by
10 months ago

Big time pocket vulnerabilities

I was asked for a comment on some research into mobile app IT security and identified the Operating System and physical proximity as the two key attack vectors. A couple of days later, Wikileaks released material related to the CIA's aggressive hacking arsenal. Much of it aimed at mobile phones.

  1. Rene Millman's original article
  2. Thumbnail for 50 banking smartphone apps fail on security50 banking smartphone apps fail on security
    Anaysis of mobile applications of 50 of the world’s top 100 banks has found all to be vulnerable to several security threats.
    SC Magazine UK
  3. Some further thoughts by me; I identify the fact that we have built Risk Control portfolios to manage and mitigate some of these vulnerabilities, although the phone needs to be with you to be of use and so physical proximity cannot be denied.
  4. DaveLevy
    Dave Levy@DaveLevy
    A short note on monile apps "Pocket Vulnerabilities"  https://www.linkedin.com/pulse/pocket-vulnerabilities-david-levy  by @DaveLevy on @LinkedIn
    10 months ago
  5. Recode on the Wikileaks dump, who also seem to be more concerned about laptops and silly names
  6. Thumbnail for Weeping Angel, Brutal Kangaroo and other secret CIA code names from the WikiLeaks surveillance leakWeeping Angel, Brutal Kangaroo and other secret CIA code names from the WikiLeaks surveillance leak
    Other code names include Fine Dining, Cutthroat and HarpyEagle.
    April Glaser
  7. ORG states that encryption still works, the hacks rely on hacking the device.
  8. Thumbnail for Yes, the CIA can hack phones but Signal and WhatsApp are still safe for nearly everyoneYes, the CIA can hack phones but Signal and WhatsApp are still safe for nearly everyone
    The CIA can hack phones but Signal and WhatsApp remain very good ways to communicate when using a mobile phone for nearly everyone. The worst thing to do would be to throw our hands up in the air and give up on our digital security.
    Open Rights Group
  9. Bruce Schneier comments here, on the age of the material and the likely source
  10. Thumbnail for WikiLeaks Releases CIA Hacking Tools - Schneier on SecurityWikiLeaks Releases CIA Hacking Tools - Schneier on Security
    WikiLeaks just released a cache of 8,761 classified CIA documents from 2012 to 2016, including details of its offensive Internet operations.
    schneier
  11. It seems that the CIA lost the cyber weapons, which is a bit careless of them but reinforce the argument that Government secrets about people (or in this case software) will leak. Privacy is damaged immediately or via the cyber weapons. It's an example of what will happen if there are government mandated back doors.
  12. Thumbnail for More on the CIA Document Leak - Schneier on SecurityMore on the CIA Document Leak - Schneier on Security
    If I had to guess right now, I'd say the documents came from an outsider and not an insider. My reasoning: One, there is absolutely nothing illegal in the contents of any of this stuff. It's exactly what you'd expect the CIA to be doing in cyberspace.
    schneier
  13. ORG's comments on the UK Government's culpability and high lighting the fact that the transatlantic intelligence agencies have discovered software vulnerabilities and failed to inform the product authors.
  14. Thumbnail for CIA and GCHQ hacking – they must clear up their own messCIA and GCHQ hacking – they must clear up their own mess
    US intelligence agencies are working with the UK to stockpile vulnerabilities that they can use to hack Windows and Mac computers, iOS and Android smartphones, and smart TVs. The UK Government has serious questions to answer.
    Open Rights Group
  15. scmagazineuk
    ·
    10 months ago