Mobile

now browsing by tag

 
 

Mobile #Pwn2Own 2017 #Hackers #Exploit Fully #Patched #Mobile Devices

Source: National Cyber Security – Produced By Gregory Evans

Mobile #Pwn2Own 2017 #Hackers #Exploit Fully #Patched #Mobile Devices

Security researchers demonstrate new zero-day vulnerabilities in fully patched Apple, Samsung and Huawei mobile devices at the Mobile Pwn2Own 2017 security event in Tokyo.

On the first day of the Mobile Pwn2Own 2017 hacking competition in Tokyo, security researchers demonstrated new zero-day attacks against fully patched mobile devices.

On Nov. 1, different groups of security researchers made a total of seven exploit attempts, five of which were successful. Among the successful exploit targets were fully patched Apple iPhone 7, Samsung Galaxy S8 and Huawei Mate9 Pro devices.

Researchers who demonstrated the successful exploits were rewarded with a total of $350,000 in prize money from Trend Micro’s Zero Day Initiative (ZDI), which runs the Pwn2Own contest. All of the flaws discovered at the event are privately reported to the impacted vendors and are subject to the ZDI’s disclosure policy, which provides vendors with 90 days to fix the vulnerabilities before they are publicly 

Three of the five successful exploits were made against Apple devices, including two browser exploits against Safari and one WiFi exploit. Apple just updated iOS to 11.1 on Oct. 31, which is the version the researchers were able to exploit.

“The team updated all devices to the latest OSes prior to the contest kicking off this morning, including iOS 11.1, as late as 5 a.m. this morning, Tokyo time,” Brian Gorenc, director at Trend Micro’s Zero Day Initiative, told eWEEK.

The iOS 11.1 update patches 14 vulnerabilities, including six that were memory corruption issues in Safari’s WebKit browser rending engine. As it turns out, there are apparently still security issues in iOS 11.1 that Apple will need to patch in a future update.

Security researchers from Tencent Keen Security Lab were able to demonstrate multiple exploits against the fully patched iOS 11.1. Among those exploits was an arbitrary code execution, via a WiFi bug, that also provides privilege escalation and can persist through a reboot. The whole exploit chain included four different bugs and resulted in an award of $110,000.

A second exploit attempt by Tencent Keen Security Lab made use of two different bugs, including one in an iOS system service and one in the browser to exploit Safari. That exploit earned an additional $45,000 in awards from ZDI.

Security researcher Richard Zhu, also known by his alias fluorescence, took aim at iOS 11.1 as well and demonstrated two bugs. Zhu’s bugs were able to exploit Safari and escape the iOS system sandbox, enabling him to run arbitrary code. For his efforts, Zhu was awarded $25,000 by ZDI.

Android

Apple wasn’t the only target at Mobile Pwn2Own 2017, with researchers also taking aim at Android devices from multiple vendors.

Researchers from 360 Security were able to demonstrate a chain of flaws on the Samsung Galaxy S8 that led to arbitrary code execution. The exploit chain included a bug in the Samsung internet browser paired with a privilege escalation in a Samsung application that enabled code execution to persist through a reboot. ZDI awarded the 360 Security team $70,000 for its efforts.

Among the most impactful types of mobile device vulnerabilities are cellular baseband flaws. The baseband is the component that manages all the radio functions on a cellular device. Tencent Keen Security Lab was able to successfully demonstrate a baseband exploit using a Huawei Mate9 Pro smartphone that would allow an attacker to spoof the device. ZDI awarded $100,000 to Tencent Keen Security Lab for the baseband exploit.

“The baseband attack was exciting, and we’re looking forward to seeing another attempt in this category tomorrow [Nov. 2],” Gorenc said. “It’s always interesting to see jailbreaks as well, and we saw two today. Also there was persistency demonstrated with three of the attacks, which is impressive.”

The post Mobile #Pwn2Own 2017 #Hackers #Exploit Fully #Patched #Mobile Devices appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Bitcoin users are opening their wallets to hackers through mobile networks

Source: National Cyber Security – Produced By Gregory Evans

Cryptocurrencies like Bitcoin make a big deal of their security; theoretically, they are almost impossible to hack. Every transaction is stored in a ‘digital ledger’, shared across multiple machines; an attacker would need to compromise every computer in the chain to successfully hack the system. However, the digital wallets that…

The post Bitcoin users are opening their wallets to hackers through mobile networks appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hacker claims to have decrypted Apple’s Secure Enclave, destroying key piece of iOS mobile security

Source: National Cyber Security – Produced By Gregory Evans

A hacker going by the handle xerub has just released what he claims to be a full decryption key for Apple’s Secure Enclave Processor (SEP) firmware. This could be a major blow for iOS security because of the importance of the SEP: It handles Touch ID transactions and is completely…

The post Hacker claims to have decrypted Apple’s Secure Enclave, destroying key piece of iOS mobile security appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers Target Your Mobile Bank App; You Can Fight Back

Hackers Target Your Mobile Bank App; You Can Fight BackSource: National Cyber Security – Produced By Gregory Evans BRAVE NEW BANK This NerdWallet series delves into what’s new in retail banking and what’s in it for you. We explore some of the surprising things in store for products, tech and security and look at how they’ll affect consumers. By 2021, millions more of us […] View full post on AmIHackerProof.com | Can You Be Hacked?

Mobile is slow, but cyber-security business will help company grow, says Singtel CEO

Source: National Cyber Security – Produced By Gregory Evans

Mobile is slow, but cyber-security business will help company grow, says Singtel CEO

Cyber security is a key growth segment for Southeast Asia’s largest telco Singtel, as price competition in data and voice intensifies globally, its chief executive told CNBC. “Our core carriage business that is your traditional voice, data businesses, those face significant price competition … The growth that we have seen in our ICT (information and communication technology) businesses has certainly …

The post Mobile is slow, but cyber-security business will help company grow, says Singtel CEO appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Samsung’s Facial Recognition related Mobile Security is not yet ready for Mobile Payments

Source: National Cyber Security – Produced By Gregory Evans

Samsung’s Facial Recognition related Mobile Security is not yet ready for Mobile Payments

Samsung has made it official that its facial recognition feature related to mobile security is still not ready to make mobile payments. The world-renowned smartphone maker has also added in its media briefing that it might take at least 4 …

The post Samsung’s Facial Recognition related Mobile Security is not yet ready for Mobile Payments appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

5 ways to adapt your mobile security strategy for IoT

Source: National Cyber Security – Produced By Gregory Evans

Ready or not, the IoT wave is already breaking on enterprise shores. While smart, connected devices mean increased automation and digitisation, they also translate into new challenges that will require companies to shift their approach to security. Already, malware infecting …

The post 5 ways to adapt your mobile security strategy for IoT appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Mobile users rarely pay for malware protection

Source: National Cyber Security – Produced By Gregory Evans

Mobile users rarely pay for malware protection

Almost nine in ten (89 per cent) of mobile consumers don’t pay for mobile protection, despite the fact that mobile malware is running rampant. Consumers would, however, gladly do it (61 per cent of them), if their mobile operators would …

The post Mobile users rarely pay for malware protection appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Computer And Mobile Forensics Investigator

Source: National Cyber Security – Produced By Gregory Evans

Computer And Mobile Forensics Investigator

Course Overview Learn the techniques and practices for gathering and analyzing evidence used to solve crimes involving computers. While other texts offer more of an overview of the field, this hands-on learning text provides clear instruction on the tools and …

The post Computer And Mobile Forensics Investigator appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Three Mobile, two alleged hackers, one big customer database heist

shutterstock_mobile_theft_648

Source: National Cyber Security – Produced By Gregory Evans

Three Mobile, two alleged hackers, one big customer database heist

UK carrier Three Mobile was the victim of a hacking scheme that has reportedly left the records of millions of customers exposed.
According to multiple UK media reports citing both Three and the National Crime Agency (NCA), hackers gained access

The post Three Mobile, two alleged hackers, one big customer database heist appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures