Apple Allows Uber to Use a Powerful Feature that Lets it Record iPhone Screen

What could possibly go wrong when your privacy and phone are given “selectively” without your knowledge or ability to intervene?  What happens when Uber is hijacked?  Or Uber uses this access unscrupulously?

Security researcher Will Strafach recently revealed that Apple selectively grants (what’s known as an “entitlement“) Uber a powerful ability to use the newly introduced screen-recording API with intent to improve the performance of the Uber app on Apple Watch.

The screen-recording API allows the Uber app to record user’s screen information even when the app is closed, giving Uber access to all the personal information passing through an iPhone screen.

What’s more? The company’s access to such permission could make this data vulnerable to hackers if they, somehow, able to hijack Uber’s software.

Read more…

Source: Apple Allows Uber to Use a Powerful Feature that Lets it Record iPhone Screen

Hackers Can Steal Your Passwords Just by Monitoring SmartPhone Sensors

People worry about the data their camera and GPS captures, but there are so many hidden sensors that relay data that most users are unaware of.

Hackers Can Steal Your PINs and Passwords Just by Monitoring Sensors on Your SmartPhone

Do you know how many kinds of sensors your smartphone has inbuilt? And what data they gather about your physical and digital activities?

An average smartphone these days is packed with a wide array of sensors such as GPS, Camera, microphone, accelerometer, magnetometer, proximity, gyroscope, pedometer, and NFC, to name a few.

Now, according to a team of scientists from Newcastle University in the UK, hackers can potentially guess PINs and passwords – that you enter either on a bank website, app, your lock screen – to a surprising degree of accuracy by monitoring your phone’s sensors, like the angle and motion of your phone while you are typing.

Read entire article…

Source: Hackers Can Steal Your Passwords Just by Monitoring SmartPhone Sensors

Dangerous Rootkit found Pre-Installed on nearly 3 Million Android Phones

Luckily, not many US Android phones.  Just a matter of time before manufacturers install rootkits as a matter of course.

Nearly 3 Million Android devices worldwide are vulnerable to man-in-the-middle (MITM) attacks that could allow attackers to remotely execute arbitrary code with root privileges, turning over full control of the devices to hackers.

According to a new report from security rating firm BitSight, the issue is due to a vulnerability in the insecure implementation of the OTA (Over-the-Air) update mechanism used by certain low-cost Android devices, including BLU Studio G from US-based Best Buy.

Read the article…

Source: Dangerous Rootkit found Pre-Installed on nearly 3 Million Android Phones

iPhone Secretly Sends Your Call History to Apple Even If iCloud Backups are Turned Off

In the fight against encryption, Apple has positioned itself as a staunch defender of its user privacy by refusing the federal officials to provide encryption backdoors into its products, as well as implementing better encryption for its products.

However, a new report from a security firm suggests Apple’s online syncing service iCloud secretly stores logs of its users’ private information for as long as four months — even when iCloud backup is switched off.

Read more…

Source: iPhone Secretly Sends Your Call History to Apple Even If iCloud Backups are Turned Off

Warning! Over 900 Million Android Phones Vulnerable to New ‘QuadRooter’ Attack

Download the free utility and see whether your phone needs patching. Verizon has patched only 1 of the 4 vulnerabilities. Shameful!

Android has Fallen! Yet another set of Android security vulnerabilities has been discovered in Qualcomm chipsets that affect more than 900 Million Android smartphones and tablets worldwide.

What’s even worse: Most of those affected Android devices will probably never be patched. Dubbed “Quadrooter,” the set of four vulnerabilities discovered in devices running Android Marshmallow and earlier that ship with Qualcomm chip could allow an attacker to gain root-level access to any Qualcomm device.

The chip, according to the latest statistics, is found in more than 900 Million Android tablets and smartphones.

Read more for a free utility that will test your phone…

Source: Warning! Over 900 Million Android Phones Vulnerable to New ‘QuadRooter’ Attack

Get A Glimpse Of The Cyber Threat Landscape For 2016 And Beyond | Hacked

Here’s a rundown of the cyber threat landscape for 2016 and beyond, courtesy of a report from Intel security.
Coming In 2016

The 2016 predictions covers threats from ransomware, infrastructure attacks, attacks on automobile systems and the sale and warehousing of stolen data.

• Hardware: Attacks on hardware and firmware will continue while the market for the tools that facilitate them will increase. System firmware toolkits could target virtual machines.

• Ransomware: Ransomware is a growing threat that could anonymize payment methods and networks. More inexperienced cybercriminals will use ransomware-as-a-service.

• Wearables: Most wearable devices store only small amounts of information, but cybercriminals could target them to undermine the smartphones that manage them. The industry will have to protect attack surfaces like networking and wi-fi software, operating system kernels, memory, user interfaces, storage systems and local files, web apps, virtual machines and security and access control software.

• Employee systems: Attackers are likely to target organizations through their employees, including their home security systems, to access corporate networks. Organizations will have to stay vigilant by implementing new security technologies, create effective policies and hire experienced people.

• Cloud services: Attackers could exploit vulnerable security policies that protect cloud services. These services could undermine business strategy, financials, portfolio strategies, next-generation innovations, employee data, acquisition and divestiture plans, and other data.

• Automobiles: Connected automobile systems that lack security capabilities will be potential scenarios for exploitation. Automakers and IT vendors will partner to provide standards and solutions to protect attack surfaces like engine and transmission engine control units (ECUs), remote key systems, advanced driver assistance system ECUs, passive keyless entry, USBs, OBD IIs, V2X receiver, smartphone access and remote link type apps.

• Warehouses of stolen data: The dark market for stolen, personally-identifiable information and user names and passwords will increase in 2016. Big data warehouses that link together stolen, personally-identifiable information sets make combined records more valuable to attackers.

• Integrity attacks: Selective compromises to systems and data mark one of the most significant new attack vectors. Such attacks seize and modify transactions or data to favor perpetrators. An attacker can change direct deposit settings for a victim’s paychecks and direct the deposit to a different account. Cyber thieves could steal millions of dollars in an integrity attack in the financial sector in 2016, McAfee Labs predicts.

• Sharing threat intelligence: Enterprises and security vendors will increasingly share intelligence. Legislative action could allow governments and companies to share threat intelligence. Best practices in this area will increase, allowing success metrics to emerge and quantify protection improvement. Threat intelligence cooperatives among vendors will grow.

Source: Get A Glimpse Of The Cyber Threat Landscape For 2016 And Beyond | Hacked

A Clever Idea for Your Phone Camera

There are a lot of things you use your phone for, but have you considered you can use it as a reminder?  Using your phone camera makes remembering things a breeze.  You’re at Disneyland and you’ve parked in some character’s colored section — take a snapshot of where you parked!  Your meds keep changing — take a pic of your prescription bottles.  Have you ever gotten to Costco for printer refills and forgotten the number?  Just take a snap of the cartridges but make sure the numbers show.  Below is a list of some of the more common uses for your camera phone courtesy of www.apartmenttherapy.com.  One Caveat:  if you’re going to add pictures of items with sensitive information, either blur out the sensitive info or make sure your phone has an encryption program.

Here are a few things that can easily be remembered with a quick snap of your camera phone’s shutter button:

A reminder of where you parked. Parking in the city is no joke.
Your printer cartridges. Make sure you can see the refill numbers.
Your family members’ clothing sizes.
The measurements of your air filter.
Travel confirmation numbers. Take a screenshot of the email your airline sends you. When you check in later and need to find confirmation numbers, your photo album will be less cluttered than your inbox.
Pictures of current medications. Make sure you can see the prescriptions’ names and dosages in the photo.
The types of lightbulbs that fit your home fixtures.
A recipe from a book or magazine that you want to use soon.
Anything “borrowed” that you might want to buy later, like the brand of a smooth-writing pen at the bank or a great-smelling hotel shampoo.
Expensive home furnishings you just know you can DIY at home. Get shots of all the important angles for when you’re ready to DIY.

(Courtesy of  ApartmentTherapy.com)