█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
                                                                                                                     
░░░░░░░░░░░░╗░░░░╗   ░░░░╗░░░░╗   ░░░░╗░░░░░░░░░░░░╗░░░░░░░░░░░░╗░░░░░░░░░░░░╗░░░░░░░░░░░░╗░░░░╗   ░░░░╗░░░░░░░░░░░░╗
░░░░░░░░░░░░║░░░░║   ░░░░║░░░░║   ░░░░║░░░░╔═══════╝░░░░╔═══░░░░║░░░░╔═══░░░░║░░░░╔═══░░░░║░░░░║   ░░░░║░░░░╔═══░░░░║
 ╚══░░░░╔═══╝░░░░░░░░░░░░║░░░░║   ░░░░║░░░░║   ░░░░╗░░░░║   ╚═══╝░░░░░░░░░░░░║░░░░║   ░░░░║░░░░║░░╗░░░░║░░░░║   ░░░░║
    ░░░░║    ░░░░╔═══░░░░║░░░░░░░░░░░░║░░░░║   ░░░░║░░░░║   ░░░░╗░░░░░░░░░░══╝░░░░║   ░░░░║░░░░░░░░░░░░║░░░░║   ░░░░║
    ░░░░║    ░░░░║   ░░░░║░░░░░░░░░░░░║░░░░░░░░░░░░║░░░░░░░░░░░░║░░░░╔═══░░░░╗░░░░░░░░░░░░║░░░░░░░░░░░░║░░░░░░░░░░╔═╝
     ╚══╝    ╚═══╝   ╚═══╝╚═══════════╝╚═══════════╝╚═══════════╝╚═══╝   ╚═══╝╚═══════════╝╚═══════════╝╚═════════╝  
                                                                                                                     
█████████████████████████████████████████████████████ 2018-0612 █████████████████████████████████████████████████████

                                                 ▐ ▄ ▄▄▄ .▄▄▌ ▐ ▄▌.▄▄ ·                                              
                                                •█▌▐█▀▄.▀·██· █▌▐█▐█ ▀.                                              
                                                ▐█▐▐▌▐▀▀▪▄██▪▐█▐▐▌▄▀▀▀█▄                                             
                                                ██▐█▌▐█▄▄▌▐█▌██▐█▌▐█▄▪▐█                                             
                                                ▀▀ █▪ ▀▀▀  ▀▀▀▀ ▀▪ ▀▀▀▀                                              

█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
Former FCC Chairman Claims Ajit Pai Lied About DDoS Attack on Net Neutrality Forum Link

FCC shrugs at fake cell towers around the White House Link

Hackers Stole Over $20 Million in Ethereum from Insecurely Configured Clients Link

From: @F_Kaltheuner
    "Thanks to GDPR millions of users of the Spanish football app "La Liga" learnt that 
    the app can spy on bars and customers, using microphones and GPS tracking, to detect
    unlicensed broadcasting of matches"
Link

Trump and Kim USB fan raises cyber-security alert Link

Honda leaked personal information from its Honda Connect App Link

IPVanish “No-Logging” VPN Led Homeland Security to Comcast User Link

Fail of the Week: Facebook privacy goof makes posts by 14 million users readable to anyone Link

Good Reads / Videos

LiveOverflow's Zip File PoC

Destructive and MiTM Capabilities of VPNFilter Malware Revealed Link

█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

  • ▌ ▄ ·.       ▄▄▄▄· ▪  ▄▄▌  ▄▄▄ .    ·▄▄▄▄  ▄▄▄ . ▌ ▐·▪   ▄▄· ▄▄▄ .    .▄▄ · ▄▄▄ . ▄▄· ▄• ▄▌▄▄▄  ▪  ▄▄▄▄▄ ▄· ▄▌
  ·██ ▐███▪▪     ▐█ ▀█▪██ ██•  ▀▄.▀·    ██▪ ██ ▀▄.▀·▪█·█▌██ ▐█ ▌▪▀▄.▀·    ▐█ ▀. ▀▄.▀·▐█ ▌▪█▪██▌▀▄ █·██ •██  ▐█▪██▌
  ▐█ ▌▐▌▐█· ▄█▀▄ ▐█▀▀█▄▐█·██▪  ▐▀▀▪▄    ▐█· ▐█▌▐▀▀▪▄▐█▐█•▐█·██ ▄▄▐▀▀▪▄    ▄▀▀▀█▄▐▀▀▪▄██ ▄▄█▌▐█▌▐▀▀▄ ▐█· ▐█.▪▐█▌▐█▪
  ██ ██▌▐█▌▐█▌.▐▌██▄▪▐█▐█▌▐█▌▐▌▐█▄▄▌    ██. ██ ▐█▄▄▌ ███ ▐█▌▐███▌▐█▄▄▌    ▐█▄▪▐█▐█▄▄▌▐███▌▐█▄█▌▐█•█▌▐█▌ ▐█▌· ▐█▀·.
  ▀▀  █▪▀▀▀ ▀█▄▀▪·▀▀▀▀ ▀▀▀.▀▀▀  ▀▀▀     ▀▀▀▀▀•  ▀▀▀ . ▀  ▀▀▀·▀▀▀  ▀▀▀      ▀▀▀▀  ▀▀▀ ·▀▀▀  ▀▀▀ .▀  ▀▀▀▀ ▀▀▀   ▀ • 
     
█████████████████████████████████████████████████████████████████████████████████████████████████████████████████████

Questions

- Why is mobile device security so important?
- Why isn't it taken as seriously as others?
- What are some of the common security concerns people have with mobile devices?
- What are some of the ways that people can protect their mobile devices?

Mobile Device Security Concepts by @pic0o


Note: These are mainly Android specific, but can be applied generally.

[Metadata]
- Stop camera from saving GPS to photos. 
  - This is in your Camera App Settings, not System device settings. 

[Lock Settings]
- Device Settings: 
  - Lock Screen and Security: 
    - Set lock mode and passcode to unlock device. 
     - Password, PIN, Pattern, Swipe, None. 
     - Biometrics. Face, Iris or Fingerprints (I do not use or particularly like 
       any of the biometric means for device locking.)
  - App Shortcuts: Define what apps can be used while phone is locked (IE Phone calls and Camera) 
  - Find my mobile. Anti-theft and tracking options for your phone. 
  - Remove controls: Allows phone to be remotely controlled via your Samsung account 
    - Google location service. Allow GLS to give more accurate location info to where your mobile is. 
    - Send last location. Allow your phone to broadcast last location when battery hits a certain level of charge. 
  - Encrypt SD Card. Your files on the SD card will only work with your phone. 
    - If phone is reset to defaults, you will not be able to read the encrypted files anymore and 
      would have to re-format the card. 
  - Secure Lock Settings 
    - Secured lock time 
    - Auto factory reset. After 15 failed passwords (will also erase all your data on phone) 
    - Lock network and security. Prevents disabling Wifi and mobile data when your phone is locked, 
      to make someone stealing your phone easier to track by device. 
    - Define what apps can put notifications on the lock screen. 
    - Hide content of message on lock screen from displaying. (Highly suggested to be on) 
    - Notification icons only. Just show app icon without details, on lock screen. 

[Location]
- Device Settings 
  - Location 
    - Turn GPS on or Off. Besides privacy and tracking being less accurate, this can save a large 
      amount of battery life. Turn this off when not needed for directions. 
    - Google Location History. You can disable this from saving where you have searched and have been. 
    - Google Location Sharing. Can share 'Real-time location' with someone of Google. You can turn both 
      of these off and GPS maps will still work fine. The sharing and history are not needed, 
      just GPS being turned on.

[Application Settings]
- Device Settings: 
  - Apps. 
  - See installed apps 
  - Review and define App-specific system-level Permissions granted to device. 
  - Decide if you wish to disable some apps completely or uninstall them. 
  - Review battery usage and mobile data use, per app. 

[Phone Info]
- Device Settings: 
  - About phone. 
    - Shows phone number, model, serial number and IMEI. 
    - Software Information. 
    - Show Android version 
    - Android patch level 
    - Various system level information.
            | |
            |_|
            /_\    \ | /
          .-"""------.----.
          |          U    |
          |               |
          | ====o======== |
          | ============= |
          |               |
          |_______________|
          | ________GF337 |
          ||             ||
          ||  THUGCROWD  ||
          ||  TRAP-FONE  ||
          ||_____________||
          |__.---"""---.__|
          |---------------|
          |[Yes][(|)][ No]|
          | ___  ___  ___ |
          |[<-'][CLR][.->]|
          | ___  ___  ___ |
          |[1__][2__][3__]|
          | ___  ___  ___ |
          |[4__][5__][6__]|
          | ___  ___  ___ |
          |[7__][8__][9__]|
          | ___  ___  ___ |
          |[*__][0__][#__]|
          `--------------'
          {__|""|_______'-
          `---------------'

                                  PREV || NEXT