Mobile

bitdefender.com

Teenager charged over $50 million SIM-swap cryptocurrency theft

Samy Bensaci, an 18-year-old living in Montreal, Canada, has been charged in connection with the theft of over $50 million worth of cryptocurrency in a SIM-swapping scam.

Find out what a SIM swap scam is, and read more in my article on the Hot for Security blog.

bitdefender.com

Millions of Android phones may be vulnerable to camera spying vulnerability

Security researchers have uncovered a vulnerability in Android smartphones that could allow an attacker to secretly take photos and record videos without any permissions being granted.

Read more in my article on the Hot for Security blog.

About the “easy to hack” EU Exit: ID Document Check app

The British Home Office’s app for EU citizens applying to live and work in the UK post-Brexit “could allow hackers to steal phone numbers, addresses and passport details.”

But is this something worth losing any sleep over?

bitdefender.com

Update your iPhone 5 before November 3 2019, or lose its internet access

Listen up if you’re still using an iPhone 5 – you need to update to iOS 10.3.4 before Sunday November 3, or you may find your smartphone loses access to the internet.

Read more in my article on the Hot for Security blog.

About that “Any fingerprint can unlock your Samsung Galaxy S10” report

Plenty of headlines are warning about anyone’s fingerprint being able to unlock a Samsung Galaxy S10, but I’m not sure it’s quite as simple as that…

Fake iOS Checkra1n jailbreak site installs slot machine game, generates click-fraud revenue

A website that promises to jailbreak your iPhone using the Checkm8 exploit actually installs apps with the intention of generating click-fraud revenue.

It’s been a couple of days, so Apple releases yet another iOS update

Yup, there’s a new update to iOS. But don’t expect it to have resolved the worrying Checkm8 exploit one hacker found in the iPhone’s secure ROM.

Smashing Security #147: Don’t Snapchat and drive

How is private medical data leaking onto the streets of Milton Keynes, what is widening the cybersecurity skills gap, and how is Australia controversially tackling the problem of drivers using their mobile phones?

All this and more can be heard in the latest “Smashing Security” podcast.

Smashing Security #145: Apple and Google willy wave while home assistants spy – DoH!

Apple’s furious with Google over iPhone hacking attacks against Uyghur Muslims in China, DNS-over-HTTPS is good for privacy but makes ISPs angry, and concern over digital assistants listening to our private moments continues to rise.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by journalist John Leyden.

tripwire.com

Hundreds of millions of Facebook users’ phone numbers found lying around on the internet

A security researcher found a server on the internet containing more than 419 million records related to Facebook users.

No password protection was in place – meaning the treasure trove of phone numbers was available to literally anybody with an internet connection.

Read more in my article on the Tripwire State of Security blog.

Smashing Security #144: Google helps the FBI, Twitter Jack’s hijack, and car data woes

Should Google really be helping the FBI with a bank robbery? What’s the story behind the Twitter CEO claiming there’s a bomb in their offices? And how much does your car really know about you?

And we mourn the loss of Doctor Who legend Terrance Dicks…

Twitter disables tweeting via SMS (temporarily at least), in wake of Jack Dorsey account hijack

In the wake of the CEO of Twitter having his account hijacked the site has disabled the option to tweet via SMS.

Earn $2.5 million if you find a remote zero-day exploit for Android

A vulnerability broker is offering up to $2.5 million for zero-day remote exploits which would allow attackers to infect a remote Android smartphone with malware, with no user interaction required. But who will they then sell exploits to?

About the Twitter CEO ‘@jack hack’

Twitter co-founder Jack Dorsey had his account hijacked, after his mobile phone provider allowed someone else to seize his number.

bitdefender.com

Google’s bug bounty bid to make big Android apps more secure

Google’s bug bounty has been expanded to not only covers the firm’s own products, but additionally all apps in the official Google Play store which have had 100 million or more installs.

Read more in my article on the Hot for Security blog.

iOS 12.4.1 update fixes jailbreak vulnerability that Apple accidentally reintroduced

Apple has fixed the jailbreaking vulnerability in iOS that it previously unfixed.