Security News

GlobalPlatform has released a new specification to simplify and bring greater trust to the authentication of digital services on smartphones and biometric-enabled cards. Originally developed within EMVCo, the global technical body that facilitates the worldwide interoperability and acceptance of secure payment transactions, the Secure Element Broker Interface defines a standard to make end-user authentication simpler for all applications running in a GlobalPlatform-certified Secure Element.

The NSA released the advisory this week informing people of the various ways mobile phones, by design, give up location information-which go beyond the well-known Location Services feature that people use on a regular basis. Most people are aware that location services on devices can pinpoint where they are so people can have access to services in the area, as well as share their location with friends via mobile apps such as WhatsApp, among other useful activities.

Today I'm happy to release new research I've been working on for a while: 0-click RCE via MMS in all modern Samsung phones, due to numerous bugs in a little-known custom "Qmage" image codec supported by Skia on Samsung devices. The patch coincides with Android's monthly release of security fixes: all owners of devices running supported versions of Android will want to check for and install relevant updates in May's patch batch.

Samsung this week released its May 2020 set of security updates for Android smartphones, which includes a patch for a critical vulnerability impacting all of its devices since 2014. In addition to the fixes in the Android Security Bulletin - May 2020, the phone maker's updates patch 19 vulnerabilities specific to Samsung smartphones.

The device people use to communicate online - a smartphone, desktop, or tablet - can affect the extent to which they are willing to overshare intimate or personal information about themselves, according to University of Pennsylvania researchers. When consumers receive an online ad that requests personal information, they are more likely to provide it when the request is received on their smartphone compared to their desktop or laptop computer.

Singapore will from May 12th require all businesses to adopt a system that checks visitors into and out of their premises using their smartphones, and has already made using the system compulsory before entering some venues. Called "SafeEntry", the system is designed to enhance Singapore's coronavirus contact-tracing capabilities and requires visitors to either scan a QR code or allow their phones to be scanned to record a barcode in the national e-services app.

Mobile device and app security leader Trustonic has extended its partnership with LG Electronics Mobile Communications Company, which will see Trustonic Secured Platform deployed on LG's smartphones. TSP has already been deployed in more than 2 billion smart devices worldwide and is being integrated through LG's major System on Chip platform partners to bring greater trust to more of its smartphones.

Apple has reportedly patched a pair of critical vulnerabilities in iOS that are being exploited by what appears to be government-backed hackers to spy on high-value targets. Most importantly, the researchers said, in iOS 13, the attack can be performed when Mail automatically downloads messages in the background, meaning no user interaction is needed: the data is fetched, parsed, and the bugs exploited immediately.

In an effort to fend off the coronavirus while getting economies restarted, the world has hit on the same idea: a smartphone app that alerts people if they have been close to someone who has the virus. Not all these apps work in the same way however and with experts saying that to be effective they would have to be used by at least 60 per cent of the population, it is critical that whatever approach is taken is acceptable to a vast majority of the population.

Google and Apple have announced a joint project to create a privacy-preserving COVID-19 contact tracing app. Fourth, the public health authorities need geographical data for purposes other than contact tracing - such as to tell the army where to build more field hospitals, and to plan shipments of scarce personal protective equipment.