Search
  • Videos
  • Windows 10
  • 5G
  • Best VPNs
  • Cloud
  • Security
  • AI
  • more
    • TR Premium
    • Working from Home
    • Innovation
    • Best Web Hosting
    • ZDNet Recommends
    • Tonya Hall Show
    • Executive Guides
    • ZDNet Academy
    • See All Topics
    • White Papers
    • Downloads
    • Reviews
    • Galleries
    • Videos
    • TechRepublic Forums
  • Newsletters
  • All Writers
    • Preferences
    • Community
    • Newsletters
    • Log Out
  • Menu
    • Videos
    • Windows 10
    • 5G
    • Best VPNs
    • Cloud
    • Security
    • AI
    • TR Premium
    • Working from Home
    • Innovation
    • Best Web Hosting
    • ZDNet Recommends
    • Tonya Hall Show
    • Executive Guides
    • ZDNet Academy
    • See All Topics
    • White Papers
    • Downloads
    • Reviews
    • Galleries
    • Videos
    • TechRepublic Forums
      • Preferences
      • Community
      • Newsletters
      • Log Out
  • us
    • Asia
    • Australia
    • Europe
    • India
    • United Kingdom
    • United States
    • ZDNet around the globe:
    • ZDNet France
    • ZDNet Germany
    • ZDNet Korea
    • ZDNet Japan

The most dangerous iOS, Android malware and smartphone vulnerabilities of 2019

3 of 14 NEXT PREV
  • The iOS, Android security landscape in 2019

    The iOS, Android security landscape in 2019

    Our mobile devices, now glued to our hips, are also conduits for cyberattacks through Internet connections, applications, and communication protocols. 

    Over the course of 2019, we've seen the variety of attacks and vulnerabilities impacting our iOS and Android smartphones escalate. Here are some of the most noteworthy cases.

    Published: December 20, 2019 -- 17:00 GMT (09:00 PST)

    Caption by: Charlie Osborne

  • Wi-Fi firmware issues

    Wi-Fi firmware issues

    To kick off 2019, researchers from Embedi uncovered a vulnerability in Marvell Avastar 88W8897, deployed in products including Samsung Galaxy J1 smartphones, Microsoft Surface laptops, and gaming consoles. 

    If exploited, the bug could be used to trigger malicious code without user interaction. 

    Read on: Wi-Fi firmware bug affects laptops, smartphones, routers, gaming devices

    Published: December 20, 2019 -- 17:00 GMT (09:00 PST)

    Caption by: Charlie Osborne

  • Apple's FaceTime flaw

    Apple's FaceTime flaw

    A teenage Fortnite player stumbled across an iOS bug in FaceTime which allowed him to snoop on the person he was calling -- without their interaction or knowledge. It took countless calls and emails before Apple took the vulnerability report seriously.

    Read on: Severe vulnerability in Apple FaceTime found by Fortnite player

    Published: December 20, 2019 -- 17:00 GMT (09:00 PST)

    Caption by: Charlie Osborne

  • Fake Google reCAPTCHAs

    Fake Google reCAPTCHAs

    A phishing campaign spotted by Sucuri in February involved the use of fake Google reCAPTCHA systems to drop malware, including a malicious Android APK containing the Banker financial Trojan, on mobile devices.

    Read on: Fake Google reCAPTCHA used to hide Android banking malware

    Published: December 20, 2019 -- 17:00 GMT (09:00 PST)

    Caption by: Charlie Osborne

  • Samsung facial recognition failures

    Samsung facial recognition failures

    The Samsung Galaxy 10 was shown to be fooled in March by no more than a video. If a user locked their phone via facial recognition, displaying a video of the owner was enough to dupe the technology into providing access to the smartphone.

    Read on: Samsung Galaxy S10 facial recognition fooled by a video of the phone owner

    Published: December 20, 2019 -- 17:00 GMT (09:00 PST)

    Caption by: Charlie Osborne

  • iMessage bricks

    iMessage bricks

    In July, Google Project Zero disclosed a security flaw in iOS 12.3. If a malformed message was sent to iMessage, this could lead to the device crashing repeatedly and eventually bricking.

    Read on: Google Project Zero reveals bad iMessages could have bricked your iPhone

    Published: December 20, 2019 -- 17:00 GMT (09:00 PST)

    Caption by: Charlie Osborne

  • Bluetooth tracking

    Bluetooth tracking

    In July, a weakness in the Bluetooth communication protocol was made public which impacts Windows 10, iOS, and macOS machines, including iPhones, iPads, Apple Watch, MacBooks, and Microsoft tablets & laptops.

    The MAC-address exploit could be used to track mobile device users, although Android handsets are not vulnerable.

    Read on: Bluetooth exploit can track and identify iOS, Microsoft mobile device users

    Published: December 20, 2019 -- 17:00 GMT (09:00 PST)

    Caption by: Charlie Osborne

  • App history at risk

    App history at risk

    An interesting case emerged this year involving Monokle, spyware designed for Android handsets. The Remote Access Trojan exploits accessibility services to run keyloggers, expose app history, steal photos and videos, track victims via GPS, and more.

    Read on: This Android malware can take photos and videos and spy on your app history

    Published: December 20, 2019 -- 17:00 GMT (09:00 PST)

    Caption by: Charlie Osborne

  • Interactionless iOS attacks

    Interactionless iOS attacks

    A Google researcher reported the existence of six dangerous vulnerabilities impacting iOS in July. Four of the six security flaws allowed "interactionless" attacks on mobile devices and the remote execution of malicious code.

    Read on: Google researchers disclose vulnerabilities for 'interactionless' iOS attacks

    Published: December 20, 2019 -- 17:00 GMT (09:00 PST)

    Caption by: Charlie Osborne

  • Filecoder

    Filecoder

    A new ransomware strain dubbed Filecoder was found in July, and while appearing to be unfinished, has revealed some dangerous capabilities. The malware is disguised as a pornographic app and once it lands on your handset, it will attempt to encrypt files -- based on a list from WannaCry -- and demand up to $200 for decryption.

    Read on: This new Android ransomware infects you through SMS messages

    Published: December 20, 2019 -- 17:00 GMT (09:00 PST)

    Caption by: Charlie Osborne

  • Joker

    Joker

    In September, researchers found a host of malicious apps that managed to avoid Google Play security barriers. 24 apps were downloaded close to half a million times and once installed on a victim's device would plant the Joker malware, able to steal data and generate fraudulent profit through malvertising.

    Read on: Malicious Android apps containing Joker malware set up shop on Google Play

    Published: December 20, 2019 -- 17:00 GMT (09:00 PST)

    Caption by: Charlie Osborne

  • xHelper

    xHelper

    A new strain of Android malware called xHelper, which has infected tens of thousands of devices, makes its operators money through pay-per-install schemes and malvertising. What makes this malware different, however, is high levels of persistence which means that the malware will keep re-installing itself -- even after factory resets.

    Read on: New 'unremovable' xHelper malware has infected 45,000 Android devices

    Published: December 20, 2019 -- 17:00 GMT (09:00 PST)

    Caption by: Charlie Osborne

  • Ad blocker advertising

    Ad blocker advertising

    FakeAdsBlock is an interesting form of Android malware which is being spread as an ad blocker for mobile devices. However, once installed, the app bombards users with ads to generate revenue for its operators.

    Read on: Android malware disguises as ad blocker, but then pesters users with ads

    Published: December 20, 2019 -- 17:00 GMT (09:00 PST)

    Caption by: Charlie Osborne

  • Locked phones still spy on you

    Locked phones still spy on you

    In November, security flaws in Android were publicly disclosed in which millions of devices were vulnerable to attack. The bugs could be used to compromise Google and Samsung handsets for covert spying, as well as to take images and videos without user knowledge -- whether or not the device was locked. 

    Read on: Android flaw lets rogue apps take photos, record video even if your phone is locked

    Published: December 20, 2019 -- 17:00 GMT (09:00 PST)

    Caption by: Charlie Osborne

3 of 14 NEXT PREV
Charlie Osborne

By Charlie Osborne for Zero Day | December 20, 2019 -- 17:00 GMT (09:00 PST) | Topic: Security

  • The iOS, Android security landscape in 2019
  • Wi-Fi firmware issues
  • Apple's FaceTime flaw
  • Fake Google reCAPTCHAs
  • Samsung facial recognition failures
  • iMessage bricks
  • Bluetooth tracking
  • App history at risk
  • Interactionless iOS attacks
  • Filecoder
  • Joker
  • xHelper
  • Ad blocker advertising
  • Locked phones still spy on you

Malware which resists removal to covert spying on locked smartphones -- mobile threats are becoming more complex and dangerous with each year that passes.

Read More Read Less

Apple's FaceTime flaw

A teenage Fortnite player stumbled across an iOS bug in FaceTime which allowed him to snoop on the person he was calling -- without their interaction or knowledge. It took countless calls and emails before Apple took the vulnerability report seriously.

Read on: Severe vulnerability in Apple FaceTime found by Fortnite player

Published: December 20, 2019 -- 17:00 GMT (09:00 PST)

Caption by: Charlie Osborne

3 of 14 NEXT PREV

Related Topics:

Security TV Data Management CXO Data Centers
Charlie Osborne

By Charlie Osborne for Zero Day | December 20, 2019 -- 17:00 GMT (09:00 PST) | Topic: Security

Show Comments
LOG IN TO COMMENT
  • My Profile
  • Log Out
| Community Guidelines

Join Discussion

Add Your Comment
Add Your Comment

Related Galleries

  • 1 of 3
  • OnlyKey hardware security key

    This is the ultimate security key for professionals.

  • SoloKeys Solo V2

    Durable, fully reversible connectors, encapsulated in epoxy resin, and with updatable firmware.

  • iVerify: Added security for iPhone and iPad users

    I'm usually wary of security apps, but iVerify by Trail of Bits is different. It comes highly recommended and offers a lot of features in a small download. ...

  • iStorage datAshur BT hardware encrypted flash drive

    FIPS 140-2 Level 3 compliant storage drive with wireless unlock feature and remote management. IP57 rated for dust and water resistance.

  • Netgear BR200 small-business router

    The Netgear BR200 Insight Managed Business Router has been designed to be easy to set up, and features a built-in firewall, VLAN management, and remote cloud monitoring, and can be ...

  • YubiKey 5C NFC: The world’s first security key to feature dual USB-C and NFC connections

    The YubiKey 5C NFC can be used across a broad range of platforms -- iOS, Android, Windows, macOS and Linux -- and on any mobile device, laptop, or desktop computer that supports USB-C ...

  • Apricorn Aegis Secure Key 3NXC

    The new Aegis Secure Key 3NXC builds on Apricorn's Secure Key 3z and Aegis Secure Key 3NX, taking the same proven form-factor and physical keypad, and adding something that users have ...

ZDNet
Connect with us

© 2021 ZDNET, A RED VENTURES COMPANY. ALL RIGHTS RESERVED. Privacy Policy | Cookie Settings | Advertise | Terms of Use

  • Topics
  • Galleries
  • Videos
  • Sponsored Narratives
  • Do Not Sell My Information
  • About ZDNet
  • Meet The Team
  • All Authors
  • RSS Feeds
  • Site Map
  • Reprint Policy
  • Manage | Log Out
  • Join | Log In
  • Membership
  • Newsletters
  • Site Assistance
  • ZDNet Academy
  • TechRepublic Forums