Thursday, March 17, 2016

New holes and exploits put in danger iOS and Android

Today we'll do a special post dedicated to smartphones. It passed a long time since we focused on the security of one of the most important devices of the technological revolution, but today is the day. We are accustomed to see news warning about new smartphone vulnerabilities, so often that many times we ignore them. But today's breaking news is too much: iOS and Android face serious risks.

It's hard to choose the first matter to talk but, for being a great hack, we choose the attack against iOS. It's presented by the Palo Alto people, who baptized it as Acedeceiver: it consists in using Apple DRM mechanism failures to make a Man in the Middle attack when we buy, from our computer with iTunes, in the App Store. The thief intercepts the sell, robs the App authorization code and puts it in another, malicious, which will enter in your computer and, from there, to your smartphone when you download it from the computer.

Bug on Snapdragon

We go now to Android world with serious problems too. TrendLabs has advanced information which will be totally unveiled in the next Hack in The Box conference, about serious failures in the Qualcomm Snapdragon processor, used in thousand million devices, among them Android devices and the Internet of Things. The failure allows to root in an easy and quick way.

Exploit for Stagefright

We keep talking about Android because Israeli researchers ensure they have created an exploit for Stagefright vulnerabilities, discovered last year and which puts in danger millions of Android devices without patching for this failure. Only visiting a malicious website is enough to compromise the smartphone.

Abandoned app 

We finish talking about smartphones, because any precaution is paltry not only with the site we visited or the message we received, but also and above all the apps we installed. A researcher has discovered a database without protection, with details of the registered 198.000 users to get a "dead" iOS app since 2013 but with the database active.

Beware of the network dangers!


Post a Comment