Latest News

2019/09/16

Simjacker – Next Generation Spying Over Mobile

The attack begins when a SMS - that we term the Simjacker ‘Attack Message’ - is sent to the targeted handset. This Simjacker Attack Message, sent from another handset, a GSM Modem or a SMS sending account connected to an A2P account, contains a series of SIM Toolkit (STK) instructions, and is specifically crafted to be passed on to the UICC/eUICC (SIM Card) within the device. In order for these instructions to work, the attack exploits the presence of a particular piece of software, called the S@T Browser - that is on the UICC.
2019/09/16

iPhone iOS 13 Lockscreen Bypass Flaw Exposes Contacts

An iPhone lock screen bypass has been discovered that could enable an attacker to access victims’ address books, including their contacts’ names, email addresses, phone numbers, mailing addresses and more.

The hack was first discovered by researcher Jose Rodriguez, an Apple enthusiast based in Spain who has found a slew of previous iPhone bypasses. This latest one could enable someone with physical access to a vulnerable iPhone to bypass the passcode authorization screen, and exists in the beta version of Apple’s soon-to-be-released mobile operating system, iOS 13.
2019/09/09

Android OTA Bug May Have Hit One Billion Users

Security researchers are warning of a new Android vulnerability in the way certain handsets receive over-the-air (OTA) updates, allowing hackers to potentially craft convincing SMS phishing attacks.

Check Point revealed the flaw, which has now been patched by some handset manufacturers, earlier this week.

It claimed that the industry standard for OTA provisioning, the Open Mobile Alliance Client Provisioning (OMA CP), only features limited authentication. As a result, remote agents could exploit this to impersonate network operators in spoof OMA CP messages to users, it claimed
2019/09/09

IoT Security Challenges in a 5G Era: Expert Advice

Experts from Nokia, iboss and Sectigo talk 5G mobile security for internet of things (IoT) devices in this webinar replay.

When it comes to what we can expect with 5G mobile networks, they promise a more IoT friendly ecosystem, with vast improvements over the current capabilities of the 4G. Providing ultra low-latency and exponentially faster throughput (along with sensors that will boast a 10-year battery life) 5G paves the way for new enterprise use cases and applications, including remote telesurgery, self-driving cars, electricity on-demand and more.
2019/08/12

Vulnerabilities in WhatsApp can allow attackers to intercept and manipulate user messages

Researchers from Israeli security company Check Point have identified three attack modes in WhatsApp which can be exploited to intercept and manipulate users’ messages.

Apparently, these security issues were revealed to WhatsApp last year. However, they remain exploitable even after one year.

Stuart Peck, director of the cybersecurity strategy at ZeroDayLab, claims that WhatsApp flaws pose a serious security issue given that it still hasn’t been addressed. He further added that "the integrity of messages received from trusted sources is vital if users are going to trust encrypted messaging services like WhatsApp."
Source: cyware.com