May 28, 2020

posted on Thursday, May 28, 2020 at 8:16 AM

Android ‘StrandHogg 2.0’ flaw lets malware assume identity of any app

By John E Dunn

Researchers have publicized a critical security flaw in Android which could be used by attackers to “assume the identity” of legitimate apps in order to carry out on-device phishing attacks.

Discovered by Norwegian company Promon, the bug is called ‘StrandHogg 2.0’, the name denoting that this is an “evil twin” follow up to a similar flaw of the same name made public by the company last year.

Strandhogg is, apparently, the old Norse word for the Viking tactic of sailing up to coastal towns and plundering them, which isn’t a bad description of what the bug might be capable of if it were used in a real attack.

Promon doesn’t delve into the inner workings of the flaw in huge detail but malware exploiting it would be able to overlay a malicious version of any app over the real app, capturing all logins as they are entered by an oblivious user.

Users tap on the icon of the correct app and think they are logging into their email, say, when in fact they are really logging into an interface controlled by an attacker.

Attackers need to know which apps they are targeting in advance but can phish multiple apps in one attack without the need for rooting, admin privileges or special permissions, Promon said.

Promon claims the code used in the attack would be obfuscated enough that it could slip past Google Play’s security layers as well as on-device security apps, making it hard to detect.

Read more at https://nakedsecurity.sophos.com/2020/05/28/android-strandhogg-2-0-flaw-lets-malware-assume-identity-of-any-app/

 

Apple sends out 11 security alerts – get your fixes now!

By Paul Ducklin

Apple has just blasted out 11 email advisories detailing its most recent raft of security fixes.

Confusingly, some of these updates have been available for several days already – the most recent version of iOS is 13.5, and it was officially announced on Apple’s main Security update page on 20 May 2020.

In fact, the updates listed for iOS and watchOS are still flagged [2020-05-27T12:00Z] with the words “details available soon “, even though Apple’s Security Advisories have full details.

And Apple’s updates for its non-mobile software products are covered in detail in the Advisory emails, but are not yet mentioned at all on the HT201222 security page.

Read more at https://nakedsecurity.sophos.com/2020/05/27/apple-sends-out-11-security-alerts-get-your-fixes-now/

ACS

Advanced Computer Services of Central Florida

Centrally located in Winter Haven, we serve residential and business clients in and around Polk County.

9 Camellia Drive
Winter Haven, FL 33880
863-229-4244

Our Promise to You

Plain language, no tech-talk

We will never try to over-sell you a product you don't need.

Advanced Computer Services of Central Florida is your local, hometown computer service and repair company that can do more than just fix your PC.  We offer highly skilled professionals who can be counted on to give you sound advice on upgrades, software and hardware, commercial & residential networks, hardwire or secure wireless.

No trip charges within Polk County

No after-hours or weekend fees

$45.00/hr Residential

$65.00/hr Commercial - free system evaluation