Welcome to your weekly dose of mobile security news. This edition includes: Microsoft says Apple ca
|
October 14 · Issue #29 · View online |
|
Welcome to your weekly dose of mobile security news. This edition includes:
- Microsoft says Apple can’t secure iOS and Google can’t secure Android
- A month after QuadRooter patches were released, only 15 percent of Android users had applied them
- Is there such thing as an unhackable mobile device?
Thanks for reading. Have a good weekend, be good, and stay safe.
|
|
Microsoft: 'Apple can no more secure your iPhone than Google can secure Android' | ZDNet
“Given the recent discovery of the Trident malware for iPhones, Microsoft thinks it’s time businesses rethought their unwavering trust in iOS as a controlled ecosystem.”
In a blog post this week discussing the iOS zero-day vulnerabilities targeted in an attempted attack on a human rights activist, Microsoft Corporate VP Brad Anderson wrote, “I know for a fact that all the providers of mobile operating systems go to superhuman lengths to harden their platforms and do everything they can deliver the most secure operating system possible – but this fact also exists in our modern era of digital threats that produce consistent successful attacks despite the incredible efforts of the organizations building these platforms.” We’ve said before that you can’t count on Apple or Google alone to fix mobile security. We find that 25 percent of mobile apps have a high-risk flaw that exposes sensitive data. Enterprises need to invest in securing the mobile apps they develop and assessing third-party apps used by their workforce. NowSecure CEO Andrew Hoog presented a five-step checklist for dealing with vulnerable apps during his webinar “ Leaky Mobile Apps: Stemming the Flood of Private Data,” this week during BrightTALK’s online Privacy and Security Summit.
|
Why an unhackable mobile phone is a complete marketing myth | TechCrunch
“There are tens of millions of lines of software in that phone of yours. There are hundreds of apps written by more than one million developers, some of whom are hackers, and some of whom are just incompetent at security.”
|
WhiteHat Security Partners with NowSecure For Mobile Application Security Testing Solution | Dark Reading
“WhiteHat Security, the only application security provider that combines the best of technology and human intelligence, today announced WhiteHat Sentinel Mobile Express™, a new addition to its mobile application security offerings powered by technology from mobile security solution pioneer NowSecure.”
|
Android Fragmentation Sinks Patching Gains | Threatpost
“Despite security gains within the Android platform – from MediaServer hardening and file-level encryption – Google’s security efforts are still stymied by the nagging problem of fragmentation. For example, only a fraction of phones vulnerable to the QuadRooter vulnerability have received Google’s patches.”
|
Security By Design Podcast | Modev.com
The Security by Design community is a fantastic resource for developers, software architects, and DevOps engineers across all platforms to learn how to make security an integral part of application design and development. This week the group released three episodes of its new weekly podcast on both iTunes and Google Play. Episode three features NowSecure CEO Andrew Hoog discussing why mobile app security is challenging for developers and what they can do to overcome those challenges.
|
PSA: Security vulnerability discovered, update your Experian and myFICO Mobile iOS apps ASAP | 9to5Mac
“In accepting invalid certificates, Experian and myFICO’s applications opened the doors to a vulnerability in which an attacker could grab the user’s credentials when connected to a malicious network.”
|
Why Samsung Abandoned Its Galaxy Note 7 Flagship Phone | The New York Times
“The unprecedented move by the South Korean electronics giant is an embarrassing reversal for a respected global brand.”
|
If you’re returning your Samsung Galaxy Note 7 phone, read this | The Washington Post
“Some owners have reported running into difficulties returning their Samsung phones because of shipping restrictions.”
|
Update: Verizon says its Pixels will get updates at the same time as Google’s | Ars Technica
“Verizon apparently has turned over a new leaf and ‘won’t stand in the way of updates.’”
|
Apple Watch Banned From Cabinet Meetings Over Russian Spy Fears | TechWeek Europe
“Prime minister fears Russians may hack Apple’s smart watch and listen in on sensitive meetings.”
|
Backdoor dubbed Pork Explosion lets attackers go hog wild on Android phones | CIO
“Simply put, Sawyer said, this is a method that allows attackers to completely compromise an affected device over a USB connection, providing full access to the device’s data and offering the ability to unlock the bootloader without modifying user data.”
|
Fix Security Concerns for Better Mobile Adoption Rates | Credit Union Times
“If your credit union wants a higher mobile adoption rate, it must do more to ease security concerns.”
|
Did you enjoy this issue?
|
|
|
|
If you don't want these updates anymore, please unsubscribe here
If you were forwarded this newsletter and you like it, you can subscribe here
|
|
|