New Security Flaw Found in LTE Standard
Researchers have recently discovered a new security vulnerability affecting all 4G LTE networks. The so-called "aLTEr" attack could allow someone nearby to send your phone's browser to a web site different than the one requested, impersonating your bank's web site, for example. Similarly, it could trick an app into connecting to a different back-end service. aLTEr requires that the attacker use $4,000 equipment and be within about a mile of the victim, among other challenges. Although a successful attack is difficult, it could be used against high-value targets such as politicians, military personnel, journalists, employees of corporate rivals, etc. The flaw is inherent in the LTE standard and unlikely to be fixed. However, because aLTEr relies on DNS spoofing, it can be avoided by only using web sites and services that employ both HTTPS and DNSSEC. Currently, less than 1% of .com web sites employ DNSSEC, although many high-value sites do use it.
Cloudflare Makes 188.8.131.52 DNS Available to Android and iOS
Cloudflare has extended its fast and private 184.108.40.206 DNS to mobile devices in a simple-to-use app. The 220.127.116.11 DNS is based on Cloudflare's global network, which the company claims is 28% faster than other public resolvers.
Researchers Say WiFi Vulnerability Impacts Nearly Everything
Oct 16, 2017
Researchers say they've found a serious gap in the WPA2 security protocol that can allow hackers to use k ey r einstallation a tta cks (KRACKs) to compromise most WiFi devices. The researchers say the method allows hackers to read encrypted information transiting via WiFi, including passwords, emails, photos, credit card numbers, and more.
Motorola Updates Affordable Lineup for 2018
Apr 19, 2018
Motorola today announced four new affordable Android phones coming to the U.S. market before mid-year.
Google Now Highlighting Insecure Web Sites
Jul 24, 2018
Google is now calling out web sites that don’t use https for security. Google announced in February that Chrome 68 would begin highlighting insecure sites.
Bluetooth Bug Could Expose Devices to Attack; Patch Coming
Jul 24, 2018
Researchers at the Israel Institute of Technology discovered a vulnerability in Bluetooth's Secure Simple Pairing and LE Secure Connections features that could lead to man-in-the-middle attacks. According to the researchers, the Bluetooth specification doesn't require devices with these features to validate the public key when pairing with new hardware.