Hacker News with Generative AI: Mobile Security

iOS and Android juice jacking defenses have been trivial to bypass for years (arstechnica.com)
New ChoiceJacking attack allows malicious chargers to steal data from phones.
Cybersecurity, Mobile Security, Android, iOS
10 points by lisa_k 25 days ago | 1 comments
Hundreds of smartphone apps are monitoring users through their microphones (the-independent.com)
Hundreds of apps and games are monitoring smartphone users through their microphones.
Privacy, Mobile Security, Smartphones, Data Collection
48 points by macawfish 27 days ago | 18 comments
Blasting Past WebP - An analysis of the NSO BLASTPASS iMessage exploit (blogspot.com)
On September 7, 2023 Apple issued an out-of-band security update for iOS:
Security, iOS, Mobile Security, Exploits, Cyber Security
263 points by el_duderino 57 days ago | 124 comments
Conducting forensics of mobile devices to find signs of a potential compromise (github.com/mvt-project)
Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices.
Mobile Security, Forensics, Android, iOS, Tools
151 points by 34679 68 days ago | 72 comments
GrapheneOS Adds Custom Private Network Location Feature (grapheneos.social)
Privacy, Operating Systems, Mobile Security
55 points by DeepPhilosopher 81 days ago | 12 comments
Pegasus spyware infections found on several private sector phones (therecord.media)
New findings from the mobile device security company iVerify show that powerful zero-click spyware is more widely used than has been previously understood and is impacting business executives in addition to members of civil society.
Cybersecurity, Spyware, Private Sector, Mobile Security
9 points by johnshades 92 days ago | 0 comments
Researchers find screenshot-reading OCR malware on App Store and Google Play (engadget.com)
Researchers from Kaspersky have identified malware being distributed within apps on both Android and iOS mobile storefronts.
Cybersecurity, Mobile Security, Malware, Android, iOS
4 points by walterbell 105 days ago | 1 comments
Multiple Security and Privacy Flaws in DeepSeek iOS Mobile App (nowsecure.com)
A NowSecure mobile application security and privacy assessment has uncovered multiple security and privacy issues in the DeepSeek iOS mobile app that lead us to urge enterprises to prohibit/forbid its usage in their organizations.
Mobile Security, Privacy, iOS, Security Flaws, Mobile Apps
17 points by ahoog42 106 days ago | 6 comments
Coordinates of Smartphones Feared Stolen (theregister.com)
Gravy Analytics has been sued yet again for allegedly failing to safeguard its vast stores of personal data, which are now feared stolen. And by personal data we mean information including the locations of tens of millions of smartphones, coordinates of which were ultimately harvested from installed apps.
Data Privacy, Mobile Security, Location Data, Data Breaches
4 points by jjgreen 106 days ago | 0 comments
iPhone apps found on App Store with malware that reads your screenshots for data (9to5mac.com)
One of the promises of the App Store is that anything you download has gone through a vetting process by Apple. Occasionally though, iPhone apps with malicious code slip through the cracks, and today, researchers at Kaspersky have reported on new malware they discovered in App Store apps—which they say is ‘the first known case.’
Security, Mobile Security, Malware, Apple, iOS
19 points by mgh2 106 days ago | 3 comments
OCR Crypto Stealers in Google Play and App Store (securelist.com)
In March 2023, researchers at ESET discovered malware implants embedded into various messaging app mods. Some of these scanned users’ image galleries in search of crypto wallet access recovery phrases. The search employed an OCR model which selected images on the victim’s device to exfiltrate and send to the C2 server. The campaign, which targeted Android and Windows users, saw the malware spread through unofficial sources.
Mobile Security, Malware, Cryptocurrency, OCR, Android
35 points by shifty1 107 days ago | 5 comments
iOS App Store apps with screenshot-reading malware found (theverge.com)
Apps distributed through both Apple and Google’s app stores are hiding malicious screenshot-reading code that’s being used to steal cryptocurrency, the cybersecurity software firm Kaspersky reported today.
Cybersecurity, Malware, Mobile Security, iOS
8 points by hassanahmad 107 days ago | 0 comments
Homomorphic Encryption in iOS 18 (boehs.org)
You are Apple. You want to make search work like magic in the Photos app, so the user can find all their “dog” pictures with ease. You devise a way to numerically represent the concepts of an image, so that you can find how closely images are related in meaning. Then, you create a database of known images and their numerical representations (“this number means car”), and find the closest matches. To preserve privacy, you put this database on the phone.
Privacy, Mobile Security, Machine Learning, Image Recognition, iOS
10 points by vsgherzi 133 days ago | 0 comments
Ask HN: Why do banking apps care about your phone OS (ycombinator.com)
Many banking apps require a non rooted phone and up to date OS, but even those phones can run a browser which provides access to the bank website, often with more functionality than the app.
Mobile Security, Banking, Mobile Apps, User Experience
33 points by j-bos 165 days ago | 48 comments
A New Phone Scanner That Detects Spyware Has Found 7 Pegasus Infections (wired.com)
The mobile device security firm iVerify has been offering a tool since May that makes spyware scanning accessible to anyone—and it’s already turning up victims.
Cybersecurity, Spyware, Mobile Security, Pegasus
4 points by thunderbong 170 days ago | 0 comments
FBI Warns iPhone and Android Users–Stop Sending Texts (forbes.com)
Timing is everything. Just as Apple’s adoption of RCS had seemed to signal a return to text messaging versus the unstoppable growth of WhatsApp, then along comes a surprising new hurdle to stop that in its tracks. While messaging Android to Android or iPhone to iPhone is secure, messaging from one to the other is not.
Cybersecurity, Messaging Apps, Mobile Security, Android, iPhone
23 points by _____k 171 days ago | 1 comments
Android Trojan that intercepts voice calls to banks just got more stealthy (arstechnica.com)
Researchers have found new versions of a sophisticated Android financial-fraud Trojan that’s notable for its ability to intercept calls a victim tries to place to customer-support personnel of their banks.
Cybersecurity, Android, Mobile Security, Financial Fraud, Malware
3 points by type0 204 days ago | 0 comments
Man locked out of Google Drive and loses 9 year old photos after SIM Swap attack (bbc.co.uk)
A man says he has lost files, business records and all his online photos after "failings" by his mobile phone provider allowed fraudsters to take control of his phone.
Cybersecurity, Data Loss, Mobile Security, Google Drive
32 points by microsoftedging 213 days ago | 19 comments
Google Chrome will soon block password autofills if Android phone gets stolen (androidauthority.com)
Google Chrome for Android is preparing to add support for Identity Check, an upcoming feature that will force apps to use biometric authentication when your phone is outside of a trusted location.
Security, Mobile Security, Google Chrome, Android, Biometric Authentication
3 points by thunderbong 213 days ago | 0 comments
Understanding the Android Virtualization Framework (AVF) (medium.com)
As the complexity of mobile applications and the sensitivity of the data they handle increase, so does the need for robust security solutions. Enter the Android Virtualization Framework (AVF), a groundbreaking innovation designed to enhance security, efficiency, and flexibility in Android devices.
Android, Mobile Security, Virtualization, Operating Systems
14 points by transpute 223 days ago | 4 comments
Has my mobile security advice changed? (shkspr.mobi)
A decade ago, I appeared on the 361 Podcast to give my advice about mobile security.
Mobile Security, Security, Advice
6 points by ColinWright 235 days ago | 0 comments
Jailbreak Your Enemies with a Link: Remote Execution on iOS (jacobbartlett.substack.com)
This is the story of the Trident exploit chain: 3 zero-day vulnerabilities in iOS that enabled the first remote jailbreak. Part #1 dives into the internals of the JavaScriptCore runtime: where a vulnerability lurks in WebKit which would crack your iPhone wide open.
Cybersecurity, iOS, Exploits, Mobile Security
35 points by jakey_bakey 249 days ago | 3 comments
New Phishing Technique Bypasses Security on iOS and Android to Steal Bank Creds (securityweek.com)
Security, Mobile Security, Phishing, Cybersecurity, Data Breaches
52 points by LinuxBender 275 days ago | 18 comments
Flaw has Microsoft Authenticator overwriting MFA accounts, locking users out (csoonline.com)
Security, Microsoft, Authentication, Mobile Security
497 points by miles 279 days ago | 311 comments
Hackers Steal Phone, SMS Records for Nearly All AT&T Customers (krebsonsecurity.com)
Cybersecurity, Data Breaches, AT&T, Mobile Security, Privacy
311 points by todsacerdoti 315 days ago | 5 comments
Europol says Home Routing mobile encryption feature aids criminals (bleepingcomputer.com)
Cybersecurity, Mobile Security, Law Enforcement, Encryption
10 points by sys_64738 320 days ago | 0 comments
Twilio breach leaks over 30M Authy-linked phone numbers (androidpolice.com)
Data Breaches, Security, Mobile Security, Twilio, Authy
4 points by thunderbong 322 days ago | 1 comments
3M iOS and macOS apps were exposed to potent supply-chain attacks (arstechnica.com)
Cybersecurity, Mobile Security, iOS, macOS
4 points by Brajeshwar 325 days ago | 0 comments
British duo arrested for SMS phishing via homemade cell tower (theregister.com)
Cybersecurity, Hacking, Mobile Security, United Kingdom
223 points by skilled 347 days ago | 175 comments
Apple has rejected UTM SE from the iOS and third party App Stores (twitter.com)
Apple, iOS, Mobile Security, App Stores
46 points by cglong 348 days ago | 15 comments