Posted by: David Harley | October 24, 2018

Antisocial Android Apps

 for ESET: Banking Trojans continue to surface on Google Play
The malicious apps have all been removed from the official Android store but not before the apps were installed by almost 30,000 users

BuzzFeed: Apps Installed On Millions Of Android Phones Tracked User Behavior To Execute A Multimillion-Dollar Ad Fraud Scheme – “A BuzzFeed News investigation uncovered a sophisticated ad fraud scheme involving more than 125 Android apps and websites, some of which were targeted at kids.”

David Harley

Posted by: David Harley | October 22, 2018

Should Bloomberg retract?

John Gruber cites Amazon Web Services CEO Andy Jassy’s tweet while considering Bloomberg’s decreasingly convincing insistence on the Apple/Amazon/etc. supply chain story: AWS CEO ANDY JASSY: ‘BLOOMBERG SHOULD RETRACT’

I have to agree: Bloomberg’s position is not looking very tenable.

David Harley

Posted by: David Harley | October 19, 2018

Apple and personal data, plus Android issues

ZDNet: Apple to US users: Here’s how you can now see what personal data we hold on you – “Apple’s privacy tools now go beyond Europe, so more now get to download the personal data it has collected….he move brings the four countries in line with Europe, where Apple began offering a simpler way to download a copy of user data in May, just before the EU’s strict GDPR privacy legislation came into effect.”

Less positively:

Security Boulevard: Inside Safari Extensions | Malware’s Golden Key to User Data – “A 2-part series looking at the technology behind macOS browser extensions and how malicious add-ons can steal passwords, banking details and other sensitive user data”

And some Google/Android issues:

  • John E. Dunn for Sophos: Is Google’s Android app unbundling good for security? – “…Google’s licensing compelled device makers to install apps such as Search and Chrome if they wanted to install … the Play Store. In July 2018, the European Commission (EC) concluded this was a ploy to give Google Search a monopoly on Android, fined the company €4.34 billion ($5.1 billion) on anti-trust grounds.”
  • The Register: Decoding the Google Titan, Titan, and Titan M – that last one is the Pixel 3’s security chip – “Chocolate Factory opens lid, just a little, on secure boot and crypto phone coprocessor”

David Harley

Posted by: David Harley | October 17, 2018

Another iOS passcode bypass bug

Hacker News: New iPhone Bug Gives Anyone Access to Your Private Photos – “A security enthusiast who discovered a passcode bypass vulnerability in Apple’s iOS 12 late last month has now dropped another passcode bypass bug that works on the latest iOS 12.0.1 that was released last week.”

See also News update: October 3rd

David Harley

Posted by: David Harley | October 13, 2018

Krebs/Sager interview on supply chain security

Further to the Bloomberg reports previously mentioned here, here’s a fascinating article from Brian Krebs, featuring an interview with Tony Sager. Not at all Apple-specific, but essential reading.

Supply Chain Security 101: An Expert’s View

“Sager said he hadn’t heard anything about Supermicro specifically, but we chatted at length about the challenges of policing the technology supply chain.”

David Harley

« Newer Posts - Older Posts »