Security News
Multiple security weaknesses have been disclosed in MediaTek system-on-chips that could have enabled a threat actor to elevate privileges and execute arbitrary code in the firmware of the audio processor, effectively allowing the attackers to carry out a "Massive eavesdrop campaign" without the users' knowledge. The discovery of the flaws is the result of reverse-engineering the Taiwanese company's audio digital signal processor unit by Israeli cybersecurity firm Check Point Research, ultimately finding that by stringing them together with other flaws present in a smartphone manufacturer's libraries, the issues uncovered in the chip could lead to local privilege escalation from an Android application.
MediaTek fixed security vulnerabilities that could have allowed attackers to eavesdrop on Android phone calls, execute commands, or elevate their privileges to a higher level. MediaTek is one of the largest semiconductor companies in the world, with their chips present in 43% of all smartphones as of the second quarter of 2021.
Researchers from the National University of Singapore and Yonsei University in South Korea have devised a mobile application that uses smartphones' time-of-flight sensor to find tiny spy cameras hidden in everyday objects. The app is more successful at detecting hidden cams than existing state-of-the-art commercial hidden camera detectors and much more successful than the human eye/brain.
Recent model smartphones can be smarter still about finding hidden cameras in their vicinity, if they take advantage of time-of-flight sensors. Sriram Sami, Bangjie Sun, and Sean Rui Xiang Tan, from National University of Singapore, and Jun Han from Yonsei University, describe how this might be done in a paper [PDF] titled "LAPD: Hidden Spy Camera Detection using Smartphone Time-of-Flight Sensors".
This is part 3 of Sean Gallagher’s advice for “securing your digital life.”
An unidentified threat actor has been linked to a new Android malware strain that features the ability to root smartphones and take complete control over infected smartphones while simultaneously taking steps to evade detection. Lookout Threat Labs said it found a total of 19 Android applications that posed as utility apps and system tools like password managers, money managers, app launchers, and data saving apps, seven of which contained the rooting functionality.
As soon as your flight lands, devices known as IMSI catchers located in or near the terminal may be waiting for your phone to turn on and look for a cellular connection. An IMSI catcher is essentially a fake cell tower situated between your phone and the real cell network that allows the operators to, at a minimum, grab your smartphone's phone number and IMSI. Agents can then crossmatch these numbers against existing watchlists or databases and perhaps even associate these numbers with your flight's passenger list.
Isracard used a single cell phone to communicate with credit card clients, and receive documents via WhatsApp. He reformatted the SIM, which was oddly the best possible outcome, given the circumstances.
It's not a coincidence that most of the security tips given to smartphone users - such as refraining from opening suspicious links or downloading untrusted apps - also apply to PCs. But unlike PCs, smartphones contain a plethora of radios - typically cellular, Wi-Fi, Bluetooth and Near Field Communication - that enable wireless communication in a variety of circumstances, and these radios are designed to remain turned on as the user moves through the world. An IMSI catcher is equipment designed to mimic a real cell tower so that a targeted smartphone will connect to it instead of the real cell network.
Thales is playing a key role in the end-to-end cloud-native mobile network, operated by Rakuten Mobile, a dynamic entrant into the Japanese market. Thales' eSIM technology also plays a key role in the development of Rakuten Mobile's innovative 4G and 5G smartphones.