PINDROP BLOG

Category: Device Security

April 7, 2016
Apple Fixes Passcode Bypass Flaw in iOS 9.3.1
Apple has fixed a serious vulnerability in iOS that allowed any user to access the contacts and some other information on some iPhone models when they were locked. The bug was the result of a problem in the way that iOS 9.3.1 handled some commands through Siri. In some specific cases, an attacker with access…
Read More →
April 4, 2016
Attackers Target Medical Devices, But Do Nothing Once They’re In
ORLANDO–Medical devices have become the new go-to example whenever someone wants to illustrate just how bad security is. And for good reason. These devices often run on Windows XP, have hardcodes passwords, haven’t been patched since the George W. Bush administration, and are reachable over the Internet. That’s not how any of this is supposed…
Read More →
April 1, 2016
Crypto Debate is About Power and Authority, Experts Say
Building devices and communications infrastructure that are resistant to compromise and surveillance has become an imperative in today’s environment, but it’s work that can run into roadblocks from government. The most pertinent current example is the encryption debate, and security experts say the security and privacy of users depends on the outcome of the conflict. The…
Read More →
April 1, 2016
FBI’s Mystery iPhone Technique at Center of Discussion
Apple has just released a new version of iOS, and it contains a number of important security fixes, notably one for a bug in iMessage. But there is at least one known vulnerability that isn’t patched in this version, and it’s in the hands of the FBI. The details of the flaw aren’t known, and…
Read More →
March 30, 2016
1,418 Bugs in Medical Devices, Zero Patches
There are vulnerability reports, and there are Vulnerability Reports. The latest and perhaps best entry in the latter category is a disclosure of more than 1,400 vulnerabilities in a variety of medication-supply devices manufactured by CareFusion. The affected devices are CareFusion’s Pyxis SupplyStation systems, automated cabinets that allow medical personnel to dispense medication and monitor…
Read More →
March 29, 2016
Apple Case May Cast a Long Shadow
Now that the Department of Justice has withdrawn its lawsuit against Apple in the case concerning the San Bernardino shooter’s iPhone, it’s clear that the legal and media battles of the last month and a half have produced more questions than they’ve answered. Chief among those remaining questions is this: What was the point? The…
Read More →
March 28, 2016
Treasurehunt PoS Malware Hitting Soft Targets
Researchers are tracking a new version of some point-of-sale malware that has some of the same memory scraping capabilities as other PoS threats, but appears to have been developed specifically for one attacker and is being used in targeted operations against banks and smaller retailers. The malware is known Treasurehunt and researchers say it has…
Read More →
March 25, 2016
Comey: NAND Mirroring Doesn’t Work
The FBI director says the prevailing theory about the alternative method the bureau is testing for unlocking the iPhone in the San Bernardino case, a technique called NAND mirroring, “doesn’t work”. Speaking at a press conference Thursday with the United States Attorney General Loretta Lynch regarding the terror attacks in Brussels, FBI Director James Comey…
Read More →
March 24, 2016
FBI-Apple Case Could Mean Uncertain Future for Users
The news this week that the Department of Justice has found a third party to help it unlock a contested iPhone without Apple’s compelled help–and subsequently asked to cancel a court hearing on the matter–has been hailed as a victory both for Apple and its users. While that may be true, at least for the…
Read More →
March 23, 2016
Critical Rooting Flaw Haunts Android
Google is warning users about a critical security flaw in Android that opens the devices up to attacks that could completely compromise the phones and give attackers persistent control of them. The vulnerability has been exploited by an app found in the Google Play store, and Google officials said it has been used to root…
Read More →