The Hacker News - Cybersecurity News and Analysis: mobile apps

A team of researchers from the University of Michigan discovered that hundreds of applications in Google Play Store have a security hole that could potentially allow hackers to steal data from and even implant malware on millions of Android smartphones. The University of Michigan team says that the actual issue lies within apps that create open ports — a known problem with computers — on smartphones. So, this issue has nothing to do with your device's operating system or the handset; instead, the origin of this so-called backdoor is due to insecure coding practices by various app developers. The team used its custom tool to scan over 100,000 Android applications and found 410 potentially vulnerable applications — many of which have been downloaded between 10 and 50 Million times and at least one app comes pre-installed on Android smartphones. Here I need you to stop and first let's understand exactly what ports do and what are the related threats. Ports can be eit

A security researcher could have stolen as much as $25 Billion from one of the India's biggest banks ‒ Thanks to the bank's vulnerable mobile application. Late last year, security researcher Sathya Prakash discovered a number of critical vulnerabilities in the mobile banking application of an undisclosed bank that allowed him to steal money from any or all bank customers with the help of just a few lines of code. Being a white hat hacker, Prakash immediately reached out to the bank and alerted it about the critical issues in its mobile app and helped the bank fix them, instead of taking advantage of the security holes to steal money from the bank that has about 25 Billion USD in Deposits. While analyzing the mobile banking app, Prakash discovered that the app lacks Certificate Pinning , allowing any man-in-the-middle attacker to downgrade SSL connection and capture requests in plain text using fraudulently issued certificates. Also Read:  Best Password Manager — For

As much as you protect your electronics from being hacked, hackers are clever enough at finding new ways to get into your devices. But, you would hope that once a flaw discovered it would at least be fixed in few days or weeks, but that's not always the case. A three-year-old security vulnerability within a software component used by more than 6.1 Million smart devices still remains unpatched by many vendors, thereby placing Smart TVs, Routers, Smartphones, and other Internet of Things (IoT) products at risk of exploit. Security researchers at Trend Micro have brought the flaw to light that has been known since 2012 but has not been patched yet. Remote Code Execution Vulnerabilities  Researchers discovered a collection of Remote Code Execution (RCE) vulnerabilities in the Portable SDK for UPnP , or libupnp component – a software library used by mobile devices, routers, smart TVs, and other IoT devices to stream media files over a network. The flaws occur du

Is Facebook planning to integrate WhatsApp Messenger into its ' Facebook for Android ' app? Yes, this might be possible soon. According to latest rumours, Facebook is reportedly working on it. The social network giant, Facebook has begun testing a new feature in its Facebook app for Android that includes the first integration of WhatsApp Messenger, according to a blogger. WHATSAPP INTEGRATION INTO FACEBOOK APP According to this update, a year after of acquiring WhatsApp Messenger, Facebook has only added a 'Send' button with the WhatsApp icon. This WhatsApp ' send ' will work as part of the status actions options that appear under each status update. It means that Facebook for Android users soon may have this particular version of Facebook app with a dedicated WhatsApp button that would allow an Android user to share posts, status and anything else directly through WhatsApp by just clicking the Share button. If rumours are true, th

Like Facebook and Google, Twitter will soon be collecting your smartphone data in order to provide a " more personal Twitter experience " by serving targeted advertisements. The popular microblogging service Twitter said Wednesday that it will start collecting information about the other applications its users have installed onto their smartphones or tablet in a bid to better target ads and content, which some users may consider as another threat to their online privacy. In the Security and Privacy section of its support site, Twitter says that it will be " collecting and occasionally updating the list of apps installed on your mobile device so we can deliver tailored content that you might be interested in ." The company has updated its app with this new feature for iOS platform on Wednesday, and Android will integrate this new feature in the next week. The app update is opt-out , which means Twitter will start collecting information from users aut

There's a good news for app developers. On Wednesday at Twitter's first annual developer conference Flight, the company announced a new tool for developers which will allow users to log-in to mobile applications using their phone numbers rather than a traditional username and password combinations. SAY NO TO PASSWORD The service will be called Digits, aimed at application developers looking for an easier, password-free login option for their mobile applications  – in a similar way to Snapchat , WhatsApp and Viber that rely only on verified users' mobile numbers for sign-in, rather than the traditional ID and password combination. " This is an entirely new native mobile sign up service that makes mobile-first sign-up frictionless, and creates an identity relationship entirely between you and your users ," said Twitter CEO Dick Costolo, speaking at the Twitter Flight developer conference in San Francisco. DEVELOPERS DON'T TRUST TWITTER On one hand, where o

A group of security researchers has successfully discovered a method to hack into six out of seven popular Smartphone apps, including Gmail across all the three platforms - Android , Windows, and iOS operating systems - with shockingly high success rate of up to 92 percent. Computer scientists the University of California Riverside Bourns College of Engineering and the University of Michigan have identified a new weakness they believe to exist in Android, Windows, and iOS platforms that could allow possibly be used by hackers to obtain users' personal information using malicious apps. The team of researchers - Zhiyun Qian , of the University of California, Riverside, and Z. Morley Mao and Qi Alfred Chen from the University of Michigan - will present its paper, " Peeking into Your App without Actually Seeing It: UI State Inference and Novel Android Attacks " ( PDF ), at the USENIX Security Symposium in San Diego on August 23. The paper detailed a new type of

If you are one of the users of the BBC News iPhone app , then you might have receive a strange message as a breaking news notification earlier this morning. The message was sent on two separate time durations. First the message reads: " NYPD Twitter campaign 'backfires' after hashtag hijacked," then strangely adds: "Push sucks! Pull blows! " After a while it goes to: " BREAKING NEWS No nudity in latest episode of Game of Thrones!!! MORE BREAKING NEWS IIIIII like testing. " Beneath the message the text seems to get more serious as it adds: " This is a breaking news story and the BBC News app will bring you updates as soon as they are available. " From various media outlets, it was observed that the most popular BBC News smartphone app has been hijacked by the some attackers who compromised its " Breaking News " feature and sent bogus messages to the users of the BBC News iPhone app. But BBC developers were actually

Tomorrow, 8th April could be a sad day for all those who are still using Windows XP, as it is an official assassination day of it, but there is also a good news that Microsoft is going to stop charging for its Windows Operating System on on the devices with screens smaller than nine inches. Yes, Free a Windows OS for the  Internet of Things (IoTs) ,  such as Mobile Devices, Smart thermostats, Smart TVs, wearable devices etc., that was announced by Microsoft at Build 2014 conference on Wednesday. " To accelerate the creation of great mobile devices running Windows and grow our number of users, we announced today that Windows will be available for $0 to hardware partners for Windows Phones and tablets smaller than 9" in size, " said Terry Myerson, executive vice president, OS Group at Microsoft and he also added that it will include a one-year subscription to Office 365. FREE, BUT NOT OPEN SOURCE Free Windows , means the manufacturers of small tablets, phones and any o