NowSecure #MobSec5 - Week of July 31

“In mid-July 2017, we found a new modification of the well-known mobile banking malware family Svpeng – Trojan-Banker.AndroidOS.Svpeng.ae. In this modification, the cybercriminals have added new functionality: it now also works as a keylogger, stealing entered text through the use of accessibility services.”

“While Apple and Android have made strides in creating more secure and robust operating systems, malicious actors continue to pump out new and more deceptive malware. What’s more, security is still not a top priority in app design, with some apps allowing users to store or pass credentials in the clear or by using weak encryption.”

“When it comes to the app onboarding process, users want clarity, security, and ease, according to Clutch’s new survey on mobile app onboarding.”

“BLU is one of many low-end phone manufacturers, known for its dirt-cheap unlocked Android phones. But back in November, a security firm discovered spyware on some BLU phones sold in the United States, prompting Amazon to stop selling the affected devices until the issue was resolved.”

This is the second time Amazon has halted sales of BLU mobile phones due to allegations that the phones violate users’ privacy. Most recently, researchers claim that BLU mobile phones send MAC addresses, IMEIs, phone numbers, cell phone tower IDs, and lists of installed apps to servers in China.

“In this talk I will describe how I used an exploit chain to defeat the Samsung KNOX 2.6 with zero privilege, including KASLR bypassing, DFI bypassing, SELinux fully bypassing and privilege escalation.”

“Lawyers for families of 3 slain Mexican women were sent infection attempts with NSO Group’s spyware after questioning official accounts of the killings.”

“The news highlights law enforcement agencies’ increased interest in using hacking tools and malware, as well as NSO’s efforts to enter the lucrative US market.”

“At I/O this year, we spoke about a refresh to the Nearby Connections API that can provide high bandwidth, low latency, encrypted data transfers between nearby devices in a fully-offline P2P manner. Today we’re announcing the availability of this API across all Android devices running Google Play services 11.0 and up.”

“The world’s most valuable company appears to have pulled down the apps amid China’s deepening crackdown on tools that evade internet controls.”

Apple removed a number of VPN apps from the App Store in China because the apps’ developers didn’t have a government-issued license to operate a VPN. Some were surprised by Apple’s acquiescence in light of the company refusing to help the FBI unlock an iPhone last year. The two situations are different according to Apple CEO Tim Cook who said “In the case of the U.S., the law in the U.S. supported us. It was very clear. In the case of China, the law is very clear there. Like we would if the U.S. changed the law here, we have to abide by them in both cases.”

“We’ve seen the pathetic state of the US electronic voting system exposed, claims of advanced eavesdropping at the Standing Rock camps and elsewhere, killer car washes and the awards for this year’s biggest blunders and best research.”

“After several months of debate, Google has released its final proposal in the case of Symantec’s certificate authority (CA) business. All Symantec-issued certificates must be replaced by the time Google releases Chrome 70 next year.”

“Lawmakers in the U.S. Senate today introduced a bill that would set baseline security standards for the government’s purchase and use of a broad range of Internet-connected devices, including computers, routers and security cameras.”

“Government-sponsored hackers were seen as the biggest threat to cyber security among infosec executives at drug and medical device makers.”

“The Amazon Echo is vulnerable to a physical attack that allows an attacker to gain a root shell on the underlying Linux operating system and install malware without leaving physical evidence of tampering.”

“A U.S. congressional panel this week asked 22 government agencies to share documents on Moscow-based cyber firm Kaspersky Lab, saying its products could be used to carry out ‘nefarious activities against the United States,’ according to letters seen by Reuters.”