La grave falla que afecta a 900 millones de teléfonos Android y cómo saber si el tuyo es vulnerable – El Mostrador

La firma de seguridad Checkpoint detectó varias fallas de seguridad que pueden dar a potenciales atacantes acceso a los datos en más de 900 millones de dispositivos Android. ¿De qué se tratan? ¿Y cómo puedes averiguar si te afectan?

Fuente: La grave falla que afecta a 900 millones de teléfonos Android y cómo saber si el tuyo es vulnerable – El Mostrador


Tedic rechaza afirmaciones del Gobierno sobre sistemas de espionaje

La organización no gubernamental Tecnología, Educación, Desarrollo, Investigación y Comunicación (Tedic) rechazó las expresiones del ministro de la Secretaría Nacional Antidrogas (Senad), Luis Rojas, sobre el sistema de espionaje adquirido por el Gobierno. Pide transparencia y rendición de cuentas.

Fuente: Tedic rechaza afirmaciones del Gobierno sobre sistemas de espionaje


Senad asume compra de software para ubicar a personas – Paraguay.com

Paraguay: Meses atrás trascendió la información acerca de un software espía adquirido por el Gobierno. Desde la Senad asumen la compra, sin embargo aseguran que no sirve para vigilar sino solo para ubicar a las personas.

Fuente: Senad asume compra de software para ubicar a personas – Paraguay.com


SS7 Attack Circumvents WhatsApp and Telegram Encryption – UPDATED

Mobile networking experts from security firm Positive Technologies revealed last week a new attack that uses the SS7 mobile telecommunications protocol that allows attackers to impersonate mobile users and receive messages intended for other people.

Fuente: SS7 Attack Circumvents WhatsApp and Telegram Encryption – UPDATED


Wi-Fi hack creates 'no iOS zone' that cripples iPhones and iPads | Technology | The Guardian

Wi-Fi hack creates ‘no iOS zone’ that cripples iPhones and iPads | Technology | The Guardian.

A woman uses her iPhone while waiting to cross an intersection in Beijing, China, 28 January 2015. A woman uses her iPhone while waiting to cross an intersection in Beijing, China, 28 January 2015. Photograph: Rolex Dela Pena/EPA

A newly revealed bug in iOS lets attackers force iPhones and iPads into restart loops, repeatedly crashing and rebooting, using nothing but aWi-Fi network.

Once the user has entered what its discoverer, security researchers Skycure, dubs the “no iOS Zone”, there’s no way to fix their phone other than escaping the range of the malicious network; every time it reboots, it crashes almost immediately.

The basis of the attack uses a “specially crafted SSL certificate”, typically used to ensure a secure connection, to trigger a bug in the operating system that crashes out any app using SSL.

“With our finding, we rushed to create a script that exploits the bug over a network interface,” the researchers wrote. “As SSL is a security best practice and is utilized in almost all apps in the Apple app store, the attack surface is very wide. We knew that any delay in patching the vulnerability could lead to a serious business impact: an organized denial of service (DoS) attack can lead to big losses.”

But in addition to crashing individual apps, the bug can be used to crash the underlying operating system as well. “With heavy use of devices exposed to the vulnerability, the operating system crashes as well. Even worse, under certain conditions, we managed to get devices into a repeatable reboot cycle, rendering them useless.

“Even if victims understand that the attack comes from a Wi-Fi network, they can’t disable the Wi-Fi interface in the repeated restart state as shown in the video.”


Chinese Android phones contain in-built hacker 'backdoor' | Technology | The Guardian

Chinese Android phones contain in-built hacker ‘backdoor’ | Technology | The Guardian.

Coolpad
 Smartphones from Chinese manufacturer Coolpad found to have malware pre-installed. Photograph: Coolpad

Smartphones from a major Chinese manufacturer have a security flaw that was deliberately introduced and allows hackers full control of the device.

The “CoolReaper” backdoor was found in the software that powers at least 24 models made by Coolpad, which is now the world’s sixth-biggest smartphone producer according to Canalys.

The flaw allows hackers or Coolpad itself to download and install any software onto the phones without the user’s permission.

“The operator can simply uninstall or disable all security applications in user devices, install additional malware, steal information and inject content into the users device in multiple ways,” according to a report on the malware by security firm Palo Alto Networks (Pan).


Third-party Snapchat site claims pics were hacked from server | Technology | theguardian.com

Third-party Snapchat site claims pics were hacked from server | Technology | theguardian.com.

Developers behind Snapsaved.com, which stores Snapchat pictures, claim user photos were stolen – while another claim the site’s administrator gave access to hackers

The Snapchat logo: third-party sites have been hacked to reveal images that were meant to self-destruct.
The Snapchat logo: third-party sites have been hacked to reveal images that were meant to self-destruct. Photograph: Peter Byrne/PA

The owners of the Snapsaved site, from which a number of photos sent over the Snapchat service were leaked at the weekend, say that they were hacked to reveal the pictures.

The statement follows a claim by an unknown person who says that the photos which leaked out on Sunday were provided by the site’s administrator.

They also say that the distribution of the photos would be potentially harmful both to those pictured and to the wider internet because of its effects on personal privacy.

On Sunday, thousands of photos and videos from the Snapchat service were put online, apparently taken from sites including Snapsaved.com, which had allowed people to log in using their Snapchat username and password to offer desktop-based rather than handset-based access to the site – and also the chance to store photos, which are meant to be deleted within seconds of being viewed.

Snapchat blamed third-party apps, without naming Snapsaved, for the breach.

In a Facebook posting, an unnamed spokesman for the Snapsaved site says that “I would like to inform the public that snapsaved.com was hacked” due to a mistake in the setup of its web server. “As soon as we discovered the breach in our systems, we immediately deleted the entire website and the database associated with it,” the unsigned statement continues. “As far as we can tell, the breach has effected [sic] 500MB of images, and 0 personal information from the database.”

The rebuttal comes after another anonymous claim, made via a posting on the Pastebin site – commonly used by hackers to post claims and conquests – that the administrator of Snapsaved had provided one or more hackers with a way to browse the content on the site.

“The content released from this site was provided to us by the administrator of the site,” the writer claimed. “Users could freely browse all media on this website, and view as per user account.


Images from up to 200,000 teenagers leaked on to internet after users lured into saving images on Snapsaved.com

jennifer lawrence
It is suspected that those behind the Snapchat scam are linked to the people responsible for the collection and posting of nude photos taken by hundreds of celebrities, including Jennifer Lawrence. Photograph: Axelle/Bauer-Griffin/FilmMagic

Videos and pictures of as many as 200,000 teenagers posted via the Snapchat service and stored on a third party website have been put online, apparently by the same people who were behind the posting of nude celebrity photos in August.

The photos and videos were captured after some users of Snapchat – a mobile phone app which allows people to send photos to each other but which delete themselves within seconds of being viewed – were tempted into using a site called “Snapsaved.com”. That offered to let them use the service on a website on a desktop computer, rather than just on a mobile phone.

But the site appears to have been maliciously saving the users’ login details and storing the photos and videos that were posted. An app called Snapsave, which offers similar functionality but whose developer says it only stores photos on the user’s mobile phone, is not believed to be involved.

By getting a user’s username and password, the site could authorise itself to Snapchat’s servers, and receive or send pictures they viewed through it but could also store it without the knowledge of the user or Snapchat.

It is suspected, but not so far proven, that those behind the scam are linked to those responsible for the collection and posting in August of personal and often nude photos taken by hundreds of celebrities, including Jennifer Lawrence and Kim Kardashian. The celebrity photo leak began with discussions on one of the 4chan discussion forums, and the latest photos have also come via 4chan leaks.

After warnings appeared on the bulletin board 4chan on Friday that the photos would be leaked, a site went live on Sunday offering 13 gigabytes of content which was said to have been captured from users.


Sophisticated iPhone and Android malware is spying on Hong Kong protesters | The Verge

Sophisticated iPhone and Android malware is spying on Hong Kong protesters | The Verge.

Researchers say all signs point to the Chinese government

 

 

A fake smartphone app is being used to remotely monitor pro-democracy protesters in Hong Kong, according to a report from the New York Times. Researchers from Lacoon Mobile Security say the phishing scam is spreading across the messaging application WhatsApp, through texts that read: “Check out this Android app designed by Code4HK for the coordination of OCCUPY CENTRAL!”, along with a link to download software. Lacoon says the software, once downloaded, can access a user’s personal data, including phone calls, text messages, and the physical location of their smartphone. Code4HK — a developer community that has helped to spread information about the protests — tells the Times it had nothing to do with the texts.

 

The origin of the scam remains unknown, but Lacoon CEO Michael Shaulov says the Chinese government is likely behind it, given the location of the servers and the sophistication of the operation. The company traced it to a computer that they say is similar to those that the Chinese government allegedly used to launch cyberattacks against US targets last year. The spread of the app remains equally unclear, though Shaulov says it was downloaded by one out of every ten phones that received the fake message. It has affected both Android and iOS users alike, although many in the security world have noted that only jailbroken iOS phones are vulnerable.


Google defiende su seguridad: “es innecesario usar antivirus en Android” – BioBioChile

Google defiende su seguridad: “es innecesario usar antivirus en Android” – BioBioChile.


Lucas Zallio (CC)

Lucas Zallio (CC)

Publicado por Christian Leal
Si las advertencias de las empresas de seguridad digital te tenían en la incertidumbre sobre la necesidad de usar un programa antivirus en tu teléfono o tablet con Android, ya puedes ir despreocupándote. Al menos eso en la visión de su fabricante, ya que la propia Google salió adesmentir la necesidad de utilizar una de estas aplicaciones.

“Más del 99% de los usuarios no obtendrán ningún beneficio de una solución antivirus. Definitivamente no hay ninguna razón para que instalen algo en adición a la seguridad que nosotros mismos proveemos”, aseguró el ingeniero jefe de seguridad de Android, Adrian Ludwig.

Según relató Ludwig al Sidney Morning Herald, las empresas de seguridad publicitan de forma engañosa las estadísticas a fin de elevar las ventas de sus productos, mostrando la cantidad de aplicaciones maliciosas existentes en internet, pero no las que realmente se instalan en un teléfono o afectan a un usuario.

“Nosotros consideramos a una aplicación de Android como potencialmente dañina cuando afecta a los usuarios. Si nadie jamás instala esa aplicación, ¿qué importancia tiene? Si esa aplicación nunca llega a aparecer en Google Play (la tienda de aplicaciones), ¿tiene alguna importancia? Eso es lo que cuenta para nosotros”, explicó.