Security News

Cellebrite's forensic applications do not include the type of security protections one would expect from a parsing software, which renders them susceptible to attacks, according to privacy-focused messaging service Signal. Cellebrite claims to have thousands of customers in over 140 countries.

The Car Connectivity Consortium announced that its Digital Key Release 3.0 specification - which adds Bluetooth Low Energy and Ultra Wideband wireless connectivity technologies to enable compatible mobile devices with passive keyless access and engine start - is planned for completion by the middle of 2021. "We are creating a world where our mobile devices become true digital keys for our vehicles, bringing a new level of convenience and accessibility for users," said Daniel Knobloch, president, CCC. "Our Digital Key Release 3.0 will allow users to leave their mobile device in their bag or pocket when unlocking or starting their vehicle."

Facebook on Wednesday said it took steps to dismantle malicious activities perpetrated by two state-sponsored hacking groups operating out of Palestine that abused its platform to distribute malware. To disrupt the adversary operations, Facebook said it took down their accounts, blocked domains associated with their activity, and alerted users it suspects were singled out by these groups to help them secure their accounts.

Software developed by data extraction company Cellebrite contains vulnerabilities that allow arbitrary code execution on the device, claims Moxie Marlinspike, the creator of the encrypted messaging app Signal. The researcher found that Cellebrite's software had outdated open-source code that had not been updated in almost a decade, despite security updates being available.

Phone, tablet, and IoT gadget makers will have to state when they'll stop providing security updates for new devices entering the market, the UK's Department for Culture, Media and Sport vowed this morning. Today's pledge would see existing plans for internet-connected tat extended to smartphones and tablets, which is a large step for a scheme originally put together for landfill Internet-of-Things devices such as webcams.

Smith Micro Software announced that it has completed its previously announced acquisition of Avast's Family Safety Mobile business. With this acquisition, Smith Micro obtains Avast's portfolio of mobile family safety services including location features, content filtering and screen time management, cementing Smith Micro as a market leader in delivering mobile family safety software solutions to wireless carriers.

The ioXt Alliance announced that it is expanding its ioXt Compliance Program with a new mobile application profile with added requirements for VPN applications. Defined collaboratively by technology companies such as Google and Amazon, in partnership with security labs, NowSecure, NCC Group, DEKRA, Onward Security and 7layers, and aligned with the initiatives set forth by VPN Trust Initiative, these new security standards for the mobile app and VPN markets will bring transparency and visibility to consumer and enterprise buyers, to advance security in the IoT industry as a whole.

On Thursday the ioXt Alliance, an Internet of Things security trade group backed by some of the biggest names in the business, introduced a set of baseline standards for mobile apps, in the hope that IoT security may someday be a bit less of a dumpster fire. The announcement of the new Mobile Application Profile [PDF], a certification program covering best practices and requirements to keep mobile apps safer than the low bar of vendor discretion, comes from the collaboration of more than 20 ioXt member companies like Amazon, Comcast, Google, and others.

SmartBear has integrated TestComplete, its UI test automation tool, with BitBar, its native mobile device cloud. TestComplete users are now able to create a codeless mobile test and then use these tests in BitBar across devices.

Inkscreen announced that the company has signed a strategic reseller agreement with Vertosoft. Under the agreement, Vertosoft will offer Inkscreen's CAPTOR mobile camera app to federal, state and local government agencies to help their employees secure business photos and other work content captured on their personal devices.