Mobile

About the “easy to hack” EU Exit: ID Document Check app

The British Home Office’s app for EU citizens applying to live and work in the UK post-Brexit “could allow hackers to steal phone numbers, addresses and passport details.”

But is this something worth losing any sleep over?


2 min read

bitdefender.com

Update your iPhone 5 before November 3 2019, or lose its internet access

Listen up if you’re still using an iPhone 5 – you need to update to iOS 10.3.4 before Sunday November 3, or you may find your smartphone loses access to the internet.

Read more in my article on the Hot for Security blog.


0 sec read

About that “Any fingerprint can unlock your Samsung Galaxy S10” report

Plenty of headlines are warning about anyone’s fingerprint being able to unlock a Samsung Galaxy S10, but I’m not sure it’s quite as simple as that…


2 min read

Fake iOS Checkra1n jailbreak site installs slot machine game, generates click-fraud revenue

A website that promises to jailbreak your iPhone using the Checkm8 exploit actually installs apps with the intention of generating click-fraud revenue.


56 sec read

It’s been a couple of days, so Apple releases yet another iOS update

Yup, there’s a new update to iOS. But don’t expect it to have resolved the worrying Checkm8 exploit one hacker found in the iPhone’s secure ROM.


1 min read

Smashing Security #147: Don’t Snapchat and drive

How is private medical data leaking onto the streets of Milton Keynes, what is widening the cybersecurity skills gap, and how is Australia controversially tackling the problem of drivers using their mobile phones?

All this and more can be heard in the latest “Smashing Security” podcast.


2 min read

Smashing Security #145: Apple and Google willy wave while home assistants spy – DoH!

Apple’s furious with Google over iPhone hacking attacks against Uyghur Muslims in China, DNS-over-HTTPS is good for privacy but makes ISPs angry, and concern over digital assistants listening to our private moments continues to rise.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by journalist John Leyden.


2 min read

tripwire.com

Hundreds of millions of Facebook users’ phone numbers found lying around on the internet

A security researcher found a server on the internet containing more than 419 million records related to Facebook users.

No password protection was in place – meaning the treasure trove of phone numbers was available to literally anybody with an internet connection.

Read more in my article on the Tripwire State of Security blog.


0 sec read

Smashing Security #144: Google helps the FBI, Twitter Jack’s hijack, and car data woes

Should Google really be helping the FBI with a bank robbery? What’s the story behind the Twitter CEO claiming there’s a bomb in their offices? And how much does your car really know about you?

And we mourn the loss of Doctor Who legend Terrance Dicks…


2 min read

Twitter disables tweeting via SMS (temporarily at least), in wake of Jack Dorsey account hijack

In the wake of the CEO of Twitter having his account hijacked the site has disabled the option to tweet via SMS.


1 min read

Earn $2.5 million if you find a remote zero-day exploit for Android

A vulnerability broker is offering up to $2.5 million for zero-day remote exploits which would allow attackers to infect a remote Android smartphone with malware, with no user interaction required. But who will they then sell exploits to?


1 min read

About the Twitter CEO ‘@jack hack’

Twitter co-founder Jack Dorsey had his account hijacked, after his mobile phone provider allowed someone else to seize his number.


2 min read

bitdefender.com

Google’s bug bounty bid to make big Android apps more secure

Google’s bug bounty has been expanded to not only covers the firm’s own products, but additionally all apps in the official Google Play store which have had 100 million or more installs.

Read more in my article on the Hot for Security blog.


0 sec read

iOS 12.4.1 update fixes jailbreak vulnerability that Apple accidentally reintroduced

Apple has fixed the jailbreaking vulnerability in iOS that it previously unfixed.


27 sec read

bitdefender.com

D’oh! Apple botches iOS update, leaves iPhones open to jailbreaking

For the first time in years, hackers have created a working exploit that can jailbreak the latest, fully-updated version of iOS.

And a goof by Apple has allowed them do it.

Read more in my article on the Hot for Security blog.


0 sec read

bitdefender.com

AT&T workers bribed to install malware on company network and unlock iPhones

34-year-old Muhammad Fahd has been charged for his part in a criminal scheme that is said to have cost AT&T millions of dollars.

Read more in my article on the Hot for Security blog.


0 sec read