Users of 4.2 and later are better protected because of added security enhancements, but the issue at hand largely depends on app developers maintaining good practices when developing and releasing they’re products. Tim Wyatt, a security director at Lookout, has some input to give one the current situation and what needs to be done. Very interesting article.
Victorinox, maker of Swiss army knives and other fun gadgets, achieved some Mission Impossible level tech with this newest product. The definition of “mobile security” the Presentation Master offers 256 bit AES hardware/software encryption and thumbprint biometrics for access. It requires living tissue in order to be activated, though I’m sure it could be opened with a similar method to how people are cracking the iPhone 5s/c. The drivers for the finger print reader can be rather picky, but after the initial setup you’ll never have difficulty unlocking it.
The best part about this thing is how it handles those that aren’t meant to be handling it! If someone tries to physically tamper with it, the drive will actually self destruct.
If someone tries a brute force software entry, it will display dummy folders and nonsense, giving the hacker a false and short lived sense of victory, just out of spite.
Click here for more information.
While the new UI is the most noticeable aspect of iOS 7 there are some other notable improvements under the hood. Many of these involve problems with security in the previous version of iOS. According to this article from zdnet there were a total of 80 bug fixes. Here are a few issues that the bugs could potentially allow.
- Malicious code execution
- Determination of the user’s passcode by an app
- The ability to persist malicious code execution across reboots
- background applications could inject user interface events into the foreground application
- The ability to intercept data protected with IPSec Hybrid Auth
- A person with physical access to the device may be able to bypass the screen lock
- Sandboxed apps could send tweets without user interaction or permission
- Malicious apps could interfere with or control telephony functionality
Ever need to post your phone number on a site but felt uncomfortable doing so? Here’s your solution! RingMeMaybe is an application designed to give you a random phone number for a week at a time that you can use for such occasions. The fear of releasing your own personal number is behind us with this application that links your phone number to a random one temporarily.
Intel is working on a new security option for smartphones. The demo, which was revealed recently, demonstrates how a smartphone can determine who you are by the way you walk. The rhythm in which you walk is determined by the smartphone’s accelerometer and gyroscope. By saving this information, the phone knows who it’s rightful owner is. However, if someone were to steal the phone, it would automatically detect that the person is not the owner due to their walk. When this happens, the phone will lock automatically on it’s own. It’s a new security device intel is still developing. Hopefully, if released, the device can help with the protection of different smartphones on the market.
Verizon is now offering a new mobile protection service that is 10$ a month including access to premium tech support, protection against malware, and insurance to help in case phone gets lost or stolen. The premium tech support gives you shorter wait times, with the help catered to your specific device, while the device protection will be deployed through Verizon’s Mobile Security app.
you can read the entire article here: http://www.techhive.com/article/2048645/verizon-to-launch-total-mobile-protection-program-for-that-added-sense-of-security.html
Nymi is a bracelet that you can use to verify your identity and transactions. It does this using a three factor identification system involving the bracelet, a mobile device and the continuous unique Electrocardiogram (ECG) of the wearer. The device has not gone through a security audit and may be still vulnerable to several types of attack, especially considering it can authorize sales and log in to secure machines. The idea behind this bracelet is tantalizing but a secure reality may still be far away.
Click Here for more information.
Kaspersky Mobile Security’s ‘Mugshot’ enables owners of lost or stolen Android smartphones to visually identify the unauthorized use of their devices. With the click of a mouse in the web-based control center, users can remotely activate the front-facing camera on their missing smartphone, and the device will secretly begin taking photos. These photos are then automatically emailed to a pre-determined address or can be viewed directly through the web-based control center. If the smartphone has been stolen, the Mugshot tool gives users the opportunity to identify the thief, or if the smartphone is simply missing, users can recognize the phone’s surroundings to track it down.
Researchers have broken into an iPhone 4S running the latest version of Apple iOS, making it possible to exploit the same vulnerability in the iPhone 5 that is set for release on Friday.
Because the hacked iPhone was running a developer version of iOS 6, it’s likely the same vulnerability could be used to break into an iPhone 5 or the latest iPad and iPod Touch devices.
WebKit is a layout engine used by browsers to render Web pages. The open source technology is used in the Safari Web browser in iOS and in Google’s Chrome, which recently became the default browser for Android.
The WebKit browser exploit took only a few weeks to make, the researchers told IT World. Using the malicious code in a website would enable a cybercriminal to bypass the security mechanisms in Safari to gain access to the phone’s data.
“Apple will have to come up with an update and then people need to upgrade as fast as possible,” Pol told IT World.
Contactless fare cards in the New Jersey and San Francisco transit systems can be manipulated using an Android application, enabling travelers to reset their card balance and travel for free, researchers demonstrated on Thursday during the EUSecWest security conference in Amsterdam.
The NFC (near field communication) smartphone can read the fare card balance, and once the card has been depleted, the users are able to write the initial balance back to the card over and over again. The app, Ultra Reset, accomplishes this by taking advantage of a flaw found in particular NFC based cards that are used in San Francisco and New Jersey.
Other U.S. cities including Boston, Seattle, Salt Lake City, Chicago and Philadelphia also use a contactless ticketing system and those systems could also be vulnerable for the same technique, they said. Those systems, however, were not tested by the researchers, who said they had not been able to travel everywhere.
The vulnerability could be fixed relatively easy, according to the researchers. Transit companies could use a more secure chip, or adjust their back-end systems to make sure the bits in the cards are turned on when travel units are used, they said.