Domain: viaforensics.com
Stories and comments across the archive that link to viaforensics.com.
Comments · 6
-
Re:Always the same stupid, stupid mistakes
They don't even have to ask. After years of doing mobile security audits, we complied 42+ best practices for secure mobile development and posted it free online. It's just that secure development takes extra time (and talent) and very few are willing to make that commitment. https://viaforensics.com/resources/reports/best-practices-ios-android-secure-mobile-development/
-
A couple of points
First of all TFA is about how difficult it is to grab plaintext from a whole-disk encrypted drive. From what i know, the iphone is NOT whole-disk encrypted.
Secondly, the same could be said about any android phone which employs whole-disk encryption.
Thirdly, this talk from BlackHat2012 seems like an interesting reading to acompany TFA https://viaforensics.com/mobile-security-category/blackhat2012-zdziarski-ios-application-hacking.html
But more importantly than all of the above, i think it's naive to assume Apple doesn't have the master key for every iDevice. When the govermernt comes knocking, if you base your security to just the basics apple gives you, you're pretty much screwed.
-
Problem = stolen money, personal info., & more
"If they chose to install software that does all that, whats the problem?" - by mSparks43 (757109) on Friday December 30, @03:18PM (#38541876) Homepage
This bug in ANDROID 2.1 & below's what - users didn't INSTALL what took advantage of that bug in ANDROID to bypass "permissions" -> http://www.theregister.co.uk/2010/11/10/android_malware_attacks/ & again here too -> http://mobile.slashdot.org/story/10/11/14/0115255/android-holes-allow-secret-installation-of-apps
(The fact that stuff like that costs folks their money, personal info., privacy, & what-not along with other "woes" due to malware too, is bad!)
I also pointed out other kernel level errors that have occurred in ANDROID too -> http://linux.slashdot.org/story/10/11/02/2238205/Serious-Security-Bugs-Found-In-Android-Kernel
...There'll be more over time, count on it.
---
"We've already established there are no known remote code vulnerabilities to let such things get on there by accident." - by mSparks43 (757109) on Friday December 30, @03:18PM (#38541876) Homepage
Have we? I established gaining a remote shell on ANDROID's been done recently too, per this link:
http://viaforensics.com/security/nopermission-android-app-remote-shell.html
In a way that bypasses permissions, and that perms system gives folks a false sense of security.
(The methods used are still present & will work up to IceCream Sandwich 4.0 on ANDROID to this day...)
If you're talking about remotely exploitable kernel bugs on the latest ANDROID? They'll show up over time if they're not present in latest builds (found yet is more like it). Give it time.
The point is not remote bugs only - it is the fact that ANDROID's turning up HIGHLY EXPLOITABLE!
That means Linux, of which ANDROID is part of that OS family, can be as well...
Despite all the "FUD" spread around here on
/. that Linux = Secure etc., it was hiding for YEARS behind "security-by-obscurity" & ANDROID's the proof!84 security problems I posted aren't lies & are widely known...
---
"Unlike any of the alternatives." - by mSparks43 (757109) on Friday December 30, @03:18PM (#38541876) Homepage
PC's are more securable than smartphones presently are.
Personally, though I think/feel smartphones are "cool" (in terms of having a puny screen I can't stand, they can do quite a bit, really a tiny PC in a way), they aren't measuring up on the security front yet... thus, I avoid their tech until it will (NOKIA user here, but not a "smartphone", just a mobile for now because of that).
APK
P.S.=> However, again: I *think* you miss my "main point" here, entirely - that's about Linux, what the "Pro-*NIX crew" around here was way, Way, WAY WRONG about, & security!
So, I am going to "Cut & Paste" it from my last reply to you once more:
For MANY years since I've been coming here,
/.'s got a "clique" of "Pro-*NIX" people who for years said things along the lines of:"Linux = Secure, Windows != Secure"
With ANDROID especially? That's now showing itself to be a lie!
(Linux users have 1% of the marketshare on PC's & that let them hide behind "security-by-obscurity" (no one targetting them because not enough users) & thus, less users on their platform = less of a desirable target to malware makers to justify effort for "ROI" on attacking Li
-
Use appWatchdog to check individal app security
We examine mobile app security using forensics and post the results free on our appWatchdog page:
http://viaforensics.com/appwatchdog/
In a few weeks, we will have an "appWatchdog app" available for Android which will scan installed apps and advise which store your personal data insecurely. This is good practice in case of a lost phone or remote exploit which can gain access to
/data/data. -
Security of iPhone and Android app
A mobile security firm performed a security review of the Starbuck's iPhone app and they also reviewed the look-alike-but-not-official Android Starbuck's app and found it stored nearly everything (including full credit card information) insecurely. DOH! It's great to see the new functionality, just wish more attention was paid to security of customer data.
-
Security of iPhone and Android app
A mobile security firm performed a security review of the Starbuck's iPhone app and they also reviewed the look-alike-but-not-official Android Starbuck's app and found it stored nearly everything (including full credit card information) insecurely. DOH! It's great to see the new functionality, just wish more attention was paid to security of customer data.