vulnerability | Mobiles365

Google+ API vulnerability is finally admitted, network shutdown sped up

Posted on December 10, 2018 by Jules Wang

Google+, the longtime also-ran social media network, is closing before its initially promised August deadline.

In October, The Wall Street Journal had reported that a vulnerability in its developer APIs had allowed third-party apps to obtain personal details such as date of birth, email address and employer. Subsequently, Google announced for its own reasons — low usership or otherwise — that it would close in 10 months.

Today, Google has once again commented on its The Keyword blog, saying that it had found an API bug — the very bug the Journal was told about from sources — only last month. The bug had an estimated impact on 52.5 million accounts, but the company said it was confident that data was not abused.

The company patched the security hole within a week of its discovery. Since then, it has also decided to expedite the sunsetting of Google+ APIs, resulting in the consumer version of Google+’s shutdown coming in April 2019.

Google has consistently maintained that Google+ for enterprise would go on operating and that customers would be notified of who in their organization is affected by the bug.

Google is also due to shut down its Allo consumer chat app and the legacy version of Hangouts in favor of alternative solutions.

The post Google+ API vulnerability is finally admitted, network shutdown sped up appeared first on Pocketnow.

Google+ will shut down after WSJ revealed private data exposure

Posted on October 9, 2018October 9, 2018 by Jules Wang

The data breach allowed app developers to collect data from not only consenting users, but those who shared private data with those users.

The post Google+ will shut down after WSJ revealed private data exposure appeared first on Pocketnow.

iPhone and Android vulnerability found affecting Bluetooth

Posted on July 26, 2018July 26, 2018 by Anton D. Nagy

An iPhone and Android vulnerability has been discovered, one that is related to Bluetooth. A hacker could hijack all data transmitted via Bluetooth.

The post iPhone and Android vulnerability found affecting Bluetooth appeared first on Pocketnow.

iBoot source code for iOS 9 shows up online in ‘biggest leak in history’

Posted on February 8, 2018 by Adrian Diaconescu

It didn't take Apple long to convince GitHub to take down leaked source code for a core iOS 9 component, but according to security experts, the damage may have been done.

The post iBoot source code for iOS 9 shows up online in ‘biggest leak in history’ appeared first on Pocketnow.

Meltdown and Spectre security bugs put all ‘modern’ computers at risk, but partial fixes are out

Posted on January 4, 2018 by Adrian Diaconescu

Regardless of your operating system, web browser or "modern" computer of choice, including smartphones, Meltdown and Spectre security threats are real and really scary.

The post Meltdown and Spectre security bugs put all ‘modern’ computers at risk, but partial fixes are out appeared first on Pocketnow.

OnePlus left EngineerMode APK in end user OxygenOS builds, easily rootable

Posted on November 14, 2017 by Jules Wang

It's a Qualcomm app and it's not really supposed to be on user-side software. Well, it is on user-side software with OxygenOS.

The post OnePlus left EngineerMode APK in end user OxygenOS builds, easily rootable appeared first on Pocketnow.

BLU phones still send all of your data to Chinese servers

Posted on July 27, 2017 by Jules Wang

It is worse since November. The process is hidden better and can encompass everything about your phone from your location to what apps you install.

The post BLU phones still send all of your data to Chinese servers appeared first on Pocketnow.

Samsung accused of neglecting consumer security over dropped domain

Posted on June 16, 2017 by Jules Wang

The domain is said to control master features of a piece of software that could not only suggest, but load apps onto millions of Android phones.

The post Samsung accused of neglecting consumer security over dropped domain appeared first on Pocketnow.

Qualcomm opens up bug bounties — up to $15,000 per vulnerability

Posted on November 17, 2016 by Jules Wang

San Diego-based semiconductor company Qualcomm is joining in on a growing list of firms offering developers and security hawks an incentive to find and report vulnerabilities in its products.

The vulnerability rewards program is focusing on exposing and patching holes in its Snapdragon and LTE modem silicon and is maintained in conjunction with HackerOne, a white hat hacking coordinator. Up to $15,000 will be provided per acknowledged bug as well as, in some cases, recognition by the security sector — perhaps the CodeAuroraForum Hall of Fame.

With its acquisition of NXP Technologies to come, Qualcomm may be investing in finding synergies between the two companies’ products. Cleaning up any oversights along the way will be important, so having a robust pool of researchers participating in HackerOne’s program is an appreciable move.

The post Qualcomm opens up bug bounties — up to $15,000 per vulnerability appeared first on Pocketnow.

iOS vulnerability causes iPhones to repeatedly call 911 after retrieving malicious link

Posted on October 29, 2016 by Jules Wang

One Arizona teenager is in a heap of trouble with the Maricopa County Sheriff’s Department over a link on a Twitter page that ended up nearly incapacitating 911 service for the city of Surprise.18-year-old Meethkumar Hiteshbhai Desai is charged with three counts of felony computer tampering and is alleged to be responsible for hosting a link and, on Tuesday night, distributing it on Twitter. Tapping on it caused “iOS cell phones” to call 911. Over. And over. And over. At least one user ...

The post iOS vulnerability causes iPhones to repeatedly call 911 after retrieving malicious link appeared first on Pocketnow.

Associated Press, Gannett, Vice sue FBI for San Bernardino iPhone hack details

Posted on September 16, 2016 by Jules Wang

The highest-profile battle over privacy and technology has not ended. In fact, it may have only just begun with a lawsuit filed by three news organizations against the FBI.You may recall that the agency wanted Apple to decrypt an iPhone 5c in the possession of Syed Rizwan Farook, one of the perpetrators of a mass shooting in San Bernardino, California, that killed 14 people and wounded 24 others. Farook and co-perpetrator, wife Tashfeen Malik, were killed shortly after their attack. The FBI claimed it ...

The post Associated Press, Gannett, Vice sue FBI for San Bernardino iPhone hack details appeared first on Pocketnow.

A government agency using private-market spyware hastened the release of iOS 9.3.5

Posted on August 26, 2016 by Jules Wang

NSO Group is the reason why you should probably install iOS 9.3.5.Apple released the update today to address three previously unknown vulnerabilities that were exploited two weeks ago when spyware from the Israel-based organization targeted Ahmed Mansoor, a human rights activist hailing from the United Arab Emirates.“New secrets about torture of Emiratis in state prisons,” a text read with a URL that may have represented The Emirates Foundation.Mansoor, ...

The post A government agency using private-market spyware hastened the release of iOS 9.3.5 appeared first on Pocketnow.

Linux TCP vulnerability still in Android Nougat

Posted on August 16, 2016 by Jules Wang

Lookout Security is relaying some new discussion of a vulnerability in the Linux 3.6 and later kernels. An estimated 80 percent of the Android user base (going all the way to KitKat) or 1.4 billion devices are under the gun of this off-path exploit.In other words, this is not Quadrooter.In a joint presentation at the USENIX Security Symposium, researchers at the Univerity of California, Riverside, and the United States Army Research Labratory were concerned about ...

The post Linux TCP vulnerability still in Android Nougat appeared first on Pocketnow.

Google’s take on Quadrooter doesn’t change the fact that the last fix is weeks away

Posted on August 9, 2016August 9, 2016 by Jules Wang

Google already had three vulnerabilities patched of the four publicized by Check Point Security over the weekend. It had them patched since Android 4.2. That’s the conclusion we’re getting from Google’s statement on the Quadrooter vulnerabilities found in Qualcomm-based Android devices, a device group totaling in the neighborhood of 900 million.A spokesperson wrote to Android Central that:Our Verify Apps and SafetyNet protections help identify, block, and remove applications that exploit ...

The post Google’s take on Quadrooter doesn’t change the fact that the last fix is weeks away appeared first on Pocketnow.

Samsung Pay in Mexico? Nope, just a security threat

Posted on August 8, 2016 by Jules Wang

There’s more security news in the wake of Def Con 24 and it involves how Samsung Pay handles its mobile payments transactions. One Salvador Mendoza has found a way to steal authentication tokens and use them in a spoofing device to commit fraud.Mendoza details the process in a video:The problem comes down to the tokens, which are created each time someone activates the ...

The post Samsung Pay in Mexico? Nope, just a security threat appeared first on Pocketnow.