Security News

The cool retro phone with a REAL DIAL… plus plenty of IoT problems
2021-12-23 19:58

Even when the mobile phone age arrived, the Chatter Phone retained its dial, its cheese-dish phone styling, and its sideways receiver. We don't how how or if you can dial the plus symbol for overseas calls, but many countries let you use a special digit sequence instead. So, the Chatter Telephone doesn't take a SIM card itself; instead, it pairs with a regular mobile phone and acts, if you like, as a sort of extension - a happy, smiley, cheerful, brightly coloured, child-like extension phone with an actual rotary dial.

Fisher Price's Bluetooth reboot of pre-school play phone has adult privacy flaw
2021-12-23 08:02

A Bluetooth phone designed to evoke the carefree days of early childhood has been found to instead threaten the very adult prospect of being surveilled in your home. The phone is the Fisher Price Chatter Special Edition, a device that adds Bluetooth and a speaker to the smiling, brightly coloured, wheeled, rotary dial phone on which it's previously been possible to make calls only by using one's imagination.

Passwordless verification API transforms every mobile phone into a security token for zero trust access
2021-12-15 06:00

You don't have to log into the network to use the phone - it happens in the background via the SIM. Moreover, the mobile subscriber identity is one of the most widely used forms of digital identity. Firstly, it merely proves the user has access to a phone number, potentially through social engineering, not possession of a physical security token / device.

US State Dept employees’ phones hacked using NSO spyware
2021-12-03 17:55

Apple has warned at least nine US Department of State employees that their iPhones have been hacked by unknown attackers using an iOS exploit dubbed ForcedEntry to deploy Pegasus spyware developed by Israeli surveillance firm NSO Group. "On top of the independent investigation, NSO will cooperate with any relevant government authority and present the full information we will have," an NSO spokesperson separately told Motherboard.

How a malicious Android app could covertly turn the DSP in your MediaTek-powered phone into an eavesdropping bug
2021-11-24 11:00

Check Point Research will today spill the beans on security holes it found within the audio processor firmware in millions of smartphones, which can be potentially exploited by malicious apps to secretly eavesdrop on people. Though its chips tend to power low-to-mid-end Android handhelds, MediaTek leads the world in terms of smartphone chip shipments; its tech is used nearly everywhere.

Over 9 Million Android Phones Running Malware Apps from Huawei's AppGallery
2021-11-23 23:40

At least 9.3 million Android devices have been infected by a new class of malware that disguises itself as dozens of arcade, shooter, and strategy games on Huawei's AppGallery marketplace to steal device information and victims' mobile phone numbers. The mobile campaign was disclosed by researchers from Doctor Web, who classified the trojan as "Android.Cynos.7.origin," owing to the fact that the malware is a modified version of the Cynos malware.

On Cell Phone Metadata
2021-11-02 11:28

Interesting Twitter thread on how cell phone metadata can be used to identify and track people who don’t want to be identified and tracked.

Android has its head in the sand with AbstractEmu malware rooting phones
2021-11-01 13:01

A new and dangerous form of malware for rooting Android phones has been spotted in 19 apps on Google's Play store, as well as in several in the Amazon Appstore, the Samsung Galaxy Store, and other third-party sites. Dubbed AbstractEmu by bug-hunters at Lookout, who first spotted the code, the malware would give full access to all functions on an Android device and would be almost impossible to remove without doing a full system wipe.

Facebook sues scraper who sold 178 million phone numbers and user IDs
2021-10-25 08:01

Facebook has sued a Ukrainian national for allegedly harvesting and selling personal data describing 178 million of the Social NetworkTM's users - actions it says violates the service's terms of service. The suit alleges that Alexander Alexandrovich Solonchenko created millions of virtual Android devices, each with a different phone number, and used them to deliver automated requests to Facebook systems using the Messenger app.

How your phone, laptop, or watch can be tracked by their Bluetooth transmissions
2021-10-22 06:50

Over the past few years, mobile devices have become increasingly chatty over the Bluetooth Low Energy protocol and this turns out to be a somewhat significant privacy risk. More recently, the US-based researchers explain, software for tracking COVID-19 has used mobile devices as BLE beacons, broadcasting signals in the service of public health.