Category Archives: Mobile Security

Entries about the security of mobile devices.

PINs still under attack!

This summer was very interesting for new attacks. There are two that I really liked, for very different reasons. They are also both attacks on PIN codes, yet they are quite different. The first one is an attack on ATMs, with a thermal camera, hoping that your fingers stay on the keys long enough to […]

GoogleIO suggestions for new NFC apps

GoogleIO is happening right now in San Francisco. On the agenda, there has been (only?) one talk on NFC in the Android track. During this talk, the speakers gave an introduction to NFC technology, but for someone who knows the basics on NFC, the most interesting parts were the demos, showing interesting NFC applications. But […]

Android malware better, still accessible

I have been lazily looking at the latest Android piece of malware these past few days, until a tweet written this afternoon by @cryptax: Disagree with http://bit.ly/hq5J6H on raising entry fee of #android dev: organized gangs will still pay. Genuine individuals no. It sure sounded to me that I agreed with Axelle, and not only […]

Android Malware, Permissions, and Side Channels

New Android malware keeps popping up, and the latest one to be publicly discussed is very typical of what we are seeing these days. And frankly, I haven’t found them very impressive. In short, the attack consists in recording phone calls, identifying calls to credit card support lines, then analyzing the recording to identify the […]

2011: The year of mobile malware? Nope.

One of the discussion topics at this week’s Mobile Security Barcamp in Sophia Antipolis was mobile malware, with some people claiming that 2011 will be the year of mobile malware. I agree with them that, as mobile takes more and more power, and as platforms like iOS and Android become more and more common, they […]

The Mobile Trust Manifesto

Mobile computing is at a turning point, as the past few years have seen numerous improvements of the capacities of mobile devices. Here are a few of the main characteristics that have dramatically improved: Personal. Mobile phones are becoming some kind of personal hub, on which all communications means are concentrated, in particular around social […]

Mobile Trust, from M-Pesa to Bump

Mobile banking in Africa is becoming a well-known example of how technical and business innovation can benefit poor people around the world (on NPR, for isntance). Such systems now existing in other countries, but they are all more or less based on the same technical and business models. On the technical side, these financial applications […]

Mobile security remains flaky on smartphone apps

With my colleagues, I have been looking at the security of mobile applications for a few years, and in most cases, I have been amazed at the lack of security in these applications. Most mobile developers simply don’t seem to care. A security and forensics company has recently looked into mobile applications, and got some […]

Smudge attacks on Android

Researchers have done some interesting work about “smudge attacks” on Android phones. All Android phone owners will have guessed that this attack targets the authentication pattern that is used to unlock an Android phone. And all these owners also know that smudge really is dangerous for this authentication technique. I have tried it with a […]

Twitter and the Security Imbalance

The problems of Twitter with their OAuth implementation have made the headlines, and a full analysis can be found on Ars Technica. The (very) basic idea of the first issue highlighted in this article is as follows: Twitter provides “secret keys” (more like API keys) to developers. When a key is compromised, it is revoked, […]