The world’s largest online communications company WhatsApp, with one billion users, announced Tuesday it added end-to-end encryption to its entire platform. The move is seen as a major win for security and privacy advocates. It also shifts the encryption spotlight away from Apple and its battle with the FBI and thrusts the Facebook-owned WhatsApp center stage. Co-founders...

Researchers have identified a vulnerability in an Android API used by messaging apps such as Skype and perhaps more concerning, privacy-centric apps such as Signal, and Telegram, that could lead to privilege escalation and data loss including private keys. Dominik Schürmann and Lars Wolf, researchers at the Braunschweig University of Technology in Germany, discovered the vulnerability, which they’ve dubbed...

Google has patched a vulnerability being exploited in the wild to root Nexus 5 Android devices. The public exploit—a rooting application—was privately disclosed to Google on March 15 by Zimperium researchers, and a less than a month after CORE Team researchers reported that CVE-2015-1805, which was patched in 2014 in the Linux kernel, also affects...

Apple’s Developer Enterprise Program has been abused in the recent past to push malicious apps onto iOS devices, most notably with the WireLurker, XcodeGhost and YiSpecter attacks. In all three cases, attackers legitimately obtained certificates under the program, which is available to enterprises wishing to develop and internally distribute mobile apps for their workforces without...

Researchers are encouraging Android users who may have downloaded a popular caller identification application to update, as a previous version of the app inadvertently leaked user information. The app, Truecaller, specializes in phone call management and has been installed at least 100,000,000 times, according to its listing on Google’s Play marketplace. While the app is...

A six-week public standoff between Apple and the FBI ended today when the Department of Justice said it had accessed encrypted data stored on the San Bernardino terrorist’s iPhone. The DOJ said in its motion that it no longer needed Apple’s help as mandated in a Feb. 16 court order and asked that the order...

Facebook was quick to fix an issue earlier this month that could’ve let an attacker break into four percent of all active, locked Instagram accounts, meaning it affected approximately one million users. Belgium-based IT security consultant Arne Swinnen discovered the issue two weeks ago when he stumbled upon two bugs, a combination of missing authentication and an insecure...

A rooting application has been found in the wild targeting Nexus mobile devices using a local privilege escalation vulnerability patched two years ago in the Linux kernel that remains unpatched in Android. Researchers at Zimperium, the same company that discovered last summer’s Stagefright flaws affecting Android, privately disclosed to Google last Tuesday they found an...

The FBI has dropped its case against Apple less than a day before a scheduled court hearing and showdown over its demands that Apple help unlock a terrorist’s iPhone. The government late Monday afternoon filed a motion to vacate its case, putting a halt to a saga that began in mid-February when a federal magistrate...

When Apple released its iOS Security Guide for public consumption, it was an unprecedented look inside the security architecture behind its products. For cryptographer and professor Matthew Green and a team of four Johns Hopkins University graduate students, it was a road map to understanding not only how secure Apple’s iMessage messaging application was, but...