Yes, SMS-based 2FA can be intercepted by someone determined to hack into your account.
But it’s also better than not having any multi-factor authentication in place at all.
Read more in my article on the Hot for Security blog.
Archive | Mobile
PODCASTSmashing Security #089: Data breaches, ransomware, Bitcoin robberies, and typewriters
Ransomware rears its head again, Dixons Carphone reveals its data breach was almost 1000% worse than they previously thought, a man is accused of stealing five million dollars worth of cryptocurrency through hijacking mobile phones, and a Canadian guy called Norman is rushing to get the typewriters out of storage.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by journalist Geoff White.
Android apps infected with umm… *Windows* malware
Security researchers at Palo Alto Networks recently discovered 145 apps in the official Google Play Android store that were “infected by malicious Microsoft Windows executable files.”
Yes, you read that correctly. Android apps carrying malicious Windows executables.
Hackers automate the laundering of money via Clash of Clans
Popular smartphone games such as “Clash of Clans” are being used to launder hundreds of thousands of dollars on behalf of credit card thieves.
Read more in my article on the Tripwire State of Security blog.
New iOS security feature can be defeated by a $39 adapter… sold by Apple
A one hour countdown timer can be reset simply by connecting the iPhone to an untrusted USB accessory - giving law enforcement plenty of opportunity to crack your passcode with specialist tools.
Disgruntled programmer accused of trying to sell his firm’s iPhone spyware for $50 million
Your company doesn’t have to work in the field of high-tech surveillance and spyware to find itself at risk from insiders.
Read more in my article on the Tripwire State of Security blog.
PODCASTSmashing Security #084: No! My voice is not my password
Who’s been collecting the voice prints of millions of people saying “My voice is my password”? Why has it become tougher for law enforcement to scoop up cellphone data? And who’s been turning up your central heating?
All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes from AMTSO.
WannaCry ransomware scam tries to extort money without actually infecting your computer
Someone is trying to pull a fast one, attempting to trick unsuspecting users into paying a ransom… even though they *haven’t* infected your computer with ransomware.
60,000 Android devices hit by battery-saving app attack
Computer security experts have discovered an unusual attack targeting users of Android devices.
Read more in my article on the Tripwire State of Security blog.
Tens of thousands of Android devices are leaving their debug port exposed
Countless Android devices are leaving themselves open to attack after being shipped with a critical port left unsecured.
Read more in my article on the Hot for Security blog.
PODCASTSmashing Security #079: Mugshots, mobile mania, and back end gurus
A website which demands money if you want your mugshot removed, could “sharenting” lead to a rise in fraud and identity theft, and how could the FBI have overcounted encrypted phones so badly?
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, who are joined this week by special guest Maria Varmazis.
Text bombs and ‘Black Dots of Death’ plague WhatsApp and iMessage users
Please don’t be tempted to try any of these text bomb attack out on anyone else, even as a prank. It’s simply not funny.
Read more in my article on the Hot for Security blog.
Drupe app removed from Google Play store after photos and messages leaked publicly
A popular Android app called Drupe, downloaded over 10 million times, has been leaving users’ selfie snapshots, audio messages, and other sensitive data exposed for anybody to see.
Read more in my article on the Hot for Security blog.
The Pentagon bans Huawei and ZTE smartphone sales at military bases worldwide
Smartphones made by ZTE and Huawei have been banned from sale at US military bases around the world, following concerns that they could pose a security threat.
PODCASTSmashing Security #076: Spying phones, hacked ski lifts, and World Password Day
Cheap Android smartphones sold on Amazon have been sending customers’ full text messages to a Chinese server, ski lifts are found to be the latest devices left open to abuse by hackers, and we remind you why password managers are a good idea on World Password Day. Oh, and our guest serenades us with a hit from the 1980s!
All this and more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by broadcaster and journalist David McClelland.
China forces spyware onto Muslim’s Android phones, complete with security holes
Eight million Uyghurs, a Muslim ethnic group, have been ordered by the Chinese authorities to install a spyware app onto their Android smartphones. And it’s insecure…
Read more in my article on the Hot for Security blog.
