Black Hat session by Privateer Labs pulled at the last minute A security researcher is standing by the claim that his company has discovered security vulnerabilities in a dozen common Android applications, despite declining to reveal which applications are affected.Riley Hassell of Privateer Labs had been due to give a presentation ‘Hacking Android for profit’ revealing the issues at last week’s Black Hat security conference but called off the session after deciding that the absence of fixes for the flaws might allow attackers to exploit the research.What remains are only vague descriptions of the issues, starting with the pre-session descriptions mentioning ‘AppPhishing’, a bogus app that scrapes a user’s login using a fake screen, and ‘AppJacking’, where a malicious app hijacks the credentials of a trusted app.“Some apps expose themselves to outside contact. If these apps are vulnerable, then an attacker can remotely compromise that app and potentially the phone using something as simple as a text message,” Hassell told a third-party website by way of explanation. What is unclear is the extent to which these or other issues found by him are original discoveries and whether they represent flaws in Android or only the apps themselves.Jay Nacarrow of Google has reportedly said that the issues are not related to Android though without a fuller description this is hard to confirm. What the minor controversy does suggest is that mobile operating systems, while more secure than the almost open door created by Windows XP in 2001, are turning out to be less secure by design than first assumed. Serious exploits have been largely restricted to poor app vetting by Google and the re-engineering of applications posted to third-party download sites not covered by Google’s Market, especially in China. Despite its low-key response to the issues apparently discovered by Privateer Labs, Google has appeared flat-footed when it comes to listening to feedback from security companies.Security company Trusteer recently pointed out flaws in the security-reporting system on Google’s Market. Related content news Okta launches Cybersecurity Workforce Development Initiative New philanthropic and educational grants aim to advance inclusive pathways into cybersecurity and technology careers. By Michael Hill Oct 04, 2023 3 mins IT Skills Careers Security news New critical AI vulnerabilities in TorchServe put thousands of AI models at risk The vulnerabilities can completely compromise the AI infrastructure of the world’s biggest businesses, Oligo Security said. By Shweta Sharma Oct 04, 2023 4 mins Vulnerabilities news ChatGPT “not a reliable” tool for detecting vulnerabilities in developed code NCC Group report claims machine learning models show strong promise in detecting novel zero-day attacks. By Michael Hill Oct 04, 2023 3 mins DevSecOps Generative AI Vulnerabilities news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe