zimperium
Latest
NYC's security app is ready to protect your phone
You now have your chance to see just how well a New York City-backed mobile security app works in practice: the metropolis (and its tech partner Zimperium) has released NYC Secure for both Android and iOS. As promised, the free software can detect device, app and network threats and recommend actions if it finds something worrisome. It'll advise you to disconnect from a suspicious WiFi hotspot, or tell you to uninstall a malware-laden app. You don't need an internet connection, and it won't transmit sensitive information.
Google warns of Android flaw that lets attackers hijack phones
Rooting (that is, using a security flaw to gain control over an operating system) is a staple of the Android enthusiast world, but it's also used by would-be attackers... and Google just offered a textbook example of this problem. It's warning of a vulnerability in Android's Linux-based kernel that lets apps get root access, giving intruders free rein over your device. And this isn't just a theoretical exercise -- Zimperium (which discovered the Stagefright bug) says it has spotted publicly available apps that make use of the hole.
'Stagefright' vulnerability files released to the wild
On the heels of its Stagefright detection app, Zimperium (the outfit that discovered the Android security flaw) has released its exploit to the public. But before you get your hands dirty tinkering with it to find a fix there are a few things you need to consider. Zimperium says that it was tested on a Nexus device that was running Ice Cream Sandwich 4.0.4 and that "due to variances in heap layout" this exploit isn't entirely reliable. The Python script does work to take advantage of "one of the most critical" vulnerabilities the outfit discovered in the security flaw's library, however. Perhaps the biggest caveat, though, is that since the file was tested with Ice Cream Sandwich, Zimperium says that elements of Android 5.0 Lollipop, the fast-growing OS of choice for Android users, basically nullify its attempts to address the problem.
Android app learns from your phone to fend off malicious attacks
The last time we heard from Itzhak 'zuk' Avraham, he was at Defcon 2011 showing off an Android app that let even inexperienced users poke around networks for weak links and vulnerable computers. Now his company, Zimperium, is rolling out a new mobile intrusion protection app (or zIPS, for short) to help users figure out when their phones are subject to sneak attacks. There's no shortage of mobile antivirus apps out there, but according to MIT Technology Review Avraham doesn't think the prevailing approaches are up to snuff. Many of them check downloaded files for known malware signatures, but zIPS' machine learning system helps it figure out how your smartphone normally works and detects changes that may be symptomatic of something sketchy. That includes detecting seemingly benign apps that later download malicious payloads, man-in-the-middle-attacks and still more mobile nastiness. Currently zIPS is enterprise-only, but a consumer version is in the works and the team hopes to hit iOS devices and a slew of connected home gadgets in short order.
Android Network Toolkit lets you exploit local machines at the push of a button
Defcon 2011 is in full hacking swing, and Itzhak Avraham -- "Zuk" for short -- and his company Zimperium have unveiled the Android Network Toolkit for easy hacking on the go. Need to find vulnerabilities on devices using nearby networks? The app, dubbed "Anti" for short, allows you to simply push a button to do things like search a WiFi network for potential targets, or even take control of a PC trojan-style. To do this, it seeks out weak spots in older software using known exploits, which means you may want to upgrade before hitting up public WiFi. According to Forbes, it's much like Firesheep, and Zuk refers to Anti as a "penetration tool for the masses." Apparently, his end-goal is to simplify "advanced" hacking and put it within pocket's reach, but he also hopes it'll be used mostly for good. Anti should be available via the Android Market this week for free, alongside a $10 "corporate upgrade." Consider yourself warned.
