Is it the iPhone or the User?

The folks at Trusteer got their hands on the logs from some phishing sites and found that people using iPhones are more likely to fall for phishing attacks than users of other devices, including PCs. Some of the findings included: Mobile users get to the phishing site sooner than PC users. Mobile users are 3

Android Application Security

Installing an application on an iPhone is a bit different than installing an application on an Android based system. With the iPhone you go to the App Store, select your application (and pay if required) then download and install it. For the Android based phones you go to the Android Market, select your application, download

Google Android and Really Bad Math

Yesterday I blogged about a security company that found a high percentage of apps for the iPhone and for the Android were stealing user information. I call it stealing because the user is not aware of what personal data is leaving their phone. At the Blackhat Security Conference in Las Vegas the same company, Lookout

Dead Men Tell No Tales, but Smart Phones Tell All

Do you have an iPhone or an Android based phone? Wait, don’t tell me, if you installed some third party apps I can probably find out. According to Lookout Inc., in an article at http://news.yahoo.com/s/ap/20100728/ap_on_re_us/us_tec_techbit_apps_privacy many of the iPhone and Android apps include spyware. To be fair, Lookout Inc didn’t call it spyware, but that

iPhone Through the Looking Glass

…iPhones are, under limited circumstances, willing to share information with other devices when they shouldn’t…

Bricking your cell phone: Mayhem on a Massive Scale

What would happen if every single one of the four BILLION cell phones on this planet just went dark? Or most likely, what would happen if every single cell phone went dark in one country? One scenario is a combined DoS attack on the internet was combined with a DoS attack on the cellular phone infrastructure at the same time.

iAds Come to the iPhone

Enterprise Mobile Today http://www.enterprisemobiletoday.com/news/article.php/3875521/Apple-Unveils-Key-iPhone-Upgrade.htm ran a story about some upgrades to the iPhone. There are a number of features in iPhone OS version 4. The operating system being able to multitask, like Android and other smartphones do. Corporate administrators will be able to push out updates instead of users being required to use iTunes to

CanSecWest: Mitigation versus Impregnability

Inevitably, CanSecWest  2010 kicked off with the promised and eagerly-awaited Pwn2Own hacking contest, in which a number of effective protection strategies (DEP, code signing, ASLR [1]) failed to prevent determined vulnerability researchers making loadsamoney by circumventing them with attacks on Firefox and IE8 on Windows 7, Safari, and the iPhone. For details and extensive comment see: http://macviruscom.wordpress.com/2010/03/25/and-the-firewalls-came-tumbling-down/ http://kevtownsend.wordpress.com/2010/03/25/sacred-cows-fall-at-pwn2own/

The iPhone Survey Final Results

The Survey is closed and I had a whopping 28 total responses :) The questions were 1. How often do you connect your iPhone to a computer with iTunes running? 2. Have you owned your iPhone for at least 6 months? 3. How did you learn of this survey? Five people did not respond to

iPhones, jailbreaking and blocked Apple IDs

[Update: The Register's John Leyden has also commented on the issue at http://www.theregister.co.uk/2010/02/16/apple_bans_iphone_hackers/] There's been a burst of interest in the last day or so in the blocking of certain Apple IDs from the iTunes App Store. Some bloggers have suggested that this might be a precursor to a massive blocking of jailbroken phones from accessing

iPhishing – gathering iPhone data

As posted a few minutes ago on Mac Virus, Dancho Danchev has posted information on a phishing campaign where the bad guys are impersonating Apple in order to steal sensitive device information from iPhone users. Dancho’s post, which has lots of other links, is at: http://blogs.zdnet.com/security/?p=5460&tag=col1;post-5460 David Harley CISSP FBCS CITP Director of Malware Intelligence ESET

The iPhone Survey

I recently blogged about Patching an iPhone. I’m not sure if I’ll get anymore takers for the survey at http://www.surveymonkey.com/s/V76LK5L, but if I do I’ll update the results. With 24 responses in, here is what I found. 15 (62.5%) users reported connecting their iPhones to a computer running iTunes at least once a week. Of

Are You As Smart As Your Phone?

According to Cell-news.com, in 2007 over 850,000 Brits flushed their cell phones down the toilet. I’m sorry to report that there isn’t much a security vendor can do to help you if you flush your cell phone. ESET recently commissioned a study of smart phone users concerning mobile security. The results are interesting. A little

Patching an iPhone

Apple recently released a patch for the iPhone operating system. The fixes some pretty serious vulnerabilities, but… you must connect your iPhone to a computer and run iTunes to update the iPhone. This led me to start wondering how many iPhone users rarely connect their iPhones to a computer? I suspect there are quite a

Firefox Add-ons Infected

Perhaps you read the Mozilla blog at http://blog.mozilla.com/addons/2010/02/04/please-read-security-issue-on-amo/ where it was revealed that two add-ons for Firefox were infected with Trojans. In this case the distribution was very small, so not many users were infected, but this type of attack is likely to grow. A large part of the time I worked at Microsoft I

Mac Virus Resurgent

No, I'm not talking about a newly-discovered and virulent OS X upconversion of SevenDust or AutoStart 9805. Mac Virus is a site founded by Susan Lesch in the 1990s, when pre-OS X Mac-specific malware was still a serious issue – AutoStart in particular caused significant damage back then – and cross-platform macro viruses were also a major

Mobile Malware

SC Magazine recently reported a malicious application in Google’s Android online market store http://www.scmagazineus.com/malicious-apps-found-in-googles-android-online-store/article/161001/. Due to the highly open nature of Android applications, this is going to probably be a huge problem. Here is the real irony. Many people will probably switch from Android to the iPhone because of the security concerns. Why is it

Droid Avoids with an AppleJackHack

Will the Motorola Droid be the next malware-victimized smartphone? Well, it's a bit early to make a claim like that, but the fact that it's been rooted (an analogous process to jailbreaking on the iPhone and iPod Touch) in order to allow end-users to install unapproved applications, puts the platform one step nearer. See the

IBot revisited (briefly)

I don't want to flog (or blog) this iPhone bot thing to death: after all, the number of potential victims should be shrinking all the time. However, having updated my previous blog (http://www.eset.com/threat-center/blog/2009/11/22/ibot-mark-2-go-straight-to-jail-do-not-pass-go)  on the topic a couple of times, I thought I'd actually go to a new blog rather than insert update 3. So here are the update bits

When is a worm not a worm?

Will No-One Rid Me Of This Turbulent Hacker Tool? (http://en.wikipedia.org/wiki/Thomas_Becket) I was kind of hoping to have moved on from the iPhone data stealing hacker tool by now. While I do think it's a significant development (see http://www.eset.com/threat-center/blog/2009/11/12/iphone-hack-tool-a-postscript), there comes a point where the sheer volume of discussion of the subject gives it more importance

Follow us

Copyright © 2015 ESET, All Rights Reserved.