A group of security enthusiasts, including some leading figures in the IT security industry, have pledged their hard-earned cash toward a bounty for the first hacker who can fool Apple’s new iPhone 5s Touch ID fingerprint scanner using a fingerprint lifted without the owner’s consent. A web site, istouchidhackedyet.com, has been set up to coordinate the campaign, with more than $14,000 in pledges committed (via Twitter posts) from a Who’s Who of the IT security community. The project was the brainchild of Robert David Graham of Errata Security (@ErrataRob) and Nick De Petrillo (@nickdepetrillo) of Crucial Security, who launched the contest and set up the web site to collect donations. Security luminaries from across the globe chipped in funds to build a bounty, including Travis Goodspeed ($50) and Nick Percoco (@c7five) of the security firm Trustwave ($250). The largest single donation – $10,000 – came by way of Arturas Rosenbacher (@arturas) […]
Tag: Apple
iPhone’s Touch ID Gives A Big Boost To Biometrics
Apple Corp. introduced the latest versions of its iPhone mobile phone yesterday to great fanfare, though the fever pitch that was common during the reign of Steve Jobs was noticeably absent. There were a flurry of articles and opinion pieces like this one, wondering whether Apple had lost its mojo, were common. And it goes without saying that if the headline is wondering whether you’ve lost your mojo, then you most certainly have. Still, Apple didn’t disappoint with its iPhone and iOS updates, particularly in the security arena. Indeed, the long-rumored addition of a finger print reader may have been the most prominent new feature in an update where the most prominent changes (a faster, 64-bit processor, higher resolution camera, etc. ) were transparent to the user. So what do you need to know about the new iPhone and its biometric authentication feature? And how will the new iPhone 5S […]
Report: Cell Phone Data, Blackberry Mail Swept Up In NSA’s Net
Sensitive data from every major brand of cell phone can be captured and analyzed by the U.S. National Security Agency, (NSA) according to a report in the German magazine Der Spiegel on Saturday. Citing “top-secret, internal NSA documents viewed by SPIEGEL reporters, the magazine said that NSA security researchers have developed tools to sap contact lists, SMS traffic, notes and location information from popular devices such as Apple’s iPhone, Google’s Android and Blackberry phones, including Blackberry e-mail, a supposedly secure system that is one of the phone’s most trumpeted features. The documents describe a large-scale and well-organized program within the NSA to obtain data from mobile devices, with discrete teams of security analysts working on a specific platform, developing malware that infiltrates the computers the phones “synch” with, and then loads scripts onto the phones that provide access to a range of other features. See Also: Secure e-mail firms […]
Security Lapse Has Tumblr Asking IPhone, IPad Users To Update -Now!
Tumblr, the blogging and content sharing web site issued an urgent warning to those using its mobile application for Apple iPhones and iPads to update their Tumblr application – ASAP – after it was apparently found to be transmitting user names and passwords in the clear. In a blog post on Tuesday, Derek Gottfrid, the Vice President of Product at the New York City-based firm, said that the company had issued an update to the iOS version of Tumblr’s mobile application to fix an issue that allowed Tumblr passwords to be sniffed in transit on certain versions of the iOS Tumblr application for iPhone and iPad. Gottfrid did not explain the reason for the sudden update. However, a report by the UK publication The Register claims that the rush update came after Tumblr was made aware that the iOS versions of its application was not using SSL (Secure Socket Layer) […]
Google Adds Detection For Obad Malware
Just a follow-up to our story from last week on Obad, the new family of mobile malware that affects Google Android devices: In an e-mail to The Security Ledger on Friday, Google acknowledged the existence of the Trojan horse program and has updated its detection tools to be able to identify it. In an e-mail, a Google spokeswoman said that the malware, dubbed “Obad” by Kaspersky Lab, was not found on the company’s Google Play application store. The company added detection for the new malware to its Application Verification Tool, which protects Android users who tried to download it from a third-party application store or browser. Obad, or Backdoor.AndroidOS.Obad.a, is described as a “multi function Trojan” that primarily acts as an SMS Trojan, surreptitiously sending short message service (SMS) messages to premium numbers. It was first described in a blog post by Kaspersky Lab researcher malware researcher Roman Unuchek last week. Unuchek […]
