National Cyber Security Alliance adds BlackBerry to their ranks

National Cyber Security Alliance.  (PRNewsFoto/National Cyber Security Alliance)

BlackBerry got a start in the enterprise sector where security and privacy were major concerns for entities that were looking for mobile communications platforms. Over the years, BlackBerry has earned over 70 different government certifications or approvals which is more than any other mobile vendor. With this strong background in mobile security, BlackBerry seems like a natural fit for the National Cyber Security Alliance (NCSA), but they are only just now joining according to an announcement made today.

NCSA’s executive director Micheal Kaiser says the organization welcomes “the unique perspective that BlackBerry brings to the NCSA, and we look forward to working with BlackBerry to solve  cybersecurity challenges, particularly as they relate to mobility and the Internet of Things.” Meanwhile, BlackBerry’s Edward Hearst, vice president of U.S. Government Business Development, says BlackBerry hopes to share “knowledge and insights to further advance efforts to ensure that the mobile experience is safe and secure for users, no matter what devices they have or information they access.”

source: National Cyber Security Alliance (PR)

Deutsche Telekom disables MMS auto-retrieval until the StageFright exploit is patched

StageFright

You’ve probably heard about the latest Android vulnerability that apparently affects over 900 million Android devices. It’s called StageFright, and the worry is that malware can be embedded in a video that could then run roughshod in your device without you initiating any action whatsoever. The malware ridden video would be sent by MMS and your device would download it automatically, thanks to the auto retrieve setting being ticked in settings of the messaging app. While most carriers are waiting for phone manufacturers to issue software patches to block the exploit, Germany’s Deutsche Telekom is taking a more pro-active approach by disabling the MMS auto-retrieve function itself.

Baidu launches new DU Privacy Vault app

du_privacy_vault_app_icon

Earlier today, Baido released a new security application in the Play Store called DU Privacy Vault. The app provides a simple and organized way to help Android users lock applications for their personal use. The app can also be used to hide certain photos and videos with a passcode. Once a passcode is set, the user will be prompted to enter it whenever they are trying to gain access to those files. For example, when your friend or child asks to use your phone or tablet, you no longer need to worry about them snooping around to private apps and media.

Samsung stepping up mobile security on the Galaxy Note 5

Samsung_Galaxy_Note_Edge_Front_Home_Button_TA

We’ve got another rumor to throw on top of the Galaxy Note 5 pile. Samsung is reportedly working on increasing mobile security in a handful of ways on the Note 5, including an improved security suite, a better fingerprint scanner, and a new trick that will link security elements to the phone’s processor.

Samsung has always taken security pretty seriously, which is evident by how many high-end phones they ship with KNOX on board, so these rumors seem pretty likely at this point.

Tons of popular apps can have their passwords cracked

best-apps-2014-google-play

According to AppBugs many popular apps on iOS or Android are vulnerable to password cracking. Very big name apps such as Walmart, ESPN, Pocket, CNN, Slack, SoundCloud, etc. Appbugs testing suggest these apps are subject to brute force attacks. That means an attacker can make unlimited login attempts to a web service until the users password is found.

Geeksphone quits making smartphones, leaves its Multi-OS platform in the hands of the community

geeksphone

Remember Geeksphone, Spain’s first smartphone manufacturer that developed a MultiOS platform allowing you to choose when you want to use Google’s Android, Mozilla’s Boot2Gecko or another community developed operating system on its handsets? Well, today Geeksphone has announced it will quit making smartphones and leave further development of its MultiOS software in the hands of its community.

Samsung prepping security update for SwiftKey keyboard vulnerability

Samsung_Galaxy_S6_Edge_Right_Edge_Slanted_01_TA

Earlier today, a massive security exploit involving Samsung’s default SwiftKey keyboard spread across the internet like wildfire showing the dangers of manufacturers pre-loading third-party software on their phones. The vulnerability was pretty obscure and wouldn’t affect everyone with a Samsung device, but it was still a fairly serious exploit Fortunately, Samsung has issued a relatively quick response about the whole situation.

Samsung has stated that they’re working on a fix, and it will be deployed through a security policy update via Knox. The vulnerability was based in how language packs for Samsung’s SwiftKey-backed keyboard were updated, and doesn’t affect the normal version of SwiftKey that you may have downloaded through the Play Store. 

Third-party app exploit reveals remote code attack vector on Samsung smartphones

Samsung_Galaxy_S6_Edge_Right_Edge_Slanted_01_TA

Some recent security work on new Samsung smartphones will likely increase the pressure on manufacturers and carriers to dispense with preloading third-party apps. According to security researchers, they were able to figure out a way to deliver a payload capable of executing remote code via the Swift keyboard app that comes pre-installed on new Samsung devices. The vulnerability gives an attacker the ability to run code as a system user, one step shy of being root, and can be launched without input from the device’s user. 

Researchers able to access private data on smartwatches

LG_G_Watch_Cube_Watch_Face_TA

Over the years owners of smartphones have learned the hard way that they need to keep their devices secured against attempts to get private information off of the devices. The worry is not so much that someone will intercept data on the fly, but that a misplaced device could fall into the wrong hands that have plenty of time to try to break through security to access private data. Researchers from the University of New Haven have started work on examining how secure a new crop of devices – smartwatches – may be and the results are not promising.

Gmail app gets Oauth support for Yahoo! and Microsoft mail accounts

Gmail-banner

Google’s Gmail app for Android has gotten some extra new security features that will be very important for those of you using a Yahoo! or Microsoft account. The new update brings Oauth support for both accounts, bringing the security of using those email addresses closer to what you’ll typically experience with Gmail.

Oauth allows users to take advantage of two-step authentication and Google’s account recovery process, both of which are staple security features in 2015. If you use either a Yahoo! or Microsoft mail account in your Gmail app, keep an eye out for this update over the next few days.