Mobile

Symantec has recently observed phishing scams targeting Apple iPhones in order to gain serial numbers, IMEI, model, and capacity, etc. What is an IMEI? An IMEI (international mobile equipment identity) is a 15-digit unique number used by GSM networks to identify valid devices. Every GSM, WCDMA, or iDEN mobile phone (and even the odd satellite phone) has an IMEI. It can be found under the battery of the device or by typing *#06# on the mobile. If your phone or device is lost or stolen you can report it to your service provider, providing the IMEI number. The service provider can then blacklist the IMEI number, rendering the device unusable in that country. ...

At the BlackHat DC conference and SchmooCon, Nicolas Seriot, an independent researcher and Tyler Shields of Veracode have independently presented two very similar papers. The papers analyse weaknesses in security and application delivery models for iPhone and Blackberry and provide interesting read, especially if you are looking to write the next spyware application or a bot for one of the platforms. ...

Several reports have been published detailing a Blackberry proof of concept (PoC) exploit called txsBBSpy that was recently presented at a security conference. Although it may not have been the aim of the original presenter, some reports have framed the PoC as being able to exploit so-called vulnerabilities that the writers believe to be present in the Blackberry platform. The “vulnerabilities” involve secretly forwarding incoming emails, locating devices by way of their GPS capabilities, eavesdropping on conversations by surreptitiously turning on microphones, and other such nefarious behavior. ...

I received an interesting IM from a friend via BlackBerry Messenger [BBM] this weekend. She was worried that it could do damage to her shiny new BlackBerry and, as she knew I work for [a security company], she forwarded it to me for my opinion. As soon as I read it, I knew it was a hoax and told her just to delete it. ...

Google’s Android mobile operating system has been out for a while and is generating more and more interest. Now there has been some buzz about fraudulent applications being posted on the Android Market. See these postings: Both of these apps were written by an anonymous developer known as 09Droid. In fact, he had a whole collection of online banking applications for sale on the Market: ...