Mobile security threats and prevention
- November 22, 2019
Google expanded its Android bug bounty program to include data exfiltration and lock screen bypass and raised its top prize for a full chain exploit of a Pixel device.
- November 15, 2019
Researchers discovered vulnerabilities in Qualcomm TrustZone that Check Point says could lead to 'unprecedented access' because of the extremely sensitive data stored in mobile secure elements.
- September 05, 2019
Researchers say many -- if not most -- Android smartphones are at risk of SMS-based phishing attacks that trick users into installing malicious OTA provisioning settings.
- August 20, 2019
Security researchers discovered a way to force Bluetooth devices to use easy-to-crack encryption keys, which could lead to man-in-the-middle attacks and information leaks.
- August 08, 2019
Apple announced an expansion of its bug bounty program at Black Hat 2019, including rewards for MacOS vulnerabilities and a $1 million reward for a zero-click iOS exploit.
- July 31, 2019
Google Project Zero researchers disclosed six iOS vulnerabilities, including proof-of-concept code that could allow for attacks requiring no user interaction.
- June 10, 2019
Google detailed the discovery and process of removing Triada malware after a supply chain attack led to backdoors being preinstalled on budget phones in overseas markets.
- May 14, 2019
A zero-day vulnerability in WhatsApp was used in targeted attacks that involved installing spyware on mobile devices, which may be the work of an advanced threat actor.
- February 08, 2019
New bug fix releases for both iOS and macOS include the anticipated FaceTime patch for the serious eavesdropping flaw in group chats as well as fixes for two iOS zero-days.
- January 29, 2019
A new major FaceTime bug can allow someone to hear the other party's audio before they answer the call and the issue was reported to Apple more than a week ago.
- December 31, 2018
Vulnerable dating apps on BYODs pose risks to more than just individual users. Find out what security flaws are common in these apps and what they mean for enterprises.
- December 06, 2018
Soon after the Pegasus spyware was linked to the death of a Mexican journalist, a new lawsuit alleged the NSO Group and its spyware were also linked to the death of a Saudi journalist.
- September 07, 2018
News roundup: An mSpy leak has again exposed millions of customer records on the internet. Plus, the FIDO Alliance launched a biometrics certification, and more.
- August 14, 2018
New research has discovered mobile apps may still store where users have been even after Google location-tracking services have been turned off.
- August 10, 2018
News roundup: New WhatsApp vulnerabilities enabled hackers to alter messages sent in the app. Plus, the PGA was hit with a ransomware attack, and more.
- July 11, 2018
In this week's Risk & Repeat podcast, SearchSecurity editors discuss research that shows some Android apps record video of users' screens without permission or notifications.
- July 06, 2018
News roundup: Academic researchers discover Android apps secretly recording and sharing video of users' screens. Plus, an NSO Group employee lands in hot water, and more.
- July 03, 2018
The RAMpage attack against the Rowhammer vulnerability in Android devices is theoretically possible, but it may be more academic than it is a practical concern, one expert said.
- May 22, 2018
The 'Sun Team' group of North Korean hackers placed malicious apps in the Google Play store to target defectors and steal personal data such as photos, contacts and SMS messages.
- February 09, 2018
News roundup: Apple's highly protected iBoot source code was leaked online. Plus, the U.S. Consumer Financial Protection Bureau stops its Equifax breach investigation, and more.
- November 17, 2017
News roundup: In under a week after its release, researchers were able to bypass the main iPhone X security feature, Face ID. Plus, Microsoft patched a 17-year-old flaw, and more.
- November 15, 2017
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the recent discovery of a fake WhatsApp app in the Google Play Store and what that means for app store security.
- November 08, 2017
The latest security release from Google patched the Android KRACK vulnerability affecting Wi-Fi's WPA2 protocol, but update confusion leaves users unsure if they are safe.
- November 03, 2017
Security researchers competing at Mobile Pwn2Own 2017 used multiple vulnerabilities to hack iOS 11 in order to execute code and win prizes.
- September 29, 2017
Google's Project Zero released a proof-of-concept iOS exploit similar to the Broadpwn Wi-Fi flaw that could allow an attacker to run code or implant a backdoor.
- September 22, 2017
News roundup: Researchers uncovered a large number of iOS app security risks. Plus, Viacom exposed its critical data through a misconfigured AWS S3 bucket, and more.
- September 08, 2017
News roundup: Researchers used the new BootStomp tool to uncover six vulnerabilities in Android bootloaders. Plus, a new wave of AWS S3 bucket data leaks strikes and more.
- July 28, 2017
At Black Hat 2017, Exodus Intelligence researcher Nitay Artenstein unveiled the Broadpwn exploit, which he called the world's first Wi-Fi worm and which puts billions of iOS and Android devices at risk.
- May 11, 2017
Google implemented clickjacking attack mitigations in Android but left a potential avenue for malicious actors that won't be fixed until Android O is released.
- December 28, 2016
A new Android Trojan, 'Switcher,' performs brute-force attacks on wireless routers' default passwords to target DNS server configurations and hack connected devices.
- October 27, 2016
An XNU kernel vulnerability in iOS and macOS was patched after being reported by Google's Project Zero. And hackers at Pwn2Own 2016 cracked the Nexus 6P and iPhone 6s.
- September 30, 2016
In part two of his interview with SearchSecurity, MobileIron's James Plouffe talks about his role as a technical consultant on 'Mr. Robot' and how the show achieves its authenticity.
- September 29, 2016
A new report from MobileIron shows enterprises aren't taking mobile threats seriously enough. MobileIron's James Plouffe explains what that is and what's to be done about it.
- June 03, 2016
Roundup: The new SandJacking attack technique allows attackers with physical access to iOS devices to install rogue apps. Plus, more on medical software security and Privacy Shield obstacles.
- March 21, 2016
Researchers have developed a Stagefright exploit, which could mean hundreds of millions of Android devices are at risk, despite mitigations and an available patch.
- November 10, 2015
Bluebox Security unveiled a troubling study on mobile application threats and also introduced a new product to protect consumer apps on employee-owned devices.
- October 06, 2015
Malicious actors have found new ways to attack non-jailbroken iOS devices, but experts say the YiSpecter iOS malware may not be as dangerous as it sounds.
- October 01, 2015
The Android Stagefright vulnerability has been updated to version 2.0, as the original researcher found the flaw in all versions of Android released to date. Google has promised a fix within days.
- September 25, 2015
News roundup: More fingerprint records were stolen during the OPM breach than originally reported. Plus: the $1 million iOS bounty; DHS CISO calls for harsher phishing policies; Safe Harbor in hot water.
- September 23, 2015
The largest incident of iOS malware found in the Apple App Store has grown exponentially, as researchers find more than 4,000 apps infected. And the attackers may have been inspired by CIA techniques.
- September 21, 2015
For the first time, a large amount of iOS malware has made it past Apple's App Store security controls, potentially affecting hundreds of millions of users.
- September 18, 2015
News roundup: Additional research shows a Cisco router implant affects more devices than originally reported. Plus: Let's Encrypt's first cert issued; Tor in the library; the mitigated (but not fixed) iOS AirDrop vulnerability.
- September 10, 2015
Researchers found advanced CAPTCHA-bypassing malware on Android apps in the official Google Play Store, but Google downplayed the impact.
- August 31, 2015
Qualcomm announced that its next flagship chipset will include Smart Protect, a feature designed for machine learning and zero-day detection on mobile devices.
- August 18, 2015
The Android Stagefright vulnerability continues to put millions of users at risk because Google's first attempt at a patch did not work, and a new fix likely will not come until September.
- August 14, 2015
News roundup: Government email security got pummeled this week with news of hacks, breaches, unlabeled classified data and spying. Plus: Hacking a Corvette via text; Android sandbox bypass flaw; Oracle CSO blogs against reverse-engineering.
- August 13, 2015
Wearables are the next wave of BYO devices infiltrating the enterprise. Domingo Guerra, president and co-founder of Appthority, talked to SearchSecurity at RSA Conference 2015 about how to address the onslaught.
- July 31, 2015
News roundup: New threats add to the Tor anonymity debate, as a new browser aims to take anonymous browsing to the next level. Plus: Android security outlook is bad -- or is it? Also, another Xen host escape flaw and Wassenaar revisions put on hold.
- July 24, 2015
News roundup: A wireless car hack demonstration has pushed vehicle security legislation and DMCA exemptions into the spotlight, and prompted a manufacturer recall. Plus: Hacking Team update; DHS email issues; and smartwatches vulnerable to attack.
- July 17, 2015
News roundup: Are the tides turning on mobile app safety? One white hat hacker's attempt to reverse-engineer the Subway app offers surprising results. Plus: CloudFlare Transparency Report; another call to eliminate RC4; Black Hat attendant survey.
- June 19, 2015
News roundup: Details have emerged about weaknesses in OS X and iOS that allow attackers to upload malware and steal passwords and data. Plus: More jump on HTTPS bandwagon; CSO/CDO salaries increase; 23% of software app components contain flaws.
- May 29, 2015
As the global smartphone market slows, it's becoming readily apparent that the rise of smartphone security threats isn't slowing -- and no OS is safe.
- May 08, 2015
News roundup: Contradicting mobile malware statistics published this year prove the mobile malware debate is alive and well. Plus: SAP vulnerabilities; spam-sending Linux malware; criminal attacks leading healthcare threat.
- April 06, 2015
Google's first Android Security Report claims that malware on the platform was found on fewer than 1% of devices in 2014, but experts question if the ecosystem is really as safe as it has ever been.
- March 25, 2015
The Ponemon Institute says enterprises are devoting millions of dollars to mobile application development, but barely any of the money is focused on security.
- March 06, 2015
News roundup: Bug bounty programs can offer big rewards to researchers, unless Adobe is handing out the prizes. Plus: Signal 2.0 encryption app; app cloning risk increasing; Angler adopts 'domain shadowing' capability.
- February 20, 2015
Exclusive: VerSprite research on 10 alternative Android browsers has found at least one major security vulnerability in all of them, posing a significant security risk for enterprise Android users.
- January 19, 2015
WebView vulnerabilities in older versions of Android are putting the majority of Android devices at risk. Google will not provide patches, forcing enterprises to determine the risk posed by unpatched Android devices.
- January 09, 2015
Video: Mobile malware expert Chester Wisniewski of Sophos says most enterprises need not fear mobile malware today, but Android malware is a growing threat.
- December 05, 2014
News roundup: The industry is losing the battle against hidden malware, finding it in unlikely places from sandboxes to e-cigarettes. Plus: Richard Clarke's security tips for CEOs; data loss and downtime cost companies big; and are cheap tablets ...
- October 01, 2014
Zeus malware is back with a new target -- mobile devices. Expert Nick Lewis explains how Zeus-in-the-mobile differs from traditional Zeus and how to defend against it.
- September 19, 2014
News roundup: Rogue cell phone towers are popping up across the United States, heightening enterprise communication and data privacy concerns. Plus: Goodwill breach update; Adobe patches released; and security in 2025.
- August 21, 2014
A vendor report found that while mobile malware may receive more attention, unrestrained mobile app data collection actually poses a greater risk to consumers and data security.
- August 01, 2014
News roundup: The 'Fake ID' flaw on Android devices allows malicious apps to impersonate trusted ones, putting confidential data at risk and reigniting BYOD security concerns.
- July 23, 2014
While BlackBerry's CEO touts the mobile platform's security features, experts question whether the advantage over iOS and Android still exists.
- April 16, 2014
Though millions of Android devices could contain the Heartbleed OpenSSL vulnerability, experts say the risk to Android users may not be that great.
- March 18, 2014
Vendors may hype the Android malware threat, but data indicates the Android security ecosystem has kept Android malware at bay.
- February 11, 2014
NBC's report on hacking in Russia stretched the truth, experts said, but travelers who ignore business data security basics face risks everywhere.
- February 03, 2014
What is mobile malware? HP says detection rates among mobile AV vendors vary greatly as experts struggle to define malicious activity in apps.
- November 13, 2013
A new study has found that most vulnerabilities in Android smartphones from Samsung, HTC, LG, Sony and Google were put there by manufacturers.
- October 18, 2012
Public Wi-Fi usage has gone up significantly in the past year, and many people are using insecure hotspots to access work information.
- October 18, 2012
Some say the Android malware problem is out of hand, and it appears Google is taking additional steps to block attacks in its Google Play store.
- September 19, 2012
Security is failing to gain a priority in the rush to build and test mobile applications, according to a study by Capgemini.
- September 10, 2012
Cybercriminals use Anime character Anaru to lure users into downloading an app that collects personal information, Symantec says.
- September 06, 2012
As many as six million people have encountered malware during the last 12 months, according to mobile security firm Lookout.
- September 05, 2012
Nearly all new mobile malware was directed at the Android platform in the second quarter of 2012, according to the latest McAfee threat report.
- August 15, 2012
More than half of businesses are using BYOD, and nearly three-quarters believe the benefits of mobility outweigh the risks, according to a new survey.
- August 08, 2012
Device loss tops a growing list of concerns, but the potential for malware and data leakage fuels interest in platforms to control personal devices.
- August 07, 2012
The most serious Android mobile malware uses SMS premium messages to make cybercriminals money, a tried and true attack method.
- July 26, 2012
Mobile apps collect a myriad of data sources from contacts to location information and could also be accessing sensitive enterprise data.
- July 26, 2012
Researcher Charlie Miller says Near Field Communication or NFC security issues open a huge attack surface on smartphones.
- May 23, 2012
Project will share data on malware targeting the Android platform. It has collected 1,200 Android malware samples.
- May 16, 2012
At Information Security Decisions 2012, Dan Guido put the mobile malware focus on the Android security model and Google’s mobile app vetting process.
- May 03, 2012
For the first time, cybercriminals are using compromised websites to conduct drive-by attacks targeting Google Android users.
- April 27, 2012
Reverse engineering mobile apps help pen testers find weaknesses and hidden malware, but the various mobile platforms and different versions make automation difficult, according to one expert.
- March 20, 2012
Analyst says move is important step in addressing the need for mobile application control and document management capabilities.
- February 25, 2012
Firm led by well-known security experts George Kurtz and Dmitri Alperovitch will focus on defending against targeted attacks.
- January 27, 2012
More than a dozen malicious Android applications on the Android Market contain a hidden Trojan that can steal information, download more files and display advertisements on the device.
- January 27, 2012
Mobile application supports Android smartphones and tablets with virus scanning and protection from Web threats and SMS attacks.
- December 28, 2011
The increase in smartphones and other mobile devices has fueled demand for IT security pros with mobile app security and networking skills, say several cybersecurity career experts.
- December 13, 2011
A developer uploaded more than a dozen cloned games, wrapping them in code that caused device owners to accrue expensive text messaging charges to premium numbers.
- December 09, 2011
Experts share their 2012 mobile security threat predictions.
- December 07, 2011
Malware authors are just beginning to target popular mobile platforms, and experts say enterprises need to gain control of the devices connecting to the corporate network.
- November 18, 2011
Opinion: BlackBerry security has been a boon to enterprises, and unless security pros help save the platform, enterprise mobile security will suffer.
- October 11, 2011
Malware and other attack techniques targeting Google Android smartphones are unlikely until cybercriminals figure out how to monetize attacks, according to Symantec.
- October 06, 2011
Trend Micro Inc. has uncovered a new Android malware variant that uses a blog site with encrypted content as its command-and-control server and disguises itself as an e-book reader app.
- September 22, 2011
With rising adoption of more powerful smartphones, mobile carriers are increasingly being held responsible for protecting sensitive data.
- September 08, 2011
Cybercriminals are increasingly targeting Android devices with crimeware that is actively communicating with multiple criminal command-and-control servers.
- August 25, 2011
Does your enterprise have an Android security policy? Senior Site Editor Eric B. Parizo says the growing number of Android Trojans now demand it.
- August 23, 2011
McAfee says Google’s Android platform has become the most popular target for mobile malware developers, outpacing Java Micro Edition and Symbian.