Category Archives: Mobile Security

Securus Global has also performed closed-source application reviews of both iOS and Android applications as well as on Android and iPhone system software using reverse engineering techniques.

CVE-2014-6271 (“Shellshock”) and exploit PoC

September 26, 2014

By Andy Yang

(A little bit of background on this post – one of my colleagues, Norman Yue, posted something about the Internet being on fire to LinkedIn yesterday, regarding the bash bug. This blog post tries to explain a bit more about why exactly this is such a big issue, and also provides a proof-of-concept exploitation).

Firstly, the vulnerability itself. The actual vulnerability itself is amusing and unique, but otherwise, isn’t the magical everything-is-owned vulnerability that everyone makes it out to be. To paraphrase, if you are able to set an environment variable through the Bash shell, you can execute commands.

The interesting part is that this vulnerability may have existed for more than 20 years, in an application which is part of pretty much every Unix system since a long time ago. The vulnerable versions start from cpe:/a:gnu:bash:1.14.0 to cpe:/a:gnu:bash:4.3, which covers pretty much every Unix-based operating system available today (and by extension, a tremendous chunk of the Internet). Continue reading

Businessman’s phone lines hit by hackers

July 10, 2014

A New Zealand businessman woke up to find a $26,000 phone bill on his account, with his phone provider wanting him to pay the entire sum.

Alan Bray, a Tauranga resident, doesn't make international calls, but was told the charges racked up in just two days. This was reported on 30 June by New Zealand news agency 3 News, who subsequently investigated the case further.

Continue reading

iDroid trojan could disrupt mobile business capabilities

May 01, 2014

A new malware released in the mobile device world has potential to cause significant damage.

Surfacing from the Russian hacking underground, the so-called iDroid trojan is capable of attacking both iOS and Android operating systems – the majority of the world's mobile devices. Posts about the supposed malware were discovered by researchers from cyber intelligence firm SenseCy in late April. The firm reports iDroid is apparently on sale on the cyber crime black market for USD$800 – $1500.

Continue reading

Ensuring security in a changing tech environment

April 01, 2014

Technology is in a constant state of flux as new devices are released and manufacturers make inroads towards establishing new device categories.

For consumers, this means a constant range of new, exciting devices to choose from, whether they're mobile phones or desktop computers. For businesses, this means tough purchasing considerations, as a variety of factors need to be considered. One area that may be overlooked with new machine purchases throughout this year is security.

Continue reading

Australian banks targeted by Malware

March 29, 2014

Australian bank customers could be at risk as a new virus designed to steal banking information has begun spreading.

Australian customers have recently fallen victim to a slew of Malware attacks. Called Hesperbot, the trojan was first observed overseas in Turkey, which remains its most targeted area. The virus has subsequently been seen in Portugal and the U.K, as well as the Czech Republic.

Continue reading

Board communications security and the move to mobile technologies.

March 27, 2014

This case study follows a review we undertook for an ASX Top 20 company. It addresses security of information at the Executive and Board levels – communications, distribution, sharing etc with the move to mobile technologies in the Boardroom.

The results of our work went straight to the top and culminated in the company re-assessing how they were protecting this strategic and highly confidential information. The implications of not doing so, could have had dire results in the event of a compromise. Once we delivered our results, the company understood and responded immediately. (However, most companies are still not doing this as they are unaware of the risks).

Download here: Case Study – Securing the Technology Change Agenda

Do wearables pose a business security threat?

March 20, 2014

Wearable devices are set to be the next area of IT growth, and will certainly see business implementation due to their efficiency and financial benefits.

These devices offer fast communication at lower prices than that of mobile phones or tablets. By using these devices businesses will be able to speed up both collaboration and communication. Security risks, however, will be presented with device adoption.

Continue reading

Smart Connected Devices could open businesses to unknown threats

March 18, 2014

Growth in the smart connected device (SCD) market this year will enforce the need for businesses to place mobile technology at the forefront of security concerns. Failing to do so could result in data breaches, leaks and reputation damage.

PCs, tablets and smartphones saw shipments climb over 16 million units in the fourth quarter of 2013 in the United Kingdom alone, with other parts of the world experiencing similar growth. This data comes out of a recent report from the International Data Corporation (IDC). These devices will likely have found their way into workplaces across the country.

Continue reading

HP identifies enterprise security risks

February 25, 2014

Computer manufacturer HP has recently published the Cyber Risk Report for 2013, created by HP Security Research, a smaller division of the company.

The report identifies the security risks likely to impact businesses and the current threats causing issues right now. HP identified mobile devices, insecure software and growing Java applications as areas of particular risk.

Continue reading