News  General
EFF and WhatsApp

EFF publishes annual report

The Electronic Frontier Foundation has published its annual "Who Has Your Back" report and its not good news for WhatsApp and AT&T users. With concern over privacy growing daily, such as Snowdens NSA snooping revelations, the non-profit organisation rates organisations according to various measures such as their transparency, responsiveness to breaches etc.

It was better news for Apple, Adobe, Yahoo, Dropbox and, who all achieved the highest scores, but worryingly Google dropped the ball by scoring lower than last year.

The EFF report is now in its fifth year and is fast becoming the bellweather for the industries security performance. A spokesman said "more and more companies are voluntarily speaking out about government data requests and giving users tools to fight back."

News  Android
Samsung Hacked Keyboard

Keyboard vulnerablility discovered back in December 2014

When you install a software keyboard in Android, you are warned it might be possible for hackers to steal your data. This is because the software running the keyboard is, well, software, and as we all know software in the hands of the bad guys can do whatever they bid it to. The nightmare scenario of a keyboard becoming infected without the users knowledge appears to be possible on certain Samsung customized versions of SwiftKey, which in total applies to 600 million devices. That's because these devices automatically query Samsung servers without the users knowledge - the keyboard app has been granted this privilege when installed at the factory.

The attack vector is the update mechanism which doesn't encrypt the updated keyboard app as it is sent to the device. This means hackers can intercept it, since it is in the clear, and replace it with their own. A man-in-the-middle exploit has been demonstrated at a recent Blackhat hacking conference in London.

News  Android
Android M

APKs to be inspected for missing files

Google has announced a change to the Android app installation process which suprised many observers because they thought it was doing it already. The change is to inspect the APK manifest of the file carrying the app to be installed, and make sure it isn't lying when it comes to describing which files it wants to install. This integrity check is useful because it can detect if the APK has been tinkered with, as is often the case with reverse-engineered packages. 

Without this check, it could be possible for "half installed" apps which would behave unpredictably., or even apps which had been repackaged having had some "phone home" security functionality removed.

News  Apple
Crash iOS with a single text

Apple with egg on its face

A vulnerability in iOS has emerged which causes affected devices to crash when a malformed SMS is sent to it. The message, which has to be specially crafted containing Arabic symbols, causes the phone to switch itself off and the Messages app unable to start once it is turned back on.

Present since iOS6, the problem was found by Reddit users.

The fix, until Apple provide one, is to go into Settings | Notifications | Messages and set "alert style when unlocked" to "none".

Apple's Senior Engineers have admitted they know there is a problem and are working on a fix, according to the Twitter account Apple News.