NowSecure #MobSec5 - Week of July 9th

“Ironically, Steve Jobs was firmly against the idea of iPhones running third-party software – as Walter Isaacson wrote in his acclaimed Jobs biography, the Apple co-founder ‘didn’t want outsiders to create applications for the iPhone that could mess it up, infect it with viruses or pollute its integrity.’ ”

Steve Jobs’ initial concern of allowing third-party software into the iPhone ecosystem was prudent, even if end-user demands made it unrealistic. As we celebrate a decade of App Store this week, click here for data regarding what types of mobile app risks and vulnerabilities NowSecure still finds most frequently.  

“In social engineering attacks the victim is tricked into clicking accept or giving the attacker physical access to a device. This campaign is of note since the malware goes to great lengths to replace specific mobile apps for data interception. Talos has worked closely with Apple on countering this threat. Apple had already actioned 3 certificates associated with this actor when Talos reached out, and quickly moved to action the two others once Talos tied them to the threat.”

“The research also found that the efficiency in identifying an incident and the speed of the response has a huge impact on its overall cost. On average, it took companies 197 days to identify a data beach and 69 days to contain it.”

“Today, Apple released iOS 11.4.1 for iPhones and iPads—a small update that fixes a couple bugs and introduces a new security feature. This is the fifteenth update since iOS 11 released last September. It’s available to the same devices as iOS 11.4—the iPhone 5S and later, the iPad Air and later, the iPad mini 2 and later, and 2015 iPod touch.”

“Lawmakers are pondering what can be done to improve the complex vulnerabilities disclosure process, which involves spreading enough word among vendors to address a bug but not so much as to risk leaking information before patches are ready.”

“Gu and his team analyzed 10,000 mobile apps and found that many of them are open to web API hijacking—something that potentially affects the privacy and security of tens of millions of business users and consumers globally.”

“Over the last three weeks, I studied Sophie’s phone use patterns along with mine. After determining the apps that we spent extraordinary amounts of time on — Sophie spent hours each day chatting with friends on Snapchat, and I wasted too much of my life reading Twitter — I placed a few time limits on each of us.”