Critical Qualcomm Flaws Threaten 900 Million Android Devices
Researchers have detailed four vulnerabilities in Android, caused by bugs in Qualcomm chipset drivers, that allow an attacker to get complete control of a vulnerable device. Three of the vulnerabilities already have been patched in August’s Android security update, but the fourth one has not been fixed yet. Researchers at Check Point discovered the vulnerabilities […]
Google Research Reveals Depth of Deceptive Software Problem
LAS VEGAS–After a year-long study of affiliate networks running pay-per-install programs, which often include shareware, ad-injectors, and other unwanted software, Google and NYU found that nearly 60 percent of offers bundled with these programs are flagged as unwanted and that the networks drive about 60 million download attempts every week. PPI networks are large, complex affiliate […]
Telephony Scams Findings as Shared by Pindrop at Black Hat 2016
Congratulations are in order if you’ve never had to experience the pleasure of being robocalled. The rampant growth of the underground phone fraud world is affecting consumers and enterprises alike. As consumers, we may experience calls telling us we are being sued by the IRS (just one of the many scams) and for enterprises, the […]
Apple Patches Critical Bug in iOS
Apple has released a new version of iOS that includes a patch for a critical security vulnerability that could lead to arbitrary code execution. The release of iOS 9.3.4 comes as Apple is already testing beta versions of iOS 10. The new version isn’t heavy on new features or functionality, but it’s an important update […]
Apple Launches Bug Bounty Program
LAS VEGAS–Vulnerabilities in iPhone hardware and software are among the more valuable bugs there are especially those that give an attacker full access to the device. Apple knows this as well as anyone, and today the company announced that it is starting an invitation-only bug bounty program that will pay up to $200,000 for the […]
Using Forensic Linguistics to Fight Phone Fraud
LAS VEGAS–One of the difficulties in protecting against phone fraud scams is actually detecting them. Technology certainly helps, but in a lot of cases, it’s up to the potential victim on the other end of the line to figure it out for himself. That has turned out to be a fairly high hurdle for a […]
Lessons Learned From the Android Stagefright Bug
LAS VEGAS–Security engineers and developers typically view vulnerabilities as problems, things to be avoided. But they also can be valuable learning opportunities, especially for a the engineers on Google’s Android security team who are trying to protect more than a billion devices. Android is by far the most widely deployed mobile operating system, and its […]
Using Data to Raise the Cost of Exploitation for Attackers
LAS VEGAS–The idea for a certification and testing lab for the security of software products has been kicking around the technology industry for a long time. But no one has really figured out a good model or methodology for doing it, until now. Peiter Zatko, a longtime security researcher known as Mudge, has developed system that […]
Researchers Bypass EMV Card Protections
LAS VEGAS–Chip-and-pin or EMV cards have been touted as a more secure alternative to traditional cards, but security researchers have found several methods for bypassing the security of these systems by abusing flaws in the point of interaction devices. Nir Valtman and Patrick Watson demonstrated several techniques for getting around the security on pinpad devices, […]