Category Archives: Mobile Devices

iPhone, Galaxy S5, Nexus 5, and Fire Phone fall like dominoes at Pwn2Own

An iPhone 5S, Samsung Galaxy S5, LG Nexus 5, and Amazon Fire Phone were all hijacked by whitehats on the first day of an annual hacking contest that pays hefty cash prizes for exploits bypassing security sandbox perimeters.

Day one of the Mobile Pwn2Own competition at the PacSec conference in Tokyo repeated a theme struck over and over at previous Pwn2Own events. If a device runs software, it can be hacked—regardless of claims made by marketers or fans. Organized by the Hewlett-Packard-owned Zero Day Initiative and sponsored this year by Google and Blackberry, Mobile Pwn2Own awards as much as $150,000 for the most advanced hacks, with a total prize pool of $425,000. In exchange, contestants agree to turn over technical details to the organizer and keep them confidential until the underlying vulnerabilities have been patched.

During the first day, according to this HP blog post, the following hacks took place:

Read 2 remaining paragraphs | Comments

Security Scorecard Finds Messaging Apps Need More Development

Only six out of 39 messaging applications have the features needed to guarantee the security of communications sent over the Internet, according to an analysis by the Electronic Frontier Foundation (EFF).

The results of the analysis, published as a scorecard on Tuesday, found that popular messaging apps—such as Facebook Chat, Apple’s FaceTime and iMessage, Microsoft’s Skype, and Yahoo Messenger—failed to meet all seven criteria, such as whether the application implements perfect forward secrecy and whether the source code had been audited for security. The group did the analysis as part of its campaign to promote the development of secure and usable cryptography, which is necessary in a world where government surveillance has become more common, Peter Eckersley, EFF’s technology projects director, told Ars.

The study is intended to help direct companies who are actively developing secure-communication software, he said.

Read 7 remaining paragraphs | Comments

A Top Appeals Court to Hear Why NSA Metadata Spying Should Stay or Go

iko

On Tuesday, three judges at one of the nation’s most powerful appellate courts will hear oral arguments in the only legal challenge to result in a judicial order against the National Security Agency’s (NSA) vast telephone metadata collection program. That order was put on hold pending the government’s appeal in this case.

The District of Columbia Circuit Court of Appeals could overturn last year’s unusual lower court ruling that ordered an end to the program, or the court could confirm it.

The lawsuit, known as Klayman et al v. Obama et al, pits a longstanding conservative lawyer, Larry Klayman, against the American government and its intelligence apparatus. If Klayman wins, the suit is likely to be eventually appealed further to the Supreme Court.

Read 19 remaining paragraphs | Comments

Latest Android Encrypted by Default, Adds “Smart” Device Locking

The latest version of the Android operating system, Lollipop, adds encryption by default, along with a variety of easy-to-use ways to lock and unlock the phone and a more secure foundation to help protect devices against current threats.

In a blog post published on Tuesday, Google described the features, which will begin shipping with the Lollipop operating system in new Android devices in the coming weeks. While some of the capabilities, such as encryption, are already included in the current Android OS, the new version will turn them on by default.

Many of the security features were born of Android’s open-source foundations and the fact that other researchers and companies can create and test new security features for the operating system, Adrian Ludwig, lead security engineer for Android at Google, said during a briefing on the security features.

Read 11 remaining paragraphs | Comments

Verizon’s ‘Perma-Cookie’ Is a Privacy-Killing Machine

Verizon’s ‘Perma-Cookie’ Is a Privacy-Killing Machine

Verizon Wireless has been subtly altering the web traffic of its wireless customers for the past two years, inserting a string of about 50 letters, numbers, and characters into data flowing between these customers and the websites they visit. The company—one the country’s largest wireless carriers, providing cell phone service for about 123 million subscribers—calls […]

The post Verizon’s ‘Perma-Cookie’ Is a Privacy-Killing Machine appeared first on WIRED.



Virginia Police Have Been Secretively Stockpiling Private Phone Records

Virginia Police Have Been Secretively Stockpiling Private Phone Records

While revelations from Edward Snowden about the National Security Agency’s massive database of phone records have sparked a national debate about its constitutionality, another secretive database has gone largely unnoticed and without scrutiny. The database, which affects unknown numbers of people, contains phone records that at least five police agencies in southeast Virginia have been […]

The post Virginia Police Have Been Secretively Stockpiling Private Phone Records appeared first on WIRED.