BlackBerry devices have always been marketed as being very secure. It looks like the Department of Defense agrees. The DoD has officially approved the use of BlackBerry 10 devices, including the full lineup of the Z10, Q10 and the PlayBook, on its network.

This approval has come after earlier reports that the DoD was going to approve Apple iOS devices and some Samsung Galaxy handsets. While iOS 6 devices are expected to join BlackBerry 10 devices in being allowed in the next two weeks, devices running Samsung Knox, the South Korean company’s enterprise mobile solution, have already got the green light.

The Knox was earlier expected to be available with the S4, but later reports have pointed to the feature being available only by July. Samsung is certainly making a good effort, but BlackBerry is still the best when it comes to security.

Scott Totzke, SVP, BlackBerry Security at BlackBerry says: “BlackBerry 10 is ideal for our government customers because it offers a rich, highly responsive mobile computing experience, along with BlackBerry’s proven and validated security model – a combination that’s unmatched in the industry. This approval will enable DoD customers to connect their BlackBerry Z10 or BlackBerry Q10 smartphones to DoD networks and securely access assets from work, while enjoying the wealth of consumer-oriented functionality that BlackBerry 10 brings to market”.

[Source]

[Image Source]

The post BlackBerry 10 Devices Approved By US Department Of Defense appeared first on Mobile Magazine.

Sony have recently rolled out an update to fix a problem with the Xperia Z which had the phone randomly dying and requiring a hard reboot. Now, that problem is fixed Sony’s programmers can now sit down and fix a new and rather serious security flaw.

A new vulnerability on the Sony Xperia Z allows anyone to get access to the home screen, apps, contacts and accounts by keying in the USSD code *#*#7378423#*#*. The hack can be seen in action in the video below and demonstrates just how serious this could be for anyone who leaves their phone unguarded in the presence of a tech savvy Android fan (not likely we know).

We’re waiting to hear what Sony plans to do, but expect another update (and possibly a new bug) for the flagship Xperia Z soon. Is this really a big deal? As long as you keep your phone by your side, probably not. That said, it certainly could be if your phone is lost or stolen.

[ Source ]

The post Sony Xperia Z Bug Makes it Easy to Get Past the Lock Screen appeared first on Mobile Magazine.

The Pwnium 3 competition was hosted as part of the CanSecWest security conference in Vancouver. Google offered up $3.14159 million (“Pi money”), but no one was able to emerge as the winning entry. The competition was with the newest version of Chrome OS running on a base Samsung Series 5 500 Chromebook. If they were able to achieve a browser or system level compromise delivered via a web page, they’d get $110,000. If they were able to get a compromise with device persistence, guest to guest with interim reboot, also delivered through a web page, the prize would be $150,000.

With that much money on the line, no one could do that. That’s got to be a pat on the back for Google. To be fair, they are currently “evaluating some work that may qualify as partial credit.” This is one of the smarter ways to go about things, because it helps to reveal potential vulnerabilities that Google can then address as quickly as possible.

[Source]

The post No One Can Hack Chrome OS at Pwnium 3 appeared first on Mobile Magazine.

A smartphone is as sacred as your diary, and much like your diary you want might want to keep all your personal details, private messages, saucy apps and photos to yourself. Thankfully most phone users can simply set up a password protected lock screen and your secrets will be safe, but owners of the Samsung Galaxy S3 aren’t so lucky.

A new exploit allows anyone to be able to bypass the lock screen on your S3 with very little effort. All someone has to do to get hold of your most private of privates is simply:

1. Hit Emergency call.
2. Enter the Emergency Contacts menu.
3. Press the Home button.
4. Quickly press the Power button directly after the Home button.
5. If you were quick enough you will have an unlocked Galaxy S3 in your grasp

We haven’t managed to try this method, but we have been told that you may have to try a few times to get the timing right, and apparently once successful the lock screen will remain deactivated until the phone is rebooted. If you have access to an S3 give this workaround a go and let us know if you could pull it off.

[ Source ]

The post Samsung Galaxy S3 Bug Allows You to Bypass the Lock Screen appeared first on Mobile Magazine.

This week, RIM has applied for and received an interesting new patent. With the recent picture leaks of the BlackBerry 10, RIM has created technology that would make the blurry inconspicuous photo a thing of the past.The company’s goal is to protect companies from breaches in security, release of unauthorized information and leaks from workers.

The system works by preventing photos from being taken until the camera has been steadily focused for a predetermined amount of time. Each individual IT department would be able to dictate how long that time is, and also turn the feature on and off on employee devices. This could be an inconvenience for shutterbugs that snap a lot of photos, but also could prevent a lot of problems that have occurred.

Now if they can just find a way to prevent their devices from being sold on Ebay ahead of their release date.

What do you think of this patent? Would this feature annoy you, or could it be a positive thing?

[ source ]

The post RIM Hopes to Boost Device Security with New Patent appeared first on Mobile Magazine.

While the Instagram API uses both non-secure HTTP and secure HTTPs connections, the weird thing is that it uses the non-secure path for your account’s authentication. All it does is store a standard cookie on your device, sent without encryption. What this means is that if you’re using an unsecure connection, like public Wi-Fi at Starbucks, someone could potentially intercept that cookie and use it to authenticate themselves into your account.

The hacker can then utilize a variety of API calls to do all sorts of nasty things with your Instagram account, deleting your #foodporn pics with ease. The sad thing is that the person who discovered this security hole contacted Instagram about it, but hasn’t heard anything back. The solution is actually pretty simple on Instagram’s part: start using secure, encrypted cookies instead.

In the meantime, the actual threat level is pretty low, since it’s unlikely the guy at Starbucks is going to try and hack into your Instagram account, but you should be aware that the threat is there.

[Source]

The post Security Threat: Unencrypted Cookies in Instagram iOS App appeared first on Mobile Magazine.

Security flaws and breached accounts are a big issue when it comes to banking, and many banks take sturdy routes to avoid this, but usually ends up with the public using complicated methods to ensure the safety of their bank account.

One commonly used product is a special key generator that manages to generate random codes that can be used to access your account and view your account information online. However, having lots of extra equipment just to use your bank can be inconvenient, and when you’re in a position where you manage many bank accounts at once, differentiating between back card key generators can become a nightmare.

Mastercard have been looking to amend this problem for quite some time now, and after a fair amount of planning, they’re set to release their new product into most Singapore by January 13^th.

The new product has been called the ‘Display card,’ which works just like an ordinary card; it contains all your card details and has a chip to use with ATMs, but the big difference is that the new card has a built in keypad and an LCD display that allows owners to access the same information that previously key generators were needed for.

V. SUBBA, Head of Retail Banking Products for the Standard Chartered Bank in Singapore and Asia, has said that, “In Singapore, many customers bank with multiple banks. We brainstormed on ways to make it convenient and yet secure for customers. The question was: instead of sending customers another bulky token, could we replace something which already exists in the customer’s wallet? That was when credit, debit and ATM cards, immediately came to mind.”

The new card will be available for any Standard Chartered Online Banking and Breeze Mobile Banking customers involved in  high-risk transactions, such as when transferring large sums between accounts or for when dealing with business requests and purchases, and will also display account details like account balance onto the LCD screen.

For now, there hasn’t been much talk about moving this product into any other countries, so Singapore will be a great test site for the reasonably new credit card technology.

[Source]

The post Mastercard’s New Credit Card has LCD Display appeared first on Mobile Magazine.

Yes, the iCloud online backup service is convenient for you, but also means that inquiring minds can effectively gain access to a near real-time copy of all that data. This includes your email messages, call logs, website visit history, text messages, and more. Your data is automatically backed up by iCloud each time it comes in contact with a Wi-Fi access point.

Under normal circumstances, the police would need physical access to your phone in order to tap into all those records. Assuming that they have the proper warrant and everything, law enforcement can presumably get access to the associated Apple ID and password, using the ElcomSoft solution to snoop through those backups in real time. This is even better than tapping into phone calls.

[Source]

The post ElcomSoft Forensics Tool Snoops Through Your iCloud Data appeared first on Mobile Magazine.

When considering new, hi-tech or even sci-fi types of stealthy alternatives to traditional typing in of passwords, many developments have surfaced recently:

• fingerprint recognition — actually, quite old stuff, hardware is very demanding if reliability and tight security are at stake. Can be easily defeated by using an authentic fingerprint of a real pass holder. Or his or her finger, as the last resort;
• eye retina can be just as unique as an individual’s fingerprint. However, it’s also beatable if the intruder gets a good hi-res photograph of that retina of an authenticated individual. Or just his eye, when in an emergency;
• face recognition as a password. Recent debacle with ICS phone rejecting Andy Rubin’s mug at that ground breaking ICS presentation tells us it’s still a joke for consumer grade devices. Can be defeated by photographs any day, or the individual in question sedated heavily next to you;
• finger gestures on a sensor screen. On legacy devices, like signing off your purchase, or a receipt, it’s similar to a digital signature. But this time, in Windows 8, it’s more fun, even if Microsoft Developers’ blog puts a lot of serious calculations and figures behind it.

On the last one,  however, according to the inventor of RSA’s SecurID token, Kenneth Weiss, he doesn’t seem to think that this is “serious security”.

His argument is that those viewing from afar will be able to discern and even video tape the user making their gestures, thus figuring out the correct “picture”.

Sure, it could be just one step, or stage in tightening up the security of access to the device, and good old typing of a long quasy-random alphanumerical password might be still of much help. Just don’t forget about keyloggers and other password-stealing software swirling around you and your secure system.

The post Windows 8 To Have Picture Gesture Passwords appeared first on Mobile Magazine.

More specifically, they have developed an anti-theft car seat that can effectively identify the person sitting in it. The seat itself is outfitted with 360 sensors and it measures the pressure applied at each of these sensors, generating a 3D representation of the weight and weight distribution. The way you sit is like a fingerprint.

The pressure information read by each sensor is then sent to a central laptop, which can then take all that aggregate information to identify key data and identify the driver. The researchers at Tokyo’s Advanced Institute of Industrial Technology say that this system is 98% accurate for identifying drivers. There’s just one huge problem. After a few holiday feasts, your bum signature may be a little heftier than normal. In any case, their goal is to see this tech in consumer-ready cars within the next two or three years.

The post Anti-Theft Car Seat Identifies Driver With 360 Sensors appeared first on Mobile Magazine.