Posted by: David Harley | September 18, 2018

Apple to make life easier for law enforcement

Danny Bradbury for Sophos: Apple’s new tool will make it easier for law enforcement to request data – “The company is seeking to streamline the way that it currently services information to government agencies with the new tool, which will be ready by the end of the year. It outlined the plans in a letter, from Apple’s general counsel Kate Adams to US Senator Sheldon Whitehouse of Rhode Island, according to a report from Reuters.”

There are, of course, many known instances of friction between Apple and US government agencies – notably the FBI – over getting access to devices owned by terrorists et al. It will be interesting to see how this plays out in that context. Reuters says that Apple “plans to create an online tool for police to formally request data about its users and to assemble a team to train police about what data can and cannot be obtained from the iPhone maker.”

David Harley

Posted by: David Harley | September 18, 2018

Android Issues

Lucian Constantin for Security Boulevard: New Android Botnet Pops Up on Malware-as-a-Service Market – “The toolkit, dubbed Black Rose Lucy by researchers from security firm Check Point Software Technologies, is made up of a back-end control panel dubbed the Lucy Loader and an Android implant called the Black Rose dropper. The malware was created by a team of Russian speaking developers that Check Point calls the Lucy Gang.”

Betanews: Unless you upgrade to Android Pie, a vulnerability leaves your phone trackable — and Google won’t fix it “The vulnerability (CVE-2018-9489) was revealed in a report from Nightwatch Cybersecurity which warns that it can be used to “uniquely identify and track any Android device” and also to “geolocate users”.”

Zeljka Zorz for Help Net: Scan reveals known open source vulnerabilities in popular Android apps – “Widespread use of unpatched open source code in popular Android apps is causing significant security vulnerabilities, warns the non-profit American Consumer Institute Center for Citizen Research (ACI)…. “Critical vulnerabilities were found in many common applications, including some of the most popular banking, event ticket purchasing and travel apps,” the researchers noted.”

David Harley

Posted by: David Harley | September 17, 2018

Dangers on Safari

…well, not just Safari…


First, how an unfortunate combination of CSS and HTML – the Safari Reaper attack – can crash iOS and/or macOS.


How an attack on Safari can expose you to malicious action such as phishing by spoofing a URL in the address bar:

David Harley

Posted by: David Harley | August 31, 2018

Mobile misery: Android, iOS data leakage

Nightwatch Security: Sensitive Data Exposure via WiFi Broadcasts in Android OS [CVE-2018-9489] – “System broadcasts by Android OS expose information about … WiFi network name, BSSID, local IP addresses, DNS server information and the MAC address.”

Commentary by TechRepublic: Android ‘API breaking’ vulnerability leaks device data, allows user tracking 

Sophos: Hacked stalking app reveals victims’ photos, texts and location info – “TheTruthSpy sells an iOS and Android app that enables someone to spy on someone else’s phone. The software is not available on official app stores and has to be installed on a jailbroken iPhone or via an alternative source on an Android phone.”

Ionut Ilascu for Bleeping Computer: Unsophisticated Android Spyware Monitors Device Sensors – “Tagged BusyGasper by security experts at Kaspersky, the malware stands out through its ability to monitor the various sensors present on the targeted phone. … Kaspersky’s Alexey Firsh writes in the analysis.”

David Harley

Denise Giusto Bilić for ESET: Semi-annual balance of mobile security – “For Android, malware detections were down 27.48% compared to the first half of 2017; for iOS, they decreased 15% compared to the same period last year” At last, some fairly good news in an insecure world?

The Register: We’re all sick of Fortnite, but the flaw found in its downloader is the latest way to attack Android -“Man-in-the-Disk technique able to add malicious files to a device’s external storage”

David Harley

« Newer Posts - Older Posts »