Tag : Android

android metaphor stagefright attack large

Another Android Stagefright Vulnerability is Exposed

Apr 06, 2016 By Paul Curran | In mid March, the advanced software researchers at NorthBit released a video and detailed research PDF demonstrating proof of concept of a notorious exploit that can essentially offer hackers control over device hardware and data of certain Android phones. This latest exploit of Android’s Stagefright is referred to as “Metaphor.”
</Read More>
Mobile security press roundup-01

The State of Mobile Application Security Press Roundup

Nov 08, 2015 By admin | Think Apple apps are safer than Android? Think again Amanda Schupak, CBS News Apple has a good reputation for security. But a new report finds that its good reputation could be working against it. Software security testing company Checkmarx and mobile app experts at AppSec Labs looked at hundreds of apps for Android and iOS devices and found that each app had an average of nine vulnerabilities that could leave users open to data theft. Continue Reading Which is safer – iPhone or Android?  Gabriel Avner, Geektime A report that cybersecurity experts Checkmarx and AppSec Labs released today has found a set of critical flaws in how developers are writing code for mobile apps that could put a lot of people at risk. Over the course of the past year, these two companies carried out an audit of hundreds of mobile apps, testing them for vulnerabilities. Among those reviewed were banking apps and others containing essential personal information. Continue Reading
</Read More>
apple vs android-01

Think Apple apps are safer than Android? Think again.

Nov 08, 2015 By admin | Apple has a good reputation for security. But a new report finds that its good reputation could be working against it. Software security testing company Checkmarx and mobile app experts at AppSec Labs looked at hundreds of apps for Android and iOS devices and found that each app had an average of nine vulnerabilities that could leave users open to data theft. Checkmarx marketing vice president Asaph Schulman called the results “nothing short of alarming” and said that if app developers don’t institute better coding practices, “we should expect an increase of major hacks…in the near future.” Thirty-eight percent of the vulnerabilities the researchers identified in the code of a range of app types (including ones, such as banking apps, that handle very sensitive information) were categorized as being of high or critical severity, meaning that a hacker could break in with relative ease. When they compared iOS to Android apps, they found the Apple apps actually had a higher percentage of high vulnerabilities — 40 percent to 36 percent. The irony? This discrepancy might be a result of Apple’s focus on security. Developers willfully bypassing standard protocol were responsible for thousands of apps in Apple’s App Store that were infected with malware from counterfeit code. Revealed in September, the XcodeGhost malware is still active in the U.S. and has even taken a new, more elusive form, according to FireEye security experts. “Software developers need to realize that the security of the apps they produce and publish are entirely dependent on their development toolchain,” said Tod Beardsley, senior research manager at Rapid7, a cybersecurity firm. Checkmarx and AppSec Labs concluded that one of the key steps to ensuring safer mobile apps is educating developers about best practices for protecting their own creations. Read the full article here. 
</Read More>
Android Development

Top 5 Secure Android Development Tips

Sep 01, 2015 By Sharon Solomon | Over 50% of US smartphone users are now actively using Android devices and the security aspect of Google’s mobile platform is under constant scrutiny. With new vulnerabilities and hacking POCs making the news on almost a daily basis, safety concerns are rising. So what lies ahead for this customizable and user-friendly, albeit vulnerable, mobile operating system? How can secure Android development minimize the risks? Let’s find out.  
</Read More>
phone with key on white background. Isolated 3D image

Mobile Security In Limbo With Coding Vulnerabilities Galore

Jun 24, 2015 By Sharon Solomon | It’s no secret is that the smartphone is the modern man’s best friend. Over 7 billion mobile devices are being used today all around the world and they are multiplying 5 times faster than human beings. With the astronomical amounts of private information being transferred worldwide, the need for strong mobile security has become paramount. Unfortunately, the news about new vulnerabilities and high-profile breaches are raining down on us.
</Read More>
iStock_000030628102Large

15 AppSec Tips From the Top Ethical Hackers of 2014

Dec 31, 2014 By Sharon Solomon | 2014 will go down as the year of the mega-attacks. It all started off during last years holiday season with the Target hackings that affected over 100 million customers. Soon the Heartbleed and Shellshock vulnerabilities were exposed, causing havoc all across the planet. The hackings kept on coming in the latter stages of the year – the Snapchat fiasco, iCloud photo leaks and North Korean orchestrated Sony Pictures hacking just to name a few.  
</Read More>
Image

Pakistani Ethical Hacker Reveals How He Exposed Android Vulnerabilities

Oct 21, 2014 By Sharon Solomon | Hackers are often viewed as modern-day pirates. While mostly true due to the security hazards they create, ethical hackers actually are very helpful in actually improving security standards. Most of these security experts perform these actions simply for the benefit of the community. Rafay Baloch is one such ethical hacker.   Baloch, also known as Pakistan’s “Top Ethical Hacking Prodigy”, has been in the headlines recently for exposing two vulnerabilities in Android’s stock (AOSP) browser. These security loopholes allow hackers to steal the mobile user’s session cookie, enabling them to perform a wide variety of malicious actions including identity theft.   The Pakistani AppSec expert, currently an undergraduate student who spends his free time honing his research skills, was also kind enough to take Checkmarx’s questions and provide an in-depth view into how he revealed the aforementioned vulnerabilities in the world’s most popular mobile OS.  
</Read More>
Android

Major Android Browser Flaw Allowing Hackers to Bypass SOP Mechanism

Sep 30, 2014 By Sharon Solomon | The Android platform has taken the world by storm in recent years. It was announced at Google’s recent 2014 I/O developer conference that over 538 million Android devices are currently in use worldwide. Android has now leapfrogged Apple’s iOS in the US, where it currently has almost 52% of the smartphone market share.
</Read More>
Viber

Mobile Sunday: Viber Encryption Troubles Putting Millions at Risk

May 04, 2014 By Sharon Solomon | The Viber instant messaging app has become a household name, with over 200 million downloads worldwide. This cross-platform software is also compatible with desktops and provides unique functionality. But researchers at the University of New Haven have now exposed the lack of data encryption in the popular mobile app, a serious security problem. This is the second IM vulnerability exposed by the UNH experts this month, with the previous one being found in the WhatsApp messenger. The Facebook-owned service was found to give away user location in an unencrypted and open form. Viber is now feeling the heat. Hackers can easily perform man-in-the-middle attacks to harvest sensitive user data. Its even possible to retrieve messages including photos, videos and location-related data from the Viber servers.
</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.