It seems like we can't go a week without hearing about another massive security breach at a mega-corporation. This week's shocker comes courtesy of T-Mobile, at least according to one self-reported hacker claiming to sell the company's customer data. T-Mobile says it's "investigating" the possible theft of data from over 100 million people. If true, it would be the fourth notable data breach from T-Mobile in the last four years.
Your phone and its associated number are always with you, and only you, so it makes sense that a text message sent to you is a solid secondary method for authenticating a login. But savvy tech users know this method of verification is rife for exploitation: SIM jacking, SS7 attacks, and other hacking methods are now common. A recent investigation showed that it's possible to perform similar attacks with readily-available marketing tools, with the victim none the wiser.
Alert! Alert! If you use Instagram's Android app, complete strangers could be looking at your photos of appetizers and makeup techniques right now! ...which is kind of the point of Instagram, I suppose. But security researcher Mazin Ahmed discovered that the app uses standard HTTP to transmit photos, cookies, and authentication (including usernames and unique IDs), instead of the encrypted HTTPS protocol. As Mr. Mackie is so fond of saying, that's bad.
Using a set of freely-available tools, Ahmed was able to hijack the app's connection from a PC on the same network and authenticate as the relevant user. It's a fairly standard technique for hackers, which is why most sites and services with any kind of log-in functionality usually use HTTPS by default, including Instagram's owner, Facebook.
Welcome to the latest entry in our Bonus Round series, wherein we tell you all about the new Android games of the day that we couldn't get to during our regular news rounds. Consider this a quick update for the dedicated gamers who can't wait for our bi-weekly roundups, and don't want to wade through a whole day's worth of news just to get their pixelated fix. Today we've got a casual flight simulator, a hellish puzzle game, an ambitious space fighter, a sneaky Scrabble variant, a motorcycle trick game, and a virtual hacking title. Without further ado:
Fractal Combat X (Premium)
Flight simulators are pretty tough to pull off on touchscreens, so those that make it to the Play Store tend to go for the casual approach, fitting in somewhere between Wing Commander and Space Harrier.
Over at Black Hat USA 2012, security researcher Ralf-Phillip Weinmann demonstrated a vulnerability in several Android devices that utilized A-GPS to send illicit messages to the device which could, he explained, be used to send a report of the device's location any time an A-GPS message was sent or even be used to gain complete control of the device.
In describing the attack, Weinmann pointed out that, for example, a malicious WiFi network could instruct a phone to relay all future A-GPS requests, even once the device has left the WiFi network's range. This even further drives home the point that you should not join any networks you don't trust.
As Android's market share continues to grow, it is inevitable that it will become a target for viruses and other malware. Indeed Steve Chang, the chairman of Trend Micro, a provider of security software, cautioned that Android is far more susceptible to malware attacks than iOS.
In an interview with Bloomberg, Chang claimed that Android's open source infrastructure allowed hackers to better understand the underlying architecture and source code. In contrast, Chang gave Apple credit because he believed that they were very careful about malware and that it was "impossible for certain types of viruses to operate on the iPhone."