As always, there have been lots of interesting cyber security and incident reports in the media this week. While most typically report on a major train wreck that has already occurred, every once in a while we get a warning that has had zero impact that we should all nonetheless start thinking about. One of this week’s big thought provokers was reported by Antone Gonsolves in CSO. In Mobile devices set to become next DDoS attack tool, he reports on how an analyst from Javelin Strategy & Research is convinced that smartphones and tablets are expected to become a significant launching pad for distributed denial of service (DDoS) attacks against corporate websites. Although there hasn’t been a reported case of this yet,... read more >

There has been some recent talk about a new mobile malware variant found in the wild. The malware has been identified as Trojan-Spy.AndroidOS.Zitmo. ZitMo stands for “Zeus-in-the-Mobile”.

ZitMo was originally designed to target the Symbian smartphones, with Windows Mobile and Blackberry following later. ZitMo for Android Operating System was first detected in July 2011. This trojan is another variant targeting the Android Operating System and is distributed as an APK with the name “Android Security Suite Premium” through SMS messages.

The purpose of ZitMo is to target the security features of online banking services. Banks use what are called TAN codes (Transaction Authentication Number) with digital signatures as an additional authentication mechanism to authorize the transaction. In some cases, banks send TAN codes via a text message (these are called mTANs, or mobile transaction authentication numbers).

Like... read more >

As a way to improve location based services for applications like Google Maps, Google started implementing WIFI positioning. WIFI positioning uses nearby WIFI access points to help triangulate the location of a user’s device. Some of these include devices we use everyday, such as iPhones, iPads, Kindles, tablets, and laptops. I assure you, the list goes on and on.

WIFI positioning was implemented to help locate devices where GPS and cell tower signals are weak. In order for WIFI positioning to work Google needs to collect the SSID and MAC address of any broadcasting Access Point. This information is collected using Google Street View vehicles that drive around taking pictures for Google maps.

In theory this sounds like a good idea, and it can help applications better pinpoint the location of user devices. WIFI positioning was not a big deal until Google confirmed it was mistakenly collecting payload data from Open WIFI access points with their... read more >

The Android security model includes a sandbox-like environment that segregates applications and makes good use of shared memory. It also puts the user in control of the device, in part by making the user accept permissions for the installation of any widget.

What do you need to know to decide whether or not you should approve these permissions? And should you care? There are many permissions, but let's take a look at some of the ones I saw when I installed a pile of widgets on my own phone.

Services that cost you Money – This includes calling and texting, so it could cost you money by using minutes or sending text messages at your going rate. This would mostly be used by a messaging or social media widget that communicates on your behalf, like dialing back to someone who just sent you a text.

The risk is that a widget could dial a 1-900 number or other number that would bill to your phone. Or, the widget could send a text message... read more >

Let’s talk specifically about this Android SMS Bug. Android users, we have three in my family, are experiencing a problem when they create a text message to RecipientA, then they send the message, and it is actually delivered to RecipientB. Nice, eh? You might even be in an ongoing conversation with RecipientA, and hit the “reply” option, but your reply actually goes to RecipientB.


You can have no confidence that your message is really going to the person to whom you actually sent it. Even worse, you can have no confidence which of your text messages are being delivered to ANY contact. Now, we all know this is not happening for every Android user, but it happens to something between “some” and “many”, which considering that there are millions of Android... read more >