Security news aggregator

Latest coverage for Mobile

Mobile security covers threats to smartphones and tablets, including malicious apps, data theft, account compromise, and insecure wireless connections.

3 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Mobile security covers the protection of smartphones, tablets, and closely related handheld devices, including their operating systems, applications, wireless connections, and stored data. These devices combine personal and business information with cellular, Wi‑Fi, Bluetooth, and location services, and often provide access to cloud and corporate systems.

Material risks include malicious or over-privileged applications, phishing and fraudulent authentication prompts, unpatched operating-system or baseband vulnerabilities, and exposure after a device is lost or stolen. Security teams typically reduce these risks through timely updates, approved application sources, encryption, strong screen locks and phishing-resistant authentication where supported, and mobile-device management that enforces policy and can remove access or wipe business data. Application permissions and device telemetry also require privacy controls, particularly when personal and corporate data share the same device. Mobile vulnerability disclosures and incidents may require checking device models, operating-system versions, applications, and management coverage rather than treating all mobile devices as equivalent.

Showing 3 most recent headlines Filtered view
Trend Micro Research, News and Perspectives 1 year, 10 months ago

Vulnerabilities in Cellular Packet Cores Part IV: Authentication

Our research reveals two significant vulnerabilities in Microsoft Azure Private 5G Core (AP5GC). The first vulnerability (CVE-2024-20685) allows a crafted signaling message to crash the control plane, leading to potential service outages. The second (ZDI-CAN-23960) disconnects and replaces attached base stations, disrupting network operations. While these issues are implementation-specific, their exploitation is made possible by a systemic weakness: the lack of mandatory authentication procedures between base stations and packet-cores.