NowSecure #MobSec5 - Week of Oct. 10

“Given the recent discovery of the Trident malware for iPhones, Microsoft thinks it’s time businesses rethought their unwavering trust in iOS as a controlled ecosystem.”

In a blog post this week discussing the iOS zero-day vulnerabilities targeted in an attempted attack on a human rights activist, Microsoft Corporate VP Brad Anderson wrote, “I know for a fact that all the providers of mobile operating systems go to superhuman lengths to harden their platforms and do everything they can deliver the most secure operating system possible – but this fact also exists in our modern era of digital threats that produce consistent successful attacks despite the incredible efforts of the organizations building these platforms.” We’ve said before that you can’t count on Apple or Google alone to fix mobile security. We find that 25 percent of mobile apps have a high-risk flaw that exposes sensitive data. Enterprises need to invest in securing the mobile apps they develop and assessing third-party apps used by their workforce. NowSecure CEO Andrew Hoog presented a five-step checklist for dealing with vulnerable apps during his webinar “Leaky Mobile Apps: Stemming the Flood of Private Data,” this week during BrightTALK’s online Privacy and Security Summit.

“There are tens of millions of lines of software in that phone of yours. There are hundreds of apps written by more than one million developers, some of whom are hackers, and some of whom are just incompetent at security.”

“WhiteHat Security, the only application security provider that combines the best of technology and human intelligence, today announced WhiteHat Sentinel Mobile Express™, a new addition to its mobile application security offerings powered by technology from mobile security solution pioneer NowSecure.”

“Despite security gains within the Android platform – from MediaServer hardening and file-level encryption – Google’s security efforts are still stymied by the nagging problem of fragmentation. For example, only a fraction of phones vulnerable to the QuadRooter vulnerability have received Google’s patches.”

“In accepting invalid certificates, Experian and myFICO’s applications opened the doors to a vulnerability in which an attacker could grab the user’s credentials when connected to a malicious network.”

“The unprecedented move by the South Korean electronics giant is an embarrassing reversal for a respected global brand.”

“Some owners have reported running into difficulties returning their Samsung phones because of shipping restrictions.”

“Verizon apparently has turned over a new leaf and ‘won’t stand in the way of updates.’”

“Prime minister fears Russians may hack Apple’s smart watch and listen in on sensitive meetings.”

“Simply put, Sawyer said, this is a method that allows attackers to completely compromise an affected device over a USB connection, providing full access to the device’s data and offering the ability to unlock the bootloader without modifying user data.”

“If your credit union wants a higher mobile adoption rate, it must do more to ease security concerns.”