Android’s December 2017 Patches Resolve Critical Flaws
The December 2017 Android security patches that Google released this week resolve 47 vulnerabilities, including 10 rated Critical severity. The patches affect a variety of platform components and were split in two packages, or security patch levels, as Google calls them. The first addresses 19 vulnerabilities while the second resolves 28 issues.
Removal Attempt Turns Android Banking Trojan Into Ransomware
Researchers at SfyLabs have detailed the capabilities of an Android banking Trojan named LokiBot that is designed to turn into a piece of ransomware when users attempt to remove it from their devices. LokiBot has been around since at least June and its authors have been rolling out new features nearly every week. Once it…
Android malware on Google Play adds devices to botnet
We have encountered a new and highly prevalent type of Android malware (detected as Android.Sockbot) posing as apps on Google Play and later adding compromised devices into a botnet. So far we have identified at least eight such apps, with an install base ranging from 600,000 to 2.6 million devices. This malware appears primarily targeting…
Android Ransomware Abuses Accessibility Services
A newly discovered ransomware family targeting Android devices is abusing the platform’s accessibility services, ESET warns. Dubbed DoubleLocker, this innovative Android malware doesn’t merely encrypt users’ data, but also locks the infected devices down, security researchers from ESET say. The ransomware is based on the source code of BankBot banking Trojan, which is already known for misusing…
Google Discloses Critical Wi-Fi Flaws Affecting iOS, Android
Google Project Zero has disclosed the details of two critical remote code execution vulnerabilities affecting the Broadcom Wi-Fi chips found in many Android and iOS devices. The flaws, identified as CVE-2017-11120 and CVE-2017-11121, were patched in Android on September 5 with this month’s security updates and in iOS on September 19 with the release of…
Billions of Bluetooth-enabled devices vulnerable to new airborne attacks
Eight zero-day vulnerabilities affecting the Android, Windows, Linux and iOS implementations of Bluetooth can be exploited by attackers to extract information from, execute malicious code on, or perform a MitM attack against vulnerable devices. The vulnerabilities, collectively dubbed BlueBorne by the researchers who discovered them, can be exploited without users having to click on a…
Google Patches 81 Android Vulnerabilities With September 2017 Updates
A total of 81 security vulnerabilities have been addressed in this month’s set of security patches for the Android platform. 13 of the flaws were rated Critical severity. The security bulletin has two security patch levels, each focused on addressing vulnerabilities in specific components. The 2017-09-01 security patch level fixes a total of 30 vulnerabilities, 10 of…
Hacking smartphones with malicious replacement parts
Smartphone users can now add a new entry to the list of things they need to worry about: their phones being compromised via replacement parts. A group of researchers from Ben-Gurion University of the Negev has demonstrated that hardware replacements – e.g. touchscreens, NFC readers, wireless charging controllers, and so on – can be equipped…
How to spot malicious mobile apps
The pervasiveness of smartphones has resulted in an onslaught of mobile apps, and it’s pretty safe to say that, by now, there is an app for every imaginable purpose. Unfortunately, among the many helpful ones are also many malicious apps – no app market is safe from them. Fortunately, there are ways to spot such…
O Me, O My! Android O and Its Impact on the Enterprise
As the summer winds down, the next big wave of mobile OS updates is upon us — a seasonal trend that brings about excitement and positive change for both consumers and security leaders. With Google Android O version 8.0 set for imminent release, we’ve lined up some new features to look out for in the…