Imagine getting a notification from your bank, asking for your cooperation in installing an updated version of their mobile app. After downloading the app, it asks for administrator privileges. The notification you received said it would indeed prompt the question and so you allowed it. You try the app out and it works fine. You were…Read More
With the year-end shopping season over, many consumers now have new various smart gadgets in their homes. One particularly popular usage of this so-called Internet of Things (IoT) are smart TVs. These TVs are more than just passive display devices; many of them can even run Android apps as well. Some may find these features useful, but these capabilities…Read More
A total of 6.1 million devices – smart phones, routers, smart TVs – are currently at risk to remote code execution attacks due to vulnerabilities that have been fixed since 2012.
The vulnerability exists in the Portable SDK for UPnP™ Devices, also called libupnp. This particular library is used to implement media playback (DLNA) or NAT traversal (UPnP IGD). Apps on a smartphone can use these features to play media files or connect to other devices within a user’s home network.Read More
When experts call on people to brace for disaster, it’s always based on signs that point to impending events. This quarter, we saw numerous signposts pointing to hazards to sensitive data that could lead to damages to individuals’ personal lives and organizations’ operations. The high-profile breaches, vulnerability exploits, and other attacks we saw this past…Read More
We recently discussed both the backdoor-like behavior of the Moplus SDK and the related Wormhole vulnerability. Because the Moplus SDK was developed by Baidu and not publicly accessible, we initially thought the problem was limited to Baidu apps. Our latest research suggests that popular non-Baidu apps are also affected. The growing impact Our scanning identified more than 14,000…Read More