Mobile Security Archives - Page 6 of 7

Thousands of Android devices leave debug port 5555 exposed

Cybersecurity Attacks, Mobile Security, Vulnerabilities & Exploits / By Frank Crast / June 12, 2018 May 9, 2022 / 5555, ADB, Android, debug, mobile, Root Bridge

Tens of thousands of Android devices have exposed debug port 5555 wide open to the internet.

“Trustjacking” iOS vulnerability

Leave a Comment / Cybersecurity Attacks, Mobile Security, Network Security, Vulnerabilities & Exploits / By Frank Crast / April 20, 2018 December 30, 2018 / Apple, iOS, iOS 11, iTunes, Trustjacking, WiFi

Security researchers from Symantec have disclosed a new iOS vulnerability dubbed ‘Trustjacking’ that allows an attacker to exploit an iTunes Wi-Fi Sync feature and take control of a victim’s device.

An Android P preview

Mobile Security / By Frank Crast / March 8, 2018 September 25, 2019 / Security, WiFi

Google announced on Wednesday the first developer preview of Android P, the newest version of Android.

Apple’s ‘Text Bomb’ bug

Leave a Comment / Mobile Security, Vulnerabilities & Exploits / By Frank Crast / February 19, 2018 December 31, 2018 / Apple, iOS, mobile, Text Bomb

Apple is rushing to fix a another ‘Text Bomb’ bug that crashes a number of iOS and Mac apps.

AndroRAT exploits older Android vulnerability

Leave a Comment / Malware, Mobile Security, Vulnerabilities & Exploits / By Frank Crast / February 13, 2018 December 31, 2018 / Android, AndroRAT, malware, RAT

Trend Micro researchers detected a new variant of Android Remote Access Tool (AndroRAT) that targets an older publicly disclosed vulnerability (CVE-2015-1805) that allows an attacker to compromise older Android devices to perform privilege escalation.

Apple’s iPhone ‘iBoot’ source code leak

Application Security, Mobile Security, Vulnerabilities & Exploits / By Frank Crast / February 8, 2018 March 29, 2021 / Apple, GitHub, iOS, Source Code

Someone has posted to GitHub the purported source code for a critical component for iPhone’s bootloader or “iBoot.” Access to iBoot code could allow hackers to find vulnerabilities in iOS that could be exploited in the future. iBoot is responsible for ensuring the trusted boot of the mobile operating system, in a sense like iPhone’s BIOS.

Fitness app users could expose military bases

Leave a Comment / Application Security, Mobile Security / By Frank Crast / January 29, 2018 December 31, 2018 / Android, Fitness, iPhone, Military, mobile, Secruity, Strava

Fitness app and social media company Strava has introduced a Global Heatmap service, that may have allowed many service people to inadvertently expose the locations of their military bases.

PCI security standards for mobile point of sale

Leave a Comment / Mobile Security, Standards & Guidelines / By Frank Crast / January 25, 2018 December 31, 2018 / EMV, mobile, PCI, SCRP, Security, SPoC, Standards

The PCI Security Standards Council (PCI SSC) announced a new PCI Security Standard for software-based PIN entry on commercial off-the-shelf devices (COTS), to include smartphones and tablets.

Trackmageddon exposes millions of GPS tracking devices

Leave a Comment / Internet of Things (IoT), Mobile Security, Vulnerabilities & Exploits / By Frank Crast / January 3, 2018 January 1, 2019 / IMEI, IOT, One2Track, Trackmageddon

Vulnerabilities dubbed “Trackmageddon” were discovered in online services of (GPS) location tracking devices. The vulnerabilities could allow third parties unauthorized access to location data of all location tracking devices managed by a vulnerable online service. Other types of data impacted include, serial number (i.e., IMEI), assigned phone number, model/type name and custom assigned names. The latter two …

Trackmageddon exposes millions of GPS tracking devices Read More »

Janus Android vulnerability

Leave a Comment / Mobile Security, Vulnerabilities & Exploits / By Frank Crast / December 28, 2017 January 1, 2019 / Android, Janus, Vulnerabilities

A serious Android security vulnerability dubbed Janus could allow attackers to modify the code in applications without affecting their signatures. Attackers could then use the technique to gain indirect access to the device.