If you use the official Starbucks mobile payment app, you may want to reconsider. According to security researcher Daniel Wood, the application stores information like your email address, password, and GPS location and an unencrypted plain-text format. Anyone who has access to your phone could do a bit of work to steal that information, which is not something you want someone else to have access to. Even worse, because the app makes payments using an on-screen barcode, that barcode method could be manipulated to suck money out of your bank account.
Fortunately, someone would need access to your phone to get this information, but it’s still a vulnerability that you should be aware of. Hopefully Starbucks addresses this soon.
source: Computer World
One of the biggest topics this year is going to be privacy, and BlackPhone is looking to capitalize on that. This smartphone comes out of a joint venture between Silent Circle and Geeksphone, and it will run a secure version of Android called PrivatOS. It will support secure phone calls, texting, file storage, and video chats. It will also run on GSM networks. Obviously corporations will be a target demographic, but consumers are likely to jump in as well.
The BlackPhone will be unveiled at next month’s Mobile World Congress, but if you want to sign up for updates, be sure to hit the source link.
Last month security researchers from Ben-Gurion University Cyber Security Labs claimed to have discovered a vulnerability in Samsung’s KNOX security platform. Samsung has issued a statement regarding the claims, indicating the issue identify by the Ben-Gurion researchers was really a classic Man in the Middle (MitM) attack and not a bug or flaw in KNOX or Android. Samsung indicates they reached out and discussed the issue with the security researchers and were able to verify that the exploit that was identified exists as it “uses legitimate Android network functions in an unintended way to intercept unencrypted network connections from/to applications on the mobile device.” Read more
Today, Google continued its efforts to integrate many of its products— Gmail users will now be able to send email to Google+ connections.
If you want to turn the feature off, you’ll be able to in just a few steps. You’ll also be able to set whether you want to let anyone (or nobody) from Google+ email you at all.
It’s also important to note that while people from Google+ will be able to email you, they won’t actually be able to see your email address through Gmail— just your name. Privacy is still most important here, and it’s good to see that Google recognizes that.
Source: Google Blog
It was recently confirmed that around 4.6 million Snapchat phone numbers and usernames associated with those numbers has been leaked online. Unofficial site SnapchatDB is now allowing open access to two files, one SQL dump and one CSV text file – both showing users phone numbers, usernames and locations.
The final two digits of each phone number has been censored in order to “minimize spam and abuse”, but despite this SnapchatDB has said that it can be contacted for the uncensored files, as they may be willing to release it under certain circumstances. Otherwise users can “find phone number information associated with Facebook and Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with.”
Earlier this week Gibson Security tweeted some information it claimed could be used to exploit Snapchat enabling malicious hackers to match usernames with phone numbers and build a profile of users. Gibson Security also claimed the security holes could allow for the creation of dummy accounts in bulk. According to Gibson Security, they notified Snapchat of the problems last August, but after not seeing any move to correct an issue that supposedly could be fixed with ten lines of code, proceeded with making the exploit public. Read more
Researcher Mordechai Guri at the Ben-Gurion University’s Cyber Security Lab in Israel recently discovered a major vulnerability in Samsung’s Knox security platform on the Galaxy S4. The flaw “could allow malicious software to track emails and record data communications.”
While Samsung is still investigating the claims, a Samsung spokesperson said that the allegations are not as serious as they might seem.
Remember that little vulnerability we heard about on Nexus devices that could be maliciously exploited to cause a device to lock up and reboot? Looks like Google has finally added a fix for that in Android 4.2.2, which should be rolling out fairly soon. There are no other camera improvements or anything like that in this update, but according to the 4.4.2 changelog, there were a handful of things that got patched. The most major one is that SMS exploit, but that doesn’t mean the few other things that were patched aren’t appreciated. If you’re a Nexus user, keep an eye out for this update.
Lookout Mobile Security‘s research has found that 63% of people just can not keep up with mobile technology. In a study group of more than 2000 people, one in three of them depend on someone who has a great deal of knowledge in the field. And of those that depend on a “Tech Hero,” 75% will turn to them for advice on what smartphone or tablet to purchase. These mobile tech-savy individuals may have accounted for $2.8 billion in the third quarter of 2013.
To reward these “Tech Heroes,” Lookout is holding a contest on Facebook. All you have to do is head over to their page and nominate your go-to for mobile technology. From there, nominees receive votes and become eligible to win prizes. The grand prize winner will be announced on January 7, 2014 and split $2,000 with their nominator. Leading up to that date, nominees will be randomly selected as winners for a few different devices. The four weeks prior will feature two Nexus 7 tablets, two Samsung Galaxy Gear smart watches, and two Samsung smart TVs.
You can find the Facebook page here. Hit the break for a video. Read more
Fingerprint Cards, an identity technology company from Sweden that manufactures touch sensors, hopes to ride the wave of touch recognition demand by selling to the likes of Samsung, LG and Huawei among others. Fingerprint’s CEO Johan Carlstrom thinks Apple’s inclusion of fingerprint identity technology in the iPhone 5S will set off a scramble by Android device producers to include the same technology in their products during 2014. Read more