Tag : Android

Viber

Mobile Sunday: Viber Encryption Troubles Putting Millions at Risk

May 04, 2014 By Sharon Solomon | The Viber instant messaging app has become a household name, with over 200 million downloads worldwide. This cross-platform software is also compatible with desktops and provides unique functionality. But researchers at the University of New Haven have now exposed the lack of data encryption in the popular mobile app, a serious security problem. This is the second IM vulnerability exposed by the UNH experts this month, with the previous one being found in the WhatsApp messenger. The Facebook-owned service was found to give away user location in an unencrypted and open form. Viber is now feeling the heat. Hackers can easily perform man-in-the-middle attacks to harvest sensitive user data. Its even possible to retrieve messages including photos, videos and location-related data from the Viber servers.

</Read More>
HiRes1

Mind Your Fingers. Samsung Galaxy S5 Fingerprint Scanner Exploited

Apr 22, 2014 By Sharon Solomon | Fingerprint scanners are becoming the rage in the smartphone industry. Apple introduced its proprietary sensor in its flagship 5s device last year and Samsung has done it recently with its new Galaxy S5 model. But its not all good news. The Korean manufacturer’s latest security solution can be rendered useless with a simple home-made PCB mould.  

</Read More>
iStock_000022655471Small

Mobile Sunday: Sandroid Trojan; From Russia with Love

Apr 13, 2014 By Sharon Solomon | The smartphone revolution is enabling the harvesting of banking information and credit card numbers in new ways. There were almost 100,000 malicious modifications to mobile malware in 2013, with over 98% connected to the Android platform. Sandroid is the latest high-profile mobile Trojan, wreaking havoc amongst middle-east banking customers.  

</Read More>
Heartbleed-4-300x300

Top 5 in Security: Your Weekly Update

Apr 11, 2014 By Sarah Vonnegut | The security industry took a massive hit this week with the Heartbleed bug, and while it took most of the focus, there’s some notable news that you may have missed. Here are your top 5 security stories of the week:

</Read More>
iStock_000006232984Small

Mobile Friday: Google Waze Hacked By Technion Students

Mar 28, 2014 By Sharon Solomon | Waze has come a long way since its launch back in 2008. Winner of the Best Overall Mobile App award at the 2013 Mobile World Congress, the Israeli based startup was sold to Google last year for a whopping $1.3 Billion. Unfortunately, two students from the Technion have revealed a huge security issue in the popular app.   The revolutionary Israeli navigation software made waves by integrating social networking into its user interface and enabling commercial collaborations with strategic businesses. Even Google couldn’t afford to stay indifferent to the app’s massive potential. Everything was looking bright until Shir Yadid and Meital Ben-Sinai, software engineering students at the Technion Institute of Technology in Israel, found a glaring loophole in the application. Waze are aware of the POC, but have not released any security patches so far.

</Read More>
iStock_000019668000Small

Mobile Friday: Ten Commandments of Android Safety

Mar 21, 2014 By Sharon Solomon | The Android mobile platform has come a long way since its introduction in 2008. Almost 80% of smartphones activated last year (2013) were powered by the “green robot”. But the customizable interface and other open source advantages come at a price. Android is ridden with vulnerabilities.
Android’s biggest convenience is also its biggest security issue. These smartphones are activated with one centralized Google ID, which controls all major functions such as emails, app management and calendar syncing. The risk is high. Besides this inherited problem, the open-source nature of the market-leading OS is prone to cybercrime. Pirated ROMs and unauthorized apps that can be downloaded from underground markets put the unsuspecting users in danger.

</Read More>
Whatsapp-01

Gaping Security Flaw in WhatsApp on Android Let Other Apps Steal Your Messages

Mar 13, 2014 By Sarah Vonnegut | If you’re using WhatsApp on an Android – even after yesterday’s update – your chats are prone to being downloaded by others, a security consultant has discovered.  Bas Bosschert, CTO and consultant at Double Think, along with his brother, discovered this exploit after wondering if it would be possible to upload and read someone’s WhatsApp chats from another app. With a proof of concept on his blog, he proved it was easily possible.

</Read More>
iStock_000035552198Small

Mobile Friday: WhatsApp Alternatives Not Really Safe

Mar 07, 2014 By Sharon Solomon | WhatsApp now belongs to Facebook and the acquisition has raised some serious concerns regarding the privacy of the app’s users. Facebook is not really commenting on the issue, causing more and more people to look at alternate solutions. Unfortunately, the alternatives are not really secure. Compatible with Android, iOS, Windows Mobile, Blackberry and even the outdated Symbian, WhatsApp has over 450 million active users. It’s estimated that more than a million people download the app and start using the chat client every day.

</Read More>
iPhone

Mobile Friday: iOS Apps Riskier Than Android Ones

Feb 28, 2014 By Sharon Solomon | The mobile app markets are booming. More and more developers are shifting their focus towards smartphone and tablet software. Despite the common belief that Apple has the safest mobile platform, an in-depth research by Appthority has shown that iOS apps are more vulnerable than Android ones. Appthority is a leading application security analysis provider that recently compared the security levels in iOS and Android platforms. Security related app behaviors, such as location tracking and data sharing, were researched and analyzed.

</Read More>

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Follow us on Feedly

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.