Supply chain hacking: bull in a China shop?
Were Apple and Amazon compromised by dodgy chips in the supply chain? ... Read More
Intel Management Mode – Apple didn’t lock
The Intel Management Engine, CVE-2018-4251, and Apple ... Read More
News update: October 3rd
Filip Truta for Bitdefender: Researchers use Android password managers to make phishing attacks more practical “Simone Aonzo, Alessio Merlo, and Giulio Tavella from the University of Genoa and Yanick Fratantonio from EURECOM found that certain Android password managers can be tricked into entering valid login credentials into phishing apps. The ... Read More
This week’s roundup
Apple DEP issue; Android spyware & WhatsApp; Which? on sneaky Android and iPhone apps; Wardle claims privacy bypass issue in Mojave (already); Sophos on cryptojacking ... Read More
Android malware (and iOS enhancements)
Checkpoint on the Black Rose Lucy malware bundle, ESET on fake finance apps found on Google Play, and Sophos on the security features in iOS 12 ... Read More
Krebs: commentary on global authentication via your wireless carrier
Brian Krebs: U.S. Mobile Giants Want to be Your Online Identity – “The four major U.S. wireless carriers today detailed a new initiative that may soon let Web sites eschew passwords and instead authenticate visitors by leveraging data elements unique to each customer’s phone and mobile subscriber account, such as ... Read More
Smartphones that talk too much
In brief, the idea is that the phone's 'acoustic signature' can be used to determine the device users' password when they unlock the phone ... Read More
Apple to make life easier for law enforcement
Apple has experienced much friction with law-enforcement regarding information sharing and access to suspects' devices. Will provision of a formal procedure reduce that friction? ... Read More
Android Issues
Android Malware-as-a-Service botnet, CVE-2018-9489, and open-source vulnerabilities in Android apps ... Read More
