May 09 2021

iPhone Hack Allegedly Used to Spy on China’s Uyghurs

Category: Smart PhoneDISC @ 10:02 pm

U.S. intelligence said that the Chaos iPhone remote takeover exploit was used against the minority ethnic group before Apple could patch the problem.

In 2019, a Chinese security researcher working with the internet security and antivirus company Qihoo 360 unveiled an intricately woven exploit: One that would allegedly let a remote attacker easily jailbreak an iPhone X iOS 12.1. 

The researcher, Qixun Zhao, dubbed the exploit Chaos, for good reason. As this proof-of-concept video allegedly shows, a successful exploit would allow a remote attacker to jailbreak an iPhoneX, with the targeted user none the wiser, allowing the intruder to gain access to a victim’s data, processing power and more. It worked as a drive-by malware download, only requiring that the iPhone user visit a web page containing Qixun’s malicious code. 

It would have made a superb spying tool, seeing how it would let an attacker easily take control of even the newest, most up-to-date iPhones, enabling a snooper to read a victim’s messages and passwords and to track their location in near-real time. 

Source: iPhone Hack Allegedly Used to Spy on China’s Uyghurs

Tags: China’s Uyghurs, iPhone

May 01 2021

Identifying People Through Lack of Cell Phone Use

Category: Cybercrime,Smart PhoneDISC @ 11:46 am
Identifying People Through Lack of Cell Phone Use

But FaĂŻd’s true mentors were the criminals he’d grown up idolizing onscreen. “He had a phenomenal memory,” his brother Abdeslam tells me. “And he was completely immersed in movies.” Abdeslam recalls an eight-year-old RĂ©doine returning home from a matinee of the 1975 French crime film Peur Sur la Ville (released in the U.S. as The Night Caller), starring Jean-Paul Belmondo, and enchanting their mother and his siblings with a scene-by-scene reenactment. “I’d seen the film,” Abdeslam says, “and his version was just as I remembered it.”

his former lawyer, Raphael Chiche, explained on French television in a documentary about Faïd. “He had to create his own methodology. What better way than movies to get inspired and learn the operational modes of criminality?”

The foresight with which FaĂŻd planned these robberies led his associates to give him a nickname—Doc, after Doc McCoy, Steve McQueen’s character in 1972’s The Getaway, a bank robber on the run who, like FaĂŻd, has a preternatural ability to visualize how jobs will play out. McCoy also made a habit of carrying out “thoughtful hits,” FaĂŻd explains to me. “He had to rob in a precise and neat way.” FaĂŻd likewise stresses the neatness of his own robberies. As he puts it, he executed his hits “as gentlemanly as possible.” He wants to be known as a master thief who took careful precautions to avoid acts of violence.

In this entertaining story of French serial criminal Rédoine Faïd and his jailbreaking ways, there’s this bit about cell phone surveillance:

A police notice issued after Fad's July 2018 escape from Rau which launched the largest manhunt in French history.

Tags: cell phones, crime, France, prison escapes, prisons

Feb 28 2021

Why enterprises need rugged devices with integrated endpoint management systems

Category: Laptop Security,Linux Security,Smart Phone,Windows SecurityDISC @ 6:22 pm
Why enterprises need rugged devices with integrated endpoint management systems

Paired longevity solutions in hardware and software

There is a solution to both these issues – durability and security.

Rugged devices are designed specifically for your hardworking enterprise operations. They integrate seamlessly into UEM and MDM platforms, can be trained to only engage with secure networks, and can be geofenced to turn themselves into expensive paperweights if taken off-property.

Rugged devices are not only trusted for their durability and performance, but their security capabilities are also unparalleled when it comes to providing your IT security team with top-down controls over device management and data security.

Their sturdy construction, replaceable shift batteries, and stable software platform ensures that your investment will last for years and will eliminate “down-time” (if used correctly).

What’s more, a survey conducted by Samsung found that employees were not only open to using ruggedized devices, over 90% of respondents currently using rugged tech – and over half of non-user respondents – wanted management to invest more into such devices.

Why enterprises need rugged devices with integrated endpoint management systems

Tags: MDM, UEM

Feb 17 2021

“ScamClub” gang outed for exploiting iPhone browser bug to spew ads

Category: Smart Phone,Web SecurityDISC @ 3:51 pm
“ScamClub” gang outed for exploiting iPhone browser bug to spew ads

Digital ad company Confiant, which claims to “improve the digital marketing experience” for online advertisers by knowing about and getting rid of malicious and unwanted ads, has just published an analysis of a malvertising group it calls ScamClub.

According to Confiant, this group is behind a massive number of those annoying and scammy popup campaigns you will almost certainly have seen, where you visit an apparently honest web page and then get pestered with online surveys.

We’ve warned our readers many times about the risks of online surveys â€“ even ones that don’t obviously or explicitly lead to attempted malware infections.

At best, you will often end up giving away a surprising amount of personal data, typically in return for a minuscule chance of winning a free product (fancy phones, high-value gift cards and games consoles are typically used as lures).

“ScamClub” gang outed for exploiting iPhone browser bug to spew ads

Tags: browser bug

Nov 26 2014

Have you heard about the Pwn Phone 2014?

Category: Hacking,Pen Test,Smart PhoneDISC @ 9:41 am

PwnPhone

by

If you have to undertake vulnerability scans or penetration tests at remote sites as part of your day-to-day activities, having to lug around a laptop and other scanning and penetration testing kit can be a real pain. Having the right tools for the job is crucial.

But how can you ensure you have the right tools for the job and eliminate the need to lug around bulky equipment? The simple answer is the Pwn Phone 2014. This sleek LG Nexus 5 mobile phone doubles as a powerful penetration testing device that makes it easy to evaluate wire, wireless and Bluetooth networks.

The most portable penetration device yet, its custom Android front-end and Kali Linux backend, and comprehensive suite of one-touch penetration tools, render it the ideal choice for pen testers who are on the road or conducting a company or agency walkthrough.

Watch a demonstration of the Pwn Phone in the below video:

Go mobile with the Pwn Phone 2014.

Related articles




Tags: mobile phone, Zero Day Initiative

Feb 05 2013

Is biometric authentication a new standard for Smartphone’s

Category: Smart PhoneDISC @ 5:07 pm

biometric authentication

Biometric device rely on measurement of biological characteristic of an individual such as fingerprinting, hand geometry, voice recognition and Eris pattern. In this post we will discuss if biometric authorization is going to become a standard technology in the future especially the Finger Print technology which matches with loops and whorls of the finger and compare with the stored data template of an individual and when match is found, access is granted.

Issues surrounding biometric authentication

Significant issues when considering biometric technology is counterfeiting, data storage, user acceptance and reliability. The most significant issue of this technology is the integration with existing infrastructure, more specifically integration with network access software. Continue reading “Is biometric authentication a new standard for Smartphone’s”




Tags: Android, Apple, AuthenTec, Biometrics, Fingerprint, Fujitsu, iPhone, Japan

Nov 01 2012

10 reasons to ponder before using your smartphone for banking

Category: Smart PhoneDISC @ 11:55 am


 

Mobile Payment Security

01) There is no clear legislation that sets out your rights to receive a refund if your bank account is fraudulently emptied due to mobile bank app insecurity. The burden of proof seems to be on the user to protect their handset, operating system, software, mobile operator infrastructure and everything else in the “chain” of the transaction.

02) Of course you want to be able to use WiFi hotspots, this means you are in most cases operating on an insecure wireless network. It’s so easy for “bad guys” to sniff the air with a free utility and read your details.

03) Most users have not even set up a basic passcode on their devices (smartphones). Therefore if some gets access to the device, they have potentially access to their bank account.

04)  Most app stores do not test the security of apps. It is very easy for the “bad guys” to put Malware in the apps that can steal information from your device or other apps on your phone/device (e.g. banking app). Or it can happen when the app updates.

05) Most Smartphone device users have not installed security software on their device. Therefore they have less security than comparing to a laptop or PC with security software installed.

06) The average Smartphone users does not regularly perform OS (Operating System) updates. Many of these updates are critical security patches.

07) Due to performance issues, many of the lower cost handset manufacturers are disabling security features in order to improve performance of the device.

08) Malware on the Android platform smartphone alone has gone up over 400% in the last year

09) The technology that keeps apps separate on device does not separate them out into private sandboxes. This means that one app can read the details stored in another app without much difficulty.

10) ) If you check the T&C’s (terms and conditions) from  local  banking app and they may  want you to grant permission for the app to know your phone location (GeoIP).

Related articles




Tags: Android, Geolocation, Malware, Operating system, Personal computer, Security, Smartphone, Wi-Fi

Jan 15 2012

The Mobile Security Show: Improving Mobility Infrastructure Security Standards

Category: Mobile Security,Smart PhoneDISC @ 10:40 pm

For more episodes of The Mobile Security Show, visit http://techchannel.att.com/showpage.cfm?Mobile-Security-Show

A discussion on Mobility Standards moves towards a rousing conversation about mobility and privacy. Originally recorded at NYU Poly on November 16, 2011.

Topic: “Dealing With Exploitable Mobile Device Vulnerabilities”
Hosts:
Veronica Belmont – Technology Video Host
Dino Dai Zovi – Information Security Professional & Researcher

Panelists:
Edward Amoroso, AT&T Inc., Chief Security Officer
Martin Roesch, Sourcefire, Founder and CTO
Uma Chandrashekhar, Bell Labs, Alcatel-Lucent, VP Security, Reliability, & Eco-Environmental Eng.
Justin Cappos, NYU-Poly, Assistant Professor, Computer Science & Engineering




Oct 16 2011

iPhone 4 hackers open password marketplace

Category: Smart PhoneDISC @ 10:09 pm

A huge source of personal data in the palm of your hand – that’s what a smartphone has become nowadays. But all the private information kept on your hi-tech device can easily become public knowledge.
Privacy For Sale: iPhone 4 hackers open password marketplace

Smartphone security: here’s how to start securing smartphones and the data they’re accessing.(Security): An article from: Mobile Business Advisor




Oct 11 2011

California governor allows warrantless search of cell phones

Category: Smart PhoneDISC @ 9:12 pm

Cell phone Sagem my202X ubt

Image via Wikipedia

Here’s another reason to password-protect your mobile phone: California’s governor just recently vetoed a bill that requires a court-ordered warrant in order to search mobile phones upon arrest. This means that if you get arrested in the state of California, the arresting officer can search your smartphone — which gives him access to emails, call logs, texts, location data, banking apps, and more — without needing a warrant.

To Read More on the CNN article….




Tags: Arrest, california, California Supreme Court, CNN, Jerry Brown, Mark Leno, mobile phone, Search warrant

Sep 12 2011

Mobile Malware

Category: Malware,Smart PhoneDISC @ 8:07 pm

Lookout Mobile Security

By Mandira Srivastava

Do you think it is safe to access sensitive data on mobile phone? Do you know that malware can steal valuable information from your phone? As smartphone sales are growing, the development of mobile malware, viruses that penetrate the security system of mobile devices, also increases.

Mobile malware has been around for many years, it has been a problem for computers for a long time and now because of the evolution of the smart phone it has started to hit mobile handsets. Because the smart phones are becoming increasingly more sophisticated and their operating systems are becoming more similar to a computer, it is now possible for them to be infected with malware and it is important for all business owners to be aware of this.

Just like computer malware, mobile malware is installed on your smartphone and will attempt to steal information and data stored on your phone. The information that can be stolen includes documents, passwords, email login details and even credit card details just like on a PC. Mobile malware has increased rapidly during the last year and there is more and more stealth malware appearing. Stealth malware is when the malware is running in the background on the phone without the user being aware of it.

With wireless payment systems and mobile shopping apps becoming more popular it is also possible that the malware will be able to intercept credit card details. Also, text messaging that is sometimes used to send banking codes could be used by the criminals to get sensitive information. If you are considering using a mobile payment system for your business, make sure it is tested and secure.

Malware has been found on all of the current phones and operating systems, including the iPhone and the Android phones.

One of the main ways that the malware can access your phone is through the Wi-Fi networks and Bluetooth. Because the smartphone can easily be connected to wireless networks this can make it easier to download the malware. You can avoid this happening to your phone by only using secure and trusted Wi-Fi networks and by only accepting Bluetooth connections from people whom you know and keeping the Bluetooth switched off when you aren’t using it.

Email has always been a popular target for the hackers and with text messaging being so popular, they have also used this to spread the malware as well as phishing scams to try to steal your identity. It is a good idea to apply the same precautions you use before opening a strange email before opening a suspicious text.

Mobile security is becoming more and more important especially for businesses and it is a good idea to implement some security measures in order to avoid the malware spreading. You can, for example, always use a password for your phone so no one else can use it if it is stolen and only download apps from official sites and not third parties.




Feb 17 2011

RSA conference looks at online vulnerability

Category: cyber security,Smart PhoneDISC @ 5:27 pm

By James Temple

The hottest trends in technology also represent some of the gravest threats to corporate data security.

Mobile devices, social networking and cloud computing are opening up new avenues for both cyber criminals and competitors to access critical business information, according to speakers at this week’s RSA Conference 2011 at San Francisco’s Moscone_Centerand a survey set for release this morning.

The poll of 10,000 security professionals, by Mountain View market research firm Frost & Sullivan, also concluded that corporate technology staffs are frequently ill prepared to deal with many of the new threats presented by these emerging technologies.

“The professionals are really struggling to keep up,” said Rob Ayoub, global program director for information security research at Frost & Sullivan.

  • Mobile: Mobile devices ranked near the top of their security concerns, coming in second behind applications, such as internally developed software and Internet browsers.

    • Businesses face a number of threats from the increasingly common use of smart phones and tablets by their workers, including malicious software that attacks the operating systems, or the simple loss or theft of devices often laden with corporate information.

    Juniper Networks, a sponsor of the RSA conference, presented some eye-catching – if also self-serving – statistics during a session titled “Defend Your Mobile Life.”

    Mark Bauhaus, an executive vice president at Juniper, said that 98 percent of mobile devices like smart phones and tablets aren’t protected with any security software, and that few users set up a password. That’s troublesome, he said, given that:

    — 2 million people in the United States either lost or had their phones stolen last year;

    — 40 percent of people use their smart phone for both personal and business use;

    — 72 percent access sensitive information, including banking, credit card and medical records;

    — 80 percent access their employer’s network over these devices without permission.

    Read more: New Technologies bring new threats

    Mobile devices new threats and countermeasures




    Jan 11 2011

    Biggest mobile malware threat

    Category: Malware,Smart Phone,Web 2.0DISC @ 2:39 pm
    Image representing Facebook as depicted in Cru...
    Image via CrunchBase

    Facebook is biggest mobile malware threat, says security firm
    Researcher claims bad links on Facebook responsible for much higher infection rate that targeted mobile malware

    By Joan Goodchild -CSO

    The biggest mobile infection threat isn’t malware that specifically targets mobile devices, according to new research from security firm BitDefender. Malware that targets Facebook is a far bigger problem for mobile security, the firm claims.

    Spam links on social networks are infecting mobile devices via bad links on Facebook because the worms and other malware are often platform-independent and are widely spread as malware that targets PCs.

    BitDefender officials point to Google statistics, which reveal almost one quarter of Facebook users who fell for a recent scam on the social network did so from their mobile device. The URL that was studied was one that claimed to show users a girl’s Facebook status which got her expelled from school. It generated 28,672 clicks — 24 percent of which originated from mobile platforms. Users who clicked on the link — whether on their PC or mobile device — downloaded a Facebook worm and fell victim to an adword-based money grabbing scheme.

    “When data security researchers focus on finding malware specifically designed for mobile platforms, they lose sight of an important mobile platform threat source — the social network,” said George Petre, BitDefender Threat Intelligence Team Leader.

    Mobile Malware Attacks and Defense

    The Truth About Facebook – Privacy Settings Every Facebook User Should Know, and Much More – The Facts You Should Know




    Tags: facebook, Google, Koobface, Malware, Mobile device, Mobile operating system, Social network, Uniform Resource Locator

    Oct 17 2008

    SmartPhone and Security

    Category: Information Security,Smart PhoneDISC @ 1:53 am

    Mobile spyware is malicious software which is used to spy and control mobile devices (BlackBerry, PDAs, Windows Mobile and Cell Phones). Mobile spyware will not only intercept the message between two devices but also determine the location of the device. Basically, mobile spyware software is installed on a mobile device to spy on them.

    Small businesses are usually not equipped to handle these threats. Just like laptops and desktops – mobile devices need security controls like antivirus, personal firewall, encryption and VPN to provide needed level of protection. Small businesses need to be aware of the security threats, like they might think that they are installing a game, which might very well be a key logger (logs your key strokes) or trojan software.

    [TABLE=6]

    Hackers on the move, WSJ August 11, 2008 by Roger Cheng – where he writes about more companies are letting employees use their personal smart phone at work and the security experts warns about the present threats in the industry. http://online.wsj.com/article/SB121803418845416977.html

    Tips to safeguard your smartphone
    httpv://www.youtube.com/watch?v=S64J4BCCoi4


    (Free Two-Day Shipping from Amazon Prime). Great books




    Tags: antivirus, encryption, hacker, intercept, key logger, malicious, mobile phone, mobile spyware, personal firewall, roger cheng, security controls, security expert, spy, threats, trojan, vpn, wsj

    « Previous Page