mobile news

CID warns against “MyPay” application – security breach

The U.S. Army Criminal Investigation Command, commonly referred to as CID, has issued a warning to those who use

Defense Finance Accounting Services.  Users have been accessing their accounts through a 3rd party application called “MyPay”, and it is targeting Army personnel and retirees, to retrieve account information and logins.  The application has been downloaded by up to 50,000 military employees and was being used to access accounts from their mobile device.  It has not been reported that “MyPay” has taken any money, but the CID does not want users to use non-sanctioned applications to access Department of Defense Financial information.
The key to this article is that while “MyPay” was convenient and a good idea for those using Defense Finance Accounting Services, it also compromised military regulations.  The military has a more strict governance of access to information, but military personnel would like the convenience of accessing information on the go.  This was offered by a 3rd party, probably better than the military’s option, and users downloaded and used that instead.  The government needs to produce better “sanctioned” applications in order to please users and be more secure, because if not, the users will access the information through “better” applications.

Android mobile development mobile news

Androids Using Open Wi-Fi May Be Susceptible to Attacks

The issue is mainly with older Android versions having a vulnerability that would allow attacks over an open network. These weaknesses are the result of the widely used programming interface in a lot of apps known as WebView (allows webpages and content to be opened within apps themselves). A lot of apps don’t properly secure the interaction between the phone’s WebView component and the webpage content being downloaded. So, on the same open network, a device can be targeted and hijacked, in the process having malicious code injected and possibly executed by the phone itself. Apparently, devices with version 4.1 and earlier don’t make proper use of SSL; this can allow a hijacker to potentially gain root access to a devices OS. This vulnerability has far reaching effects and stems from Javascript-based programming interfaces. Now, fundamentally, Android’s overall design does help in making such things very difficult, but it cannot eradicate the possibilities for the common user who may not be aware of some of the system’s and apps’ functioning.

Users of 4.2 and later are better protected because of added security enhancements, but the issue at hand largely depends on app developers maintaining good practices when developing and releasing they’re products. Tim Wyatt, a security director at Lookout, has some input to give one the current situation and what needs to be done. Very interesting article.




mobile news

The thumbdrive James Bond would use..

Victorinox, maker of Swiss army knives and other fun gadgets, achieved some Mission Impossible level tech with this newest product. The definition of “mobile security” the Presentation Master offers 256 bit AES hardware/software encryption and thumbprint biometrics for access. It requires living tissue in order to be activated, though I’m sure it could be opened with a similar method to how people are cracking the iPhone 5s/c. The drivers for the finger print reader can be rather picky, but after the initial setup you’ll never have difficulty unlocking it.

The best part about this thing is how it handles those that aren’t meant to be handling it! If someone tries to physically tamper with it, the drive will actually self destruct.
If someone tries a brute force software entry, it will display dummy folders and nonsense, giving the hacker a false and short lived sense of victory, just out of spite.

iOS mobile news

Dropbox’s Email App has Critical Security Flaw

Dropbox recently acquired an email app for the iOS that was found to have a significant security flaw: it will execute any JavaScript code recieved in an email. This means even opening an email through this application could expose your device to any number of attacks. The code needs to be embedded in the body of an HTML-formated email, which is very simple to do. Users are advised to switch to a different email application until the issue has been resolved.

Click here for more information.

iOS mobile news

iOS 7 patches 80 vulnerabilities

While the new UI is the most noticeable aspect of iOS 7 there are some other notable improvements under the hood. Many of these involve problems with security in the previous version of iOS. According to this article from zdnet there were a total of 80 bug fixes. Here are a few issues that the bugs could potentially allow.

  • Malicious code execution
  • Determination of the user’s passcode by an app
  • The ability to persist malicious code execution across reboots
  • background applications could inject user interface events into the foreground application
  • The ability to intercept data protected with IPSec Hybrid Auth
  • A person with physical access to the device may be able to bypass the screen lock
  • Sandboxed apps could send tweets without user interaction or permission
  • Malicious apps could interfere with or control telephony functionality

mobile development mobile news

RingMeMaybe Creates Free Self-Destructing Phone Numbers For iOS

Ever need to post your phone number on a site but felt uncomfortable doing so? Here’s your solution! RingMeMaybe is an application designed to give you a random phone number for a week at a time that you can use for such occasions. The fear of releasing your own personal number is behind us with this application that links your phone number to a random one temporarily.

Read the Article Here

mobile news

Intel Phone Walk


Intel is working on a new security option for smartphones. The demo, which was revealed recently, demonstrates how a smartphone can determine who you are by the way you walk. The rhythm in which you walk is determined by the smartphone’s accelerometer and gyroscope. By saving this information, the phone knows who it’s rightful owner is. However, if someone were to steal the phone, it would automatically detect that the person is not the owner due to their walk. When this happens, the phone will lock automatically on it’s own. It’s a new security device intel is still developing. Hopefully, if released, the device can help with the protection of different smartphones on the market.

mobile development mobile news

Verizon to launch Total Mobile Protection program, for that added sense of security

Verizon is now offering a new mobile protection service that is 10$ a month including access to premium tech support, protection against malware, and insurance to help in case phone gets lost or stolen. The premium tech support gives you shorter wait times, with the help catered to your specific device, while the device protection will be deployed through Verizon’s Mobile Security app.

you can read the entire article here:

disruptive technology mobile development mobile news

Nymi Bracelet uses ECG for Secure Transactions

Nymi is a bracelet that you can use to verify your identity and transactions. It does this using a three factor identification system involving the bracelet, a mobile device and the continuous unique Electrocardiogram (ECG) of the wearer. The device has not gone through a security audit and may be still vulnerable to several types of attack, especially considering it can authorize sales and log in to secure machines. The idea behind this bracelet is tantalizing but a secure reality may still be far away.
Click Here for more information.

Android mobile news

Kaspersky Mobile Security’s ‘Mugshot’ Feature Exposes Phone Thieves

Kaspersky Mobile Security’s ‘Mugshot’ enables owners of lost or stolen Android smartphones to visually identify the unauthorized use of their devices. With the click of a mouse in the web-based control center, users can remotely activate the front-facing camera on their missing smartphone, and the device will secretly begin taking photos. These photos are then automatically emailed to a pre-determined address or can be viewed directly through the web-based control center. If the smartphone has been stolen, the Mugshot tool gives users the opportunity to identify the thief, or if the smartphone is simply missing, users can recognize the phone’s surroundings to track it down.

Read more here:
iOS iPhone mobile news

iOS Not As Secure As We Think

Researchers have broken into an iPhone 4S running the latest version of Apple iOS, making it possible to exploit the same vulnerability in the iPhone 5 that is set for release on Friday.

Because the hacked iPhone was running a developer version of iOS 6, it’s likely the same vulnerability could be used to break into an iPhone 5 or the latest iPad and iPod Touch devices.

WebKit is a layout engine used by browsers to render Web pages. The open source technology is used in the Safari Web browser in iOS and in Google’s Chrome, which recently became the default browser for Android.

The WebKit browser exploit took only a few weeks to make, the researchers told IT World.  Using the malicious code in a website would enable a cybercriminal to bypass the security mechanisms in Safari to gain access to the phone’s data.

“Apple will have to come up with an update and then people need to upgrade as fast as possible,” Pol told IT World.

Android disruptive technology mobile news

Android Hack Allows for Free Public Transportation

Contactless fare cards in the New Jersey and San Francisco transit systems can be manipulated using an Android application, enabling travelers to reset their card balance and travel for free, researchers demonstrated on Thursday during the EUSecWest security conference in Amsterdam.

The NFC (near field communication) smartphone can read the fare card balance, and once the card has been depleted, the users are able to write the initial balance back to the card over and over again.  The app, Ultra Reset, accomplishes this by taking advantage of a flaw found in particular NFC based cards that are used in San Francisco and New Jersey.

Other U.S. cities including Boston, Seattle, Salt Lake City, Chicago and Philadelphia also use a contactless ticketing system and those systems could also be vulnerable for the same technique, they said. Those systems, however, were not tested by the researchers, who said they had not been able to travel everywhere.

The vulnerability could be fixed relatively easy, according to the researchers. Transit companies could use a more secure chip, or adjust their back-end systems to make sure the bits in the cards are turned on when travel units are used, they said.