If you want to receive #MobSec5 updates each Friday in your inbox, subscribe now.