Raising the bar in Mobile Security

Today we announce our partnership with West Coast Labs, a leading certification firm in the digital security industry, to power its next generation certification program for Enterprise Mobile Security. Our NewSky Security AppRisk™ platform will be the technical building blocks for end-to-end Checkmark Mobile Application Certification.  This automation platform starts with Android mobile devices and…

Case Study: Hacking Smart Lock Security

Kwikset Kevo Smart Lock

Update: This case study was presented at the CanSecWest 2016 conference held in Vancouver, British Columbia, Canada. The presentation is available as a PDF from this link.   Exponential growth of smart technology and Bluetooth Smart With the booming of Internet of Things (IoT), Bluetooth Smart, or Bluetooth v4.0 (aka Low Energy or BLE), has…

Mobile devices bundled with malware?

When you purchase a mobile device, you expect the device to be free of digital threats, clear of viruses, and otherwise safe to use. According to a G Data Mobile Malware Report for Q2 of 2015, more than 20 smartphone models were identified to contain modified or manipulated versions of common apps such as Facebook:…

Smart devices as Bitcoin mining slaves

Recently, we blogged about unintentionally installing Android ransomware to an Android HD media player. It is possible and probable that other unwanted programs, such as Bitcoin mining trojans could be installed on a smart device. Background Bitcoin (BTC) is one of several popular digital (virtual) currency payment systems. It is decentralized and functions peer-to-peer (P2P)…

Stagefright scan and removal tool

0xID Labs has created a utility to scan for and remove malformed media files that match certain criteria that resemble a Stagefright exploit. Update August 6, 2015: In light of the recent disclosure by Zimperium at Black Hat 2015, we’ve updated coverage for additional threat vulnerabilities. This tool is for immediate release to use by…

Critical Stagefright flaw, millions affected

In late July, researchers with Zimperium announced the discovery of a critical flaw in the Android library libstagefright, potentially affecting 95% of all Android devices, from Android Froyo (2.2) to Lollipop (5.0). The flaw could result in the device getting owned if successfully exploited. Google illustrates Android media architecture and framework in the following diagram:…

Removing Android ransomware from my tv

In July, you may have read how I unwittingly installed Android ransomware to my HiMedia HD600a HD Media player.   Well I wasn’t going to just toss out my device, I wanted it back, so I worked on getting rid of the ransomware. Timing is everything I have to say, it was very tricky to…

OBD Case Study: Gone in 6 Seconds

History Prior to the 1980s, vehicle diagnostics were more hands-on, and on-board computers were not fully developed. Identifying a car’s trouble meant testing fuses, relays, and opening up components and performing visual inspections, or using timing lights. During the 1980s and early 1990s, cars became more computer-controlled, such as controlling engine idle, vehicle speed and so…

IoT In The News: Uconnect Hack

In July, it was revealed that two researchers, Charlie Miller and Chris Valasek, were able to successfully connect to a vehicle’s computer remotely, over the Internet, and control the car’s mobility by disabling the brakes, or issuing a kill command to stop the engine. Scary. The vehicle was a Jeep Cherokee and it was outfitted…

Mobile Intelligence Case Study: General vs Medical apps

In this post, we share some of our findings from submitted apps.  This data reflects our common vision on mobile app vulnerabilities and risks.  On the one hand, malware is not the only threat vector in the mobile space. This is particularly true for sandbox architecture platforms such as Android and iOS, where it is more difficult for…