With snowstorms expected to wallop the Midwest and Northeast this weekend, many people are dreaming about warm, sunny days at the beach. Fortunate OWASP AppSec California 2019 conference attendees will take to the shores of Santa Monica, Calif., next week for talks and training about all things AppSec and DevSecOps.
NowSecure is pleased to be a platinum sponsor of the event. To get the most out of your visit, check out our recommendations of conference sessions to attend and be sure to stop by Table #9 to say hello to our team.
Your highlights for the week are as follows:
- File explorer vuln exposed files on local network
- Google polices app use of SMS and phone permissions
- Microsoft Outlook Mobile approved for U.S. government
- Malware tied to sensor activates when device moves
- Fortnite vulnerability put player accounts at risk
Subscribe now to receive #MobSec5 updates each Friday in your inbox.
“It turns out that anyone using ES File Explorer can have any file stolen from their device remotely by somebody on the same network. The vulnerability was reported by French security researcher Baptiste Robert, who goes by the online pseudonym ‘Elliot Alderson’ – a reference to the protagonist of the TV show Mr. Robot.”
While this vulnerability has since been fixed, it was a serious one because it allowed anyone on the same network to download a file straight from your phone. Mobile app security testing should be part of any enterprise mobile security program. NowSecure solutions can automatically test mobile apps for network functionality and data at rest to flag security, privacy and compliance flaws for remediation. Get a free 30-day trial today.
“Google is implementing major new Play Store rules for how Android’s ‘SMS’ and ‘Call Log’ permissions are used. New Play Store rules will only allow certain types of apps to request phone call logs and SMS permissions, and any apps that don’t fit into Google’s predetermined use cases will be removed from the Play Store.”
As Ars Technica notes, this development is another example of Google using Play Store to implement a major Android ecosystem change. Last year, Google implemented minimum OS version requirements for mobile apps to force developers to adopt newer Android APIs with additional privacy and security restrictions.
“Microsoft’s Outlook Mobile app for iOS and Android has met security and compliance requirements and is ready for deployment by all U.S. government customers, company officials said on January 15.”
“A strain of malicious software was activated on Android smartphones only when the infected phone was moved, according to research published by security vendor Trend Micro.”
“Check Point Research pointed out multiple vulnerabilities in Epic Games’ Fortnite, which allowed hackers to control the players’ accounts, view their personal information, purchase in-game items through their credit cards, and drop into their in-game conversations.”
If you want to receive #MobSec5 updates each Friday in your inbox, subscribe now.