Android

Ahead of Apple’s Announcement: The Security Implications of Wearables | Trend Micro

The world’s attention will be focused on Apple this week and on the topic of wearables. In an event on Tuesday, the Cupertino company is planning to unveil the latest additions to its popular iPhone line along with a wearable device that most folks are just calling the ‘iWatch.’ But as Apple wrestles with the security of its growing stable of mobile devices and the cloud infrastructure that supports them, what will the impact of wearables be? Well, the folks over at Trend Micro are putting together a series of blog posts that look at that very question. Namely: the (information) security implications of wearables. It makes for some interesting reading. Among other things, Trend There are three very broad categories that we can use to describe what we are talking about. The posts, by Senior Threat Researcher David Sancho, break down the wearables space into three categories:  ‘IN’ devices like sensors, ‘OUT’ […]

Continue Reading

Report: Android Shield Adds Invisible Encryption To Mobile Apps

Wired reports on a team from Georgia Tech that has designed software that acts as an overlay on Android smartphones’ communication applications, encrypting communications to and from those apps, while mimicking their user interface. The researchers describe the technology as a “transparent window” over apps that prevents unencrypted messages from leaving the user’s device. “The window acts as a proxy between the user and the app. But the beauty of it is that users feel like they’re interacting with the original app without much, if any, change,” says Wenke Lee, the Georgia Tech professor who led the developers. “Our goal is to make security that’s as easy as air. You just breathe and don’t even think about it.” The researchers call their prototype Mimesis Aegis, or M-Aegis, Latin for “mimicry shield.” They plan to present their research at the Usenix Security conference this week. Read more via Wired: This Android Shield Could […]

Continue Reading

Security Experts call for Action on Connected Auto Safety

A non-profit group that represents prominent computer security researchers has issued an open letter to the automotive industry calling for more collaboration on cyber security issues. The group, I Am The Cavalry said the automotive industry needs to elevate cyber security to put it on par with other vehicle safety issues. The announcement, on Friday at DEF CON 22 in Las Vegas – an annual hacker conference – included a letter to CEOs in the automotive industry, calling for the adoption of “five key capabilities that create a baseline for safety relating to the computer systems in cars.” The letter asks for safety to be built into the design of computer systems in vehicles. “Increasing reliance on computer systems and internet connectivity in cars is opening up a whole new area of consumer risk, much of which is still being investigated and understood,” the group said. “Modern cars are computers […]

Continue Reading
Redbend-Samsung

Vulnerable Mobile Software Management Tool Reaches Into IoT

You could be forgiven for never having heard of Red Bend Software. The company is small – just 250 employees- and privately held. Red Bend’s headquarters is a suite of offices in a nondescript office park in Waltham, Massachusetts, just off Route 128 – America’s “Silicon Highway.” But the company’s small profile belies a big footprint in the world of mobile devices. Since 2005, more than 2 billion devices running the company’s mobile management software have been sold worldwide. Today, the Red Bend is believed to control between 70 and 90 percent of the market for mobile software management (MSM) technology, which carriers use to service mobile devices. The software enables mobile carriers to do critical tasks, including firmware-over-the-air (FOTA) software updates, mobile device configuration and other on-device changes.  Red Bend counts many of the world’s leading companies in the mobile, enterprise and manufacturing sectors as clients, including Intel, Qualcomm, Samsung, Sharp, LG, Sony, Huawei, China Mobile and Lenovo. For the most part, Red […]

Continue Reading
FAKEID Logo

Old Apache Code at Root of Android FakeID Mess

A four year-old vulnerability in an open source component that is a critical part of Google’s Android mobile operating system could leave mobile devices that use it susceptible to attack, according to researchers at the firm Bluebox Security. The vulnerability was disclosed on Tuesday. It affects devices running Android versions 2.1 to 4.4 (“KitKat”), according to a statement released by Bluebox. According to Bluebox, the vulnerability was introduced to Android by way of the open source Apache Harmony module. It affects Android’s verification of digital signatures that are used to vouch for the identity of mobile applications, according to Jeff Forristal, Bluebox’s CTO. He will be presenting details about the FakeID vulnerability at the Black Hat Briefings security conference in Las Vegas next week.

Continue Reading
1 5 6 7 8 9 17