Archive for the ‘Mobile Security’ Category
Posted in Android, android browser, browser security, browser url spoofing, browser vulnerability, hacking news, MI browser, Mobile Security, URL Spoofing Vulnerability, xiaomi, Xiaomi mobiles | Comments (0)
Amazon Web Services' Simple Storage Service powers countless numbers of web and mobile applications. Unfortunately, many of the developers who build those applications do not adequately secure their S3 data stores, leaving user data exposed—sometimes directly to web browsers. And while that may not be a privacy concern for some sorts of applications, it's potentially dangerous when the data in question is "private" photos shared via a dating application.
Jack'd, a "gay dating and chat" application with over 1 million downloads from the Google Play store, has been leaving images posted by users and marked as "private" in chat sessions open to browsing on the Internet, potentially exposing the privacy of thousands of users. Photos were uploaded to an AWS S3 bucket accessible over an unsecured web connection, identified by a sequential number. By simply traversing the range of sequential values, it was possible to view all images uploaded by Jack'd users—public or private. Additionally, location data and other metadata about users was accessible via the application's unsecured interfaces to backend data.
The result was that intimate, private images—including pictures of genitalia and photos that revealed information about users' identity and location—were exposed to public view. Because the images were retrieved by the application over an insecure web connection, they could be intercepted by anyone monitoring network traffic, including officials in areas where homosexuality is illegal, homosexuals are persecuted, or by other malicious actors. And since location data and phone identifying data were also available, users of the application could be targeted
This blog was written in collaboration with Kishore Jotwani, Sr. Director of Marketing & Business Development for Intel’s Wireless Consumer Infrastructure Platforms and Bill Zhou, VP of product management, ARRIS.
Doors locked, windows shut, and alarm set. I should be safe… right?
The Internet of Things (IoT) is an ever-growing force that makes my everyday life easier. With real-world applications aplenty, I can’t imagine my life without IoT devices. Fitness wearables allow me to stay on track with my health goals, smart home security cameras keep my family and home safe, and even my smart oven helps me step up my cooking skills.
Unfortunately, as with anything else, there are two sides to this coin. Highlighted events over the past year have shown us that IoT devices, if not properly secured, can be vulnerable to attacks. In October of 2016, the Dyn DDoS attack leveraged, and infected, countless connected devices to shut down several popular sites, like Spotify and Twitter. Similarly, the Mirai malware used vulnerable IoT devices, forming them into a botnet army, to stake its claim.
Now more than ever, it’s clear we live in an interconnected world, in which our homes present new opportunities for entry—and I don’t mean breaking a window. Instead of only having to worry about a physical break-in, we’re faced with the threat of a cyber break-in—one that aims to compromise connected home gadgets, and personal data to boot.
I use connected devices to help make my life easier and streamline everyday processes, but without proper security, I’m left as a sitting duck. Also, with the growing number of IoT devices in my home, they’re all competing for network bandwidth and slow down my network speed.
So, what can you do to keep your home, and your family’s data and devices secure without sacrificing network speed?
The most important thing to note is that cybercriminals rely on the assumption that we, as consumers, won’t be proactive when it comes to properly locking down our smart home devices, and the accounts connected to them.
By following these tips, you can stay proactive and beat cybercriminals at their own game:
- Stay updated: Do your research on smart home devices, and choose the most secure one you can get your hands on. Also, always keep your devices’ software up to date to practice optimal security.
- Change it up: If you purchase a new, connected device for your home, change the default password right away. Need some help creating a secure login for it? We’ve got you covered.
- Safety first: Implement a solution that keeps all your smart home devices secure. For an extra layer of security, you can onboard two different routers for your home, dedicating one specifically to your IoT devices. Having one network for your connected devices and another for your other personal devices (laptop and mobile) is considered a best practice. That way, if a hacker gains access of one network, your devices on the other network are safe.
- Have a one-stop shop: Look for a solution that offers protection at the home network level, like ARRIS Secure Home Internet by McAfee®, now available in the ARRIS SURFboard SBG7580-AC gateway. Because this solution is directly embedded in the gateway, it automatically protects your connected gadgets, without slowing down your network speed.
Remember, cybercriminals are expecting us to slip up with security, so it’s important to stay on top of it. Stay informed on smart home protection best practices, and show those hackers who’s boss!
- 0xACB/viewgen: Payload generator to achieve RCE on .NET servers through leaking the machineKey
- Attacking Cloud Containers Using SSRF
- Broken Galaxy Fold screens and USB Killer attack remind us not to forget the physical world in the digital age (ZDNet)
- GitHub – tg12/OpenMailRelayFuzzer: Fuzzer for finding Open Mail Relays