Category: Mobile Security

Online and mobile security and privacy issue threatens some Twitter users

| December 17, 2015

The social network has warned some of its users of the chance for state-sponsored hackers accessing their data.

Twitter has now released an alert for some of the users of its social network, cautioning them of a certain online and mobile security issue that may have involved state-sponsored hackers attempting to access sensitive data from within their accounts.

This is the first time the company has issued this type of warning to any of its users.

Within the mobile security and online privacy notice, it indicated that as of that time, there had not been any indication that would suggest that the hackers had actually managed to access any of the sensitive information from within a “small group of accounts” that had been targeted during the attempts. That said, the letter didn’t provide any more information about the attack, nor did it suggest any potential suspects that were being sought as a part of the company’s investigation into this issue.

This mobile security and privacy notice is only the latest among several data breach concerns from state-sponsored organizations.

Mobile Security and TwitterTwitter is far from alone in the threat it has faced by way of cyberattacks. Many companies, government agencies and media outlets have all seen their fair share of data breaches from hackers. Several news sites have now been reporting on the warning that Twitter has issued. Among them, one was actually a recipient of the notice. It was a company called Coldhak, which is a nonprofit organization based in Winnipeg, Canada.

That company’s notice explained that the cyber attackers could potentially have been seeking to breach mobile security or online privacy barriers in order to gain access to information such as IP addresses, email addresses and/or telephone numbers. That organization’s own Twitter account (@coldhakca) has since retweeted a several reports from other people who have also claimed to have received the notification from Twitter.

Neither Coldhak nor any of the other users have given any indication as to why they may have been targeted for this type of cyberattack. One of the directors of the nonprofit, Colin Childs, said that despite having received the notice from Twitter, his organization has detected “no noticeable impact of this attack.” Facebook and Google have also issued their own versions of notifications to let users know when state-sponsored attacks have targeted their accounts.

Mobile security concerns exist in parking meter apps

| December 15, 2015

A recent investigation from NCC Group has revealed that these applications are vulnerable to being hacked.

Researchers from NCC Group have now completed an investigation that has revealed that there could be greater mobile security concerns associated with parking meter apps than most users likely realize.

The researchers explained that many of these mobile apps are open to cyber attacks from hackers.

Companies using mobile apps to allow people to pay for their parking in the United Kingdom have been doing so in order to offer additional convenience through this alternative method. However, according to this research, the people who are using these apps may also be increasing their risk of mobile security problems. This typically affects people who have smartphones based on the Apple and Android operating systems.

It was the mobile security of the Android applications that underwent the majority of the investigation by NCC.

Mobile Security - Image of parking metersThe researchers looked into the various kinds of security vulnerabilities that can impact these specific kinds of mobile apps. They wanted to look into those applications as a whole opposed to examining individual apps and labeling them as somehow different than the rest. Therefore, they did not name the specific apps that were studied in the report. Instead, they published their results in general with regards to the paid parking apps in general.

The assessment of the security of these apps was focused on the amount of attack surface that was available on Android based smartphones, including the vendor’s APK and any data that would be stored on the mobile device because of the interactions with the online support servers. At the same time, throughout this research, there was no time at which investigations were made into problems that could result from manipulating data sent to the server. Therefore, this research did not represent the same level of results that would have been achieved if the apps had undergone thorough penetration testing.

The mobile security conclusion of the team at NCC was that almost all the applications they investigated had been “affected by security vulnerabilities – some more serious than others.” They pointed out that their cryptographic implementation mediocrity was among the most common trends from one to the next.