Mozilla's new Android browser blocks ads and trackers

Mozilla has extended and improved its Firefox Focus browser, heretofore an Ios product, bringing it to Android, with auto-blocking of trackers and ads and making it easy to erase your browser history. Read the rest

Binky: a fully automated social network that doesn't require you to be sociable

Have you ever wished you had a social media feed you could like, fave, signal boost and comment on without having to actually interact with people in any way? Binky has you covered. Read the rest

Chinese Apple employees and contractors sold users' private data for as little as $1.50

Police in China's Zhejiang announced that they worked with colleagues in four provinces to arrest 22 suspects in a data-theft ring that raided Apple's internal networks for Iphone owners' sensitive personal information ("names, phone numbers, Apple IDs, and other data") which they sold to criminals for as little as $1.50. Read the rest

Police now routinely crack and extract all phone data from arrestees

Muckrock filed Freedom of Information Requests with multiple US police forces to find out how they were using "mobile phone forensic extraction devices" -- commercial devices that suck all the data out of peoples' phones and make it available for offline browsing. Read the rest

Netflix app will no longer run on rooted Android devices

Netflix has become one of the main forces for DRM in the world, a driver behind the W3C's dangerous, web-scale DRM project, and now they've announced that their app will no longer run on rooted/bootloader unlocked Android devices, because these devices can run code that overrides Google Widevine DRM (Widevine doesn't work well under the best of circumstances, and it harbored unpatched, showstopper bugs since its very inception). Read the rest

What's inside a phone that's designed to fit inside your rectum?

On Hackaday, Alasdair Allan documents the ingenious techniques employed in the creation of the Beat the Boss Phone, a tiny, lozenge-shaped phone (with a voice-changer) that is designed to be smuggled past the BOSS metal detectors used in UK prisons in the rectums of prisoners. Read the rest

Mobile phone security's been busted for years, and now 2-factor auth is busted too

The SS7 vulnerability has long been understood and publicized: anyone who spends $1000 or so for a mobile data roaming license can use the SS7 protocol to tell your phone company that your phone just showed up on their network and hijack all the traffic destined for your phone, including those handy SMSes used to verify sketchy attempts to log into your bank account and steal all your money. Read the rest

Even by North Korean standards, the DPRK's Ullim tablet is creepily surveillant

The Ullim Tablet is the latest mobile device from North Korea to be subjected to independent analysis, and it takes the surveilling, creepy nature of the country's notoriously surveillant Android devices to new heights of badness. Read the rest

Iran sucks at censoring apps, so the Persian diaspora is using them for unfiltered political discussion

With a (symbolic) (but it's a potent symbol) election looming in Iran, the global Persian diaspora is not lacking for news organs that are producing the kind of unfiltered political news that would get you jailed or killed in Iran. Read the rest

A look inside the shady world of Flexispy, makers of "stalkerware" for jealous spouses

Motherboard's Joseph Cox continues his excellent reporting on Flexispy, a company that make "stalkerware" marketed to jealous spouses through a network of shady affiliates who feature dudes beating up their "cheating girlfriends" after catching them by sneaking spyware onto their devices. Read the rest

Lawsuit alleges Bose's headphone app exfiltrates your listening habits to creepy data-miners

Bose's $350 wireless headphones need an app to "get the most" out of them, and this app monitors everything you listen to -- the names of the podcasts, the music, videos, etc -- and sends them to Bose without your permission, according to a lawsuit filed this week in Chicago by Kyle Zak. Read the rest

Masterprints: synthetic fingerprints that unlock up to 65% of phones (in theory)

When the touch-sensors on phones capture your fingerprint, they're really only taking a low-resolution, partial snapshot and loosely matching it to a stored image -- which is how a research team from MSU and NYU were able to synthesize their Masterprints ("a fingerprint that serendipitously matches a certain proportion of the fingerprint population"), which drastically reduce the space of possible "guesses" that an attacker has to make to unlock a phone or other device. Read the rest

Poisoned wifi signals can take over all Android devices in range, no user intervention required

Vulnerabilities in the Broadcom system-on-a-chip that provides wifi for many Android devices mean that simply lighting up a malicious wifi access point can allow an attacker to compromise every vulnerable device in range, without the users having to take any action -- they don't have to try to connect to the malicious network. Read the rest

Samsung's created a new IoT OS, and it's a dumpster fire

Tizen is Samsung's long-touted OS to replace Android and Israeli security researcher Amihai Neiderman just delivered a talk on it at Kapersky Lab's Security Analyst Summit where he revealed 40 new 0-day flaws in the OS, and showed that he could trivially send malicious code updates to any Tizen device, from TVs to phones, thanks to amateurish mistakes of the sort not seen in real production environments for decades. Read the rest

Verizon mandates pre-installed spyware for all its Android customers

"Appflash" will come pre-installed on all Verizon Android handsets; it's a Google search-bar replacement, but instead of feeding telemetry about your searches, handset, apps and activities to Google, it will send them to Verizon. Read the rest

Stingray for criminals: spreading mobile malware with fake cellphone towers

Police who rely on vulnerabilities in crooks' devices are terminally compromised; the best way to protect crime-victims is to publicize and repair defects in systems, but every time a hole is patched, the cops lose a tool they rely on the attack their own adversaries. Read the rest

An anti-eavesdropping hands-free headset/muzzle that looks like Bane's mask and changes your voice to Vader's

Hushme is an electronic muzzle that you strap around your face, talking into its built-in mic in order to prevent people from eavesdropping on your calls; you can also use it to change your voice so you sound like a howler monkey or Darth Vader. If this isn't a hoax, its so deep into Poe's Law territory that it might as well be one. Read the rest

More posts