Researchers have unearthed dozens of Android apps in the official Google Play store that expose user passwords because the apps fail to properly implement HTTPS encryption during logins or don't use it at all.
The roster of faulty apps have more than 200 million collective downloads from Google Play and have remained vulnerable even after developers were alerted to the defects. The apps include the official titles from the National Basketball Association, the Match.com dating service and the PizzaHut restaurant chain. They were uncovered by AppBugs, a developer of a free Android app that spots dangerous apps installed on users' handsets.Read more
Hackers and cyber-terrorists present an ever-evolving threat to airlines, with experts constantly testing for new vulnerabilities, including the fear that drones could be used to throw a plane off course.
Most agree hacking a plane would be a near-impossible feat, but some professional hackers have claimed airline computer systems are riddled with weaknesses that could allow someone to break in, perhaps even through the in-flight entertainment system. US computer security expert recently claimed to have hacked into a plane's controls through the entertainment console and to have issued a "climb" command.Read more
It’s common sense for Android users to check the permission list before installing an app. If the app asks for access to SMS, your contacts list or location, you know it may disclose your privacy. What if a game app only asked for the wifi_status permission?
You might install it with ease – and unknowingly have enabled 3rd parties to track your location! The Android LocationManager was considered to be the only way to acquire the location data, and required a user’s approval. However, researchers have discovered a covert channel to locate and track a user without permission by using the latent location signal disclosed by wifi scanning.Read more
Public Wi-Fi networks — like those in coffee shops or hotels — are not nearly as safe as you think. Even if they have a password, you're sharing a network with tons of other people, which means your data is at risk. Here's how to stay safe when you're out and about.
Just because most wireless routers have a firewall to protect you from the internet doesn't mean you're protected from others connected to the same network. It's remarkably easy to steal someone's username and password, or see what they're doing just by being on the same network. Don't take that chance. We're going to show you which settings are the most important ones.Read more
In yet another example of smart medical device insecurity, it has emerged recently that a line of Hospira drug pumps are exposed to a series of remotely exploitable vulnerabilities that could allow an attacker to take complete control of affected pumps or simply render them useless.
These drug infusion pumps are part of the new wave of smart and connected medical devices. Smart medical devices essentially remove the risk of human error for people requiring the chronic administration of drugs. Unfortunately, many of the companies developing these devices have repeatedly demonstrated a complete disregard for security.Read more
Three months after Lenovo was called out for installing dangerous software onto its computers, the world's largest PC manufacturer has once again been accused of lax security measures.
Security firm reports that it discovered major vulnerabilities in Lenovo's update system that could allow hackers to bypass validation checks, replace legitimate Lenovo programs with malicious software, and run commands from afar. Through one of the vulnerabilities, IOActive researchers explained that attackers could create a fake certificate authority to sign executables, allowing malicious software to masquerade as official Lenovo software.Read more
Recently the United States Government Accountability Office published a report warning the Federal Aviation Administration that aviation faces cybersecurity challenges in “at least three areas”, including the protection of aircraft avionics used to operate and guide aircrafts.
The media interpreted this warning to mean, “Modern aircrafts can be hacked and commandeered through onboard Wi-Fi”. But, is it really that bad? A modern passenger plane has multiple computer networks, and those networks share data of differing levels of importance, transferring the necessary information between them.Read more
Researchers have revealed a zero-day vulnerability in iOS 8 that, when exploited by a malicious wireless hotspot, will repeatedly crash nearby Apple iPhones, iPads and iPods. The attack will render vulnerable iOS things within range unstable or even entirely unusable by triggering constant reboots.
Anyone can take any router and create a Wi-Fi hotspot that forces you to connect to their network, and then manipulate the traffic to cause apps and the operating system to crash. This is not a denial-of-service where you can't use your Wi-Fi – this is a denial-of-service so you can't use your device even in offline mode.Read more
Hundreds of planes flying commercially today could be vulnerable to having their onboard computers hacked and remotely taken over by someone using the plane's passenger Wi-Fi network, or even by someone on the ground.
Modern communications technologies, including IP connectivity, are increasingly used in aircraft systems, creating the possibility that unauthorized individuals might access and compromise aircraft avionics systems. The report explains that as the air traffic control system is upgraded to use Internet-based technology on both the ground and in planes, avionics could be compromised.Read more
Mattel's new "Hello Barbie" has more tricks up her sleeve than just saying hello. With the press of a button, Barbie's embedded microphone turns on and records the voice of the child playing with her.
The recordings are then uploaded to a cloud server, where voice detection technology helps the doll make sense of the data. The result? An inquisitive Barbie spy who remembers your dog's name and brings up your favorite hobbies in your next chitchat. The doll has privacy activists demanding its removal. The Campaign worries that the toy leaves children entirely vulnerable to sneaky advertorial efforts from the giant toy company.Read more