Posts Tagged security
Top 3 Free Antivirus Apps for Android
Online security is one of the first things that should come to any person’s mind when they try to get to the Internet. There are a lot of threats out there today that it is always a priority to protect not only your data but your system as well. It used to be that computers, especially those running on the Windows platform, were being targeted by viruses, malware or Trojans. This has changed though with the popularity of smartphones that even Android device are now being targeted by malicious content.
To protect your Android smartphone from viruses you will need an antivirus app installed to it. While there are paid versions available over at Google Play there are free versions that are great to use too.
AVG Antivirus Free
AVG is a popular antivirus software that started over at the Windows platform for PC’s. This software is now available for Android users to use for free to protect their devices. The same quality protection offered to PC users can now be availed by smartphone users. AVG Antivirus Free protects your device in real time from all known threats which includes viruses, malware, spyware and malicious apps. It also provides you with suggestions on various settings to make your device more secure. Aside from the security feature there’s also an anti-theft and phone locate feature.
avast! Mobile Security
From the makers of the popular PC security software comes avast! Mobile Security which provides your Android device with protection against any known threats. This highly recommended app scans your device in real time and alerts you of any threats. Any app that you install in your device is scanned first before it can even proceed. Aside from automatically scanning your system there’s also an on-demand scan featutre that’s useful when you want to run a full scan on your device.
Lookout Security & Antivirus
This simple to use app is recommended for people looking for a no nonsense protection for their smartphones or tablets. The free version offers you complete protection while a paid upgrade gives you additional features. Lookout Security & Antivirus is able to detect any threat to your device in real time and prevent it from wreaking havoc. It is also able to block any unsafe website that you may visit.
Government agency in Turkey responsible for faking Web sites to monitor employees
One government agency in Turkey was discovered illegally emulating some pages of Google Inc web pages to monitor activity of workers, according to some big Internet companies last Thursday.
There has been a string of reported incidents wherein governments or hackers abused the loose rules managing standard security for sensitive and financial sites, those with URLs starting with Https.
The Turkish agency known as EGO is involved in the latest hacking incident. The agency has reportedly managed to get the capacity to validate pages on the Web from a supposedly reliable Internet authority called TurkTrust. This Internet authority is one of the few hundreds of organizations around the world considered to be reliable by major Internet browsers, said a Microsoft Corp blog.
Google said that EGO obtained an improper authority last month to allow it to tell visitors to Google.com sites that they’re visiting a secure sites, when in fact, they had not. The deception was discovered after Google Chrome browser reported it. Unlike any other browsers, Google Chrome will let the user know and Google itself, if an unauthorized certificate is authenticating a Google site.
Following the incident, Google contacted TurkTrust, which reasoned that two organizations were “mistakenly” granted permission to authenticate any site in August 2011. Google issued a warning to other browser makers like Mozilla and Microsoft. Mozilla Firefox, Microsoft Internet Explorer, and Google Chrome will now block sites being authenticated by another TurkTrust customer and EGO.
While only Google and some of its secure sites were faked, it is possible that many other sites could have been faked as well without letting other companies know about it. The Turkish government did not release any statement when Reuters contacted the Turkish embassy in Washington, and the two consulates in Los Angeles and New York.
No complete story was provided by the technology companies, though one person familiar with the case mentioned that a faked Google.com site had been shown on one internal network.
Chris Soghoian, a former official working for Federal Trade Commission and now a tech expert associated with the American Civil Liberties union, said that the most obvious reason for the agency was possibly to monitor web activities of its employees.
The most probable goal of the deception was to intercept traffic, though validation authority is not enough to do it. An authenticator also needs to come into contact with the user of the Web to get desired results.
In 2011, a similar incident happened when a Dutch certificate authority called DigiNotar revealed that its system had been compromised and that certificates were stolen. It was later discovered by Google that a fake certificate for its site was found operating in Iran. Google then issued a warning to Gmail users in the country to change their passwords.
Chris Soghoian and other technology experts had been saying for years now that the supposedly secure Https system is not that secure, but the industry had been slow to adapt.
Certificate authorities can always resell the right to authenticate without disclosing who their customers are.
“The entire Web relies on every single certificate authority being honest and secure,” said Soghoian. “It’s a ticking time bomb.”
source: reuters
Samsung starts rolling out software update in the UK to fix Exynos security flaw – S3 gets it first
Looks like Samsung isn’t wasting any time in addressing the security flaw found in their Exynos processors after formally acknowledging the issue almost 3 weeks ago. Seems Galaxy S3 owners across the pond are now receiving software update I9300XXELLA over-the-air and via Kies to patch up the vulnerability. While there isn’t solid evidence suggesting as much, some are speculating Samsung could be killing 2 birds with one stone, also addressing that nasty sudden death issue plaguing some devices. This is due to the fact that the new software also updates the device’s bootloader as well.
Course, we’ll need an official word from Samsung before confirming but if you’re in the UK — get to updating. As for the rest of us here in the states, we’ll have to twiddle our thumbs a little longer as our respective carriers put the update through its paces before it hits our Note 2′s (don’t worry about our carrier branded Galaxy S3′s, they’re packing entirely different processors and aren’t susceptible to the same security flaw). Should be soon!
[via SamMobile]
Samsung starts rolling out software update to fix Exynos security flaw in the UK
Looks like Samsung isn’t wasting any time in addressing the security flaw found in their Exynos processors after formally acknowledging the issue almost 3 weeks ago. Seems Galaxy S3 owners across the pond are now receiving software update I9300XXELLA over-the-air and via Kies to patch up the vulnerability. While there isn’t solid evidence suggesting as much, some are speculating Samsung could be killing 2 birds with one stone, also addressing that nasty sudden death issue plaguing some devices. This is due to the fact that the new software also updates the device’s bootloader as well.
Course, we’ll need an official word from Samsung before confirming but if you’re in the UK — get to updating. As for the rest of us here in the states, we’ll have to twiddle our thumbs a little longer as our respective carriers put the update through its paces before it hits our Note 2′s (don’t worry about our carrier branded Galaxy S3′s, they’re packing entirely different processors and aren’t susceptible to the same security flaw). Should be soon!
[via SamMobile]
Samsung pushing update to fix Exynos security exploit
Samsung has started pushing out an update for the Exynos security issue for users in the UK. You might remember, there is a critical "bug" in the Exynos 4210 and 4412 powered Samsung phones including the world versions of the Galaxy S3 and other models. This bug allows any application to read the devices RAM, leading to all sorts of potential mischief.
A third party patch was quickly made available by Supercurio that fixed the issues, and Samsung told us they would be addressing the situation as quickly as possible. For folks in the UK using a Galaxy S3, it appears that means right now.
The update is 4.1.2 (build JZO54K) and was signed off on December 22. It's available as an over the air update, and is currently rolling out. Remember, you need to be running all stock software to accept and install any OTA updates, this one included.
There's also some speculation that this update will fix the seemingly random issue of hardware failure in the Galaxy S3 main boards, but I think it's a bit too early to suggest this. The fix to the Exynos exploit, however, is included in this update. No word on when to expect updates for other areas where folks are still in need of this critical patch, or other phones that need this update.
Via: SamMobile
 |
 |
Ubuntu for Phones revealed, will be easily compatible with most Android devices [VIDEO]
Ubuntu for Android hasn’t turned out to be quite the “wide open” project we’d anticipated. That particular project, which would turn a smartphone and smartdock into a desktop PC, is still having its kinks worked out and deals are still attempting to be made. The future of that is still uncertain, but the folks at Canonical have something else up their sleeves worth showing.
Ubuntu for Phones is what the company has been keeping under wraps, and it’s looking to be an absolute doozy. What you’re getting is a full-fledged mobile operating system which was derived straight from everything that makes Ubuntu for Desktop so great. The security features, app integration and everything else that makes Ubuntu the cohesive Linux distribution it is will soon be packed into smartphones.
Canonical made the announcement in a lengthy video where we got a good overview of what’s to come. The company expressed its desire to marry web apps with native apps, and allow the two to live in harmony to create the most compelling suite of apps one could hope for. They will look to developers to fill the apps repository up, and in true, open fashion Canonical even takes submissions for system apps, like the calendar and notepad, to give the development community a chance to contribute to the construction of this new platform
Ubuntu for Phones will utilize a “four edge” philosophy where every edge of the display is significant. From the notification pane at the top to an always-present apps “tray” able to be swiped in from the left, you’ll traverse all four corners of your particular device’s display to access everything you need. A unique search experience will allow you to search the web and find the files, apps and media you want without having to tell the OS where to look.
The best part about Ubuntu for Phones is that it was built from the ground up with help from Intel and ARM, and uses the same drivers that can be found in Android — yes, that means this operating system will be compatible with virtually any Android device. We don’t expect users to be able to flash it over any piece of hardware, of course, but this could eventually allow developers to create Ubuntu ROMs for curious users to flash. That is wishful thinking right now, but it’s technologically possible.
Canonical will be showing the phone and operating system off at the biggest trade show in the world next week and you can bet Phandroid will be right, front and center to get a good look at it. Ubuntu’s eager to talk to anyone who wants to use Ubuntu for their next smartphones, and while we don’t expect the Samsungs and HTCs of the world to be on the bandwagon just yet we’re excited to see how the biggest Linux distro on the planet could look on some of these OEMs’ devices. Take a look for yourself in the video above.
RIM busts Mr. Blurrycam, patents tech to ‘prevent inconspicuous use of cameras’
RIM’s own smartphones have been the target of many a “Mr. Blurrycam” snap, but a new feature could put an end to “inconspicuous” shooting, according to a patent issued today. The tool would be in line with the company’s mission to protect corporations from security vulnerabilities, which include not only unauthorized access to data, but also leaks from employees. According to the patent, “the camera restriction prevents a user from taking a picture of a subject if the device has not been steadily focused on the subject in question for a predetermined period of time.” Just how long you need to keep your BlackBerry still could be dictated by individual IT departments, which would also have the power to flip the switch and push restrictions to an employee’s device. While such a delay would certainly be an inconvenience for frequent shooters, it is a step forward from RIM’s traditional strategy of shipping models without cameras altogether. We haven’t seen any indication that such a technology will be implemented with future models, but thanks to the minds at RIM, patent junkies can get their fix now at the source link below.
Filed under: Cellphones, Cameras, Mobile, RIM
Source: USPTO
Bill Gates’ successor and Microsoft research boss to retire in 2014
The security and research chief of Microsoft, Craig Mundie, will be retiring sooner than expected in 2014.
Mundie has been with the American tech giant for 20 years and was given the responsibility by Bill Gates to oversee the company’s security program as well as its Research and Development department.
Gates handpicked Mundie before he retired and relinquished his day-to-day responsibility in 2008.
Before Mundie will retire, he will act as a senior adviser to the current company chief, Steve Ballmer.
Following his appointment by Microsfot co-founder Bill Gates, Mundie helmed Microsoft’s Research, Trustworthy Computing Program, and technology policy groups. His position gave him the power to decide what areas Microsoft needs to improve software security and where to allocate bugdet for research.
Eric Rudder will now handle these responsibilities. Rudder was the former chief technical strategy officer of Microsoft.
In his current capacity as senior adviser to Ballmer, Mundie will be working with the company CEO on “key strategic projects” within the company, and will act as a liaison between Microsoft and the government and other businesses “on technology policy, regulation and standards”, based on his autobiography posted on the website of Microsoft.
According to the Seattle Times, Mundie’s recent role is part of Ballmer’s strategy to bring in a new team that can help transform Microsoft into a competitive giant in the web- and mobile-centered industry today.
Mr Mundie is the second high ranking officer to vacate their position in less than a month’s time.
Two men chosen by Bill Gates to handle the technical responsibilities of the company will no longer be at Microsoft. After Gates announced in 2006 that he would be leaving Microsoft, he picked Ray Ozzie, a respected software programmer to handle his role as “chief software architect”. Ozzie left Microsoft two years ago.
Mundie became associated with Microsoft in 1992 and has worked in several of the company’s projects that include interactive TV, videogames, and mobile software. He also played significant roles at the company in government regulatory policy, and in software and internet security.
“I look forward to working with Eric on a broader scope of the company’s businesses and partnering closely with Craig on the company’s future opportunities,” Ballmer was quoted saying in his memo.
Last November saw the company’s head of Windows division, Steven Sinofsky, leaving the company without prior announcement. His resignation came after Windows 8, the newest operating system of Microsoft that has its eye on the lucrative mobile industry, was launched.
Sinofsky was the supposed to be the public face of the new operating system and it was expected that he would stay to continue the development of the software and its other future versions.
source: bbc
Apktool Updated To 1.5.1, Brings Android 4.2 Support, The Latest Smali/Baksmali, & Bugfixes
Apktool is a Windows/Mac/Linux utility for reverse engineering Android apps. It allows you to decode an app, change something, rebuild it, and pray it still runs. You’re going to need something like this if you’re into theming apps, hacking a feature onto someone else’s app, finding security holes, or just want to hunt for info.
Apktool has been freshly updated to version 1.5.1, with the new headline feature being “Android 4.2 support.” Here’s the full changelog.
- Android 4.2 support
- Added -a / -aapt command on rebuild to specify location of aapt
- Updated unit tests for 4.2 support
- Closed file-handler when writing frameworks to file system.
- Fresh ROM v3.5 For EVO 4G Is Out With The Newest OTA, Radio, WiMAX, PRI And Improved Battery Life
- How To Evade Your Carrier’s Data Throttling On Your Android Device
- Popular Gallery App QuickPic Updated To V2.0 With Brand New, Faster, ICS-Inspired UI, Apps2SD, And More
- Google Translate For Android Hits Version 2.0, Receives Conversation Mode, Updated UI
Apktool Updated To 1.5.1, Brings Android 4.2 Support, The Latest Smali/Baksmali, & Bugfixes was written by the awesome team at Android Police.
|
|
New Android Malware Can Launch DDoS Attacks From Your Smartphone
Be careful of what you install on your Android device as you might unwittingly get it infected with malware. A new Android malware has just been discovered called Android.DDoS.1.origin and works by carrying out a DDoS (Distributed Denial of Service) attack from your smartphone to any target.
This latest threat was discovered by a Russian security company, Doctor Web, which reported this new threat uses social engineering techniques to spread itself. Android.DDoS.1.origin disguises itself as a Google Play icon tricking users into thinking it is the real thing. Once you click on it you will be routed to the actual Google Play store which is its way of distracting you from what is really happening.
This malware works in the background without your knowledge. Once it is activated it searches for its command and control center and sends out information regarding your device there. One piece of information that will be sent is your phone number. The criminals will be using this number to send text messages to your phone to control the malware.
The commands that can be sent to your infected device are for it to launch a DDoS attack or to send out text messages. A DDoS attack is performed when your device receives an IP address and a port that that it will need to ping. While one smartphone won’t make a difference, imagine what millions of infected smartphones can do to a particular site. It’s going to take that site down once it reaches critical mass. Your device can also be used as a platform to send spam text messages which might let you incur charges from your network provider.
The good news about this is that it doesn’t seem to be spreading quickly. You should however be prepared to take preventive measures by always making sure to have an updated security software running on your Android device.
via venturebeat
McAfee Releases Top Threats Prediction For 2013
American security software company McAfee has released their prediction for the top threats that we might encounter next year. These threats will be coming from various devices and ecosystems and shows criminals becoming more and more creative in their attacks.
Not surprising though is that on top of the list are mobile threats. As the popularity of smartphones and tablets rises several criminals are also finding ways to capitalize on this by finding weak points in the system.
Some of the mobile threats we may encounter next year are as follows.
Malware Shopping Spree
We have already seen how this works through the Android/Marketpay.A Trojan horse. This type of Trojan buys apps from an app store without you even knowing about it. It’s kind of sneaky right? If any app developer wants to earn a lot then all they have to do is use this Trojan’s app-buying characteristics and add it to a mobile worm to infect smartphones/tablets thus increasing their sales.
NFC Worms
Almost all high-end and most mid-level smartphone models will come with NFC support next year. What this technology does is it allows devices using this technology to communicate with each other by just tapping them together. This makes it easy to transfer data from one device to the other. One popular use of this technology is when making payments by using the “tap and pay” feature. An enterprising criminal will find ways to propagate a worm through NFC and steal their money. Imagine if a worm such as this spreads through a high dense area such as airports or malls, a lot of money will be stolen in the process.
Block That Update
If you got your mobile device from a network such as AT&T or Verizon then you are familiar with the update procedure of your device. The advantage of this is that once your mobile network recognizes a threat they can immediately send out updates to your device to eliminate it. A creative individual may find a way to block this update from reaching your device so that your device stays infected.
Aside from mobile threats we will also be seeing the Windows 8 platform to be targeted. McAfee reports that “Criminals go where the money is. And if this means they have to cope with a new, more secure version of Windows, that’s just what they’ll do. In many cases they attack the user and not the OS. Via phishing and other techniques users are tricked into revealing information or installing a malicious program. So if you upgrade, don’t rely solely on Windows to protect your system. Remain vigilant and watch out for phishing scams.”
via mcafee
Hacker Claims to Have Nabbed 3 Million Verizon FiOS Customer Records, Verizon Disagrees a Bit
Over the weekend, a hacker reached out to ZDNet and originally informed them that he had accessed some 3 million Verizon Wireless customer records through a security exploit in one of their systems. He claims that he initially tried to point out the issue to Verizon over the summer, but since they failed to respond [...]
Click the post title to continue through and join the conversation!
Hacker Claims to Have Nabbed 3 Million Verizon Wireless Customer Records, Verizon Disagrees
Over the weekend, a hacker reached out to ZDNet and informed them that he had accessed some 3 million Verizon Wireless customer records through a security exploit in one of their systems. He claims that he initially tried to point out the issue to Verizon over the summer, but since they failed to respond, he [...]
Click the post title to continue through and join the conversation!
Verizon customer database hacked; 300,000 entries leaked online [UPDATE Verizon's response]
Update 2: Verizon has responded, and they disagree with many key points in the story here. Following is their full response:
The ZDNet story is inaccurate. This incident was reported to the authorities when we first learned of it months ago and an investigation was launched. Many of the details surrounding this incident are incorrect and exaggerated. No Verizon systems were breached, no root access was gained, and this incident impacted a fraction of the number of individuals being reported.
We take any and all attempts to violate consumer and customer privacy and security very seriously, so we notified individuals who could potentially have been impacted and took immediate steps to safeguard their information and privacy. Verizon has also notified law enforcement of this recent report as a follow-up to the original case.
This sounds pretty positive, and kudos to Verizon for reaching out on the Saturday before Christmas. The original text still follows for reference.
Update: ZD Net has updated their original story, and it appears that the records are for FIOS customers and not wireless customers. We'll leave this in place so that the FIOS customers among you have a heads up
According to ZDNet, a hacker has gained access to over 3 million records from a Verizon Wireless customer database. The information includes names, addresses, serial numbers, and passwords. The hacker gained access to the server on July 12, and claims to have contacted Verizon, but since the have reportedly ignored his report, he has pasted 300,000 of the records online. Supposedly these database is broken up into regions, and the leaked region is in and around Pennsylvania. The records are stored in plain text, and the hacker "might leak the rest later".
If you're a Verizon customer, now would be a good time to change your account password. We're not going to go into the details or link to the pastebin of account data. We hate delivering this sort of news, but we know you need to be informed. We hope Verizon is quick to address the issue, and look forward to hearing their side of things.
Source: ZD Net
|
|
The week in international Android news – Dec. 22, 2012
As things wind down for the holidays, and the torrent of international Android news temporarily slows to a trickle, there's just enough time for one last weekly round-up. And despite the incoming festivities, there's been plenty of interesting pre-Christmas news.
The week started with news of a serious security vulnerability in certain Samsung phones, which could allow a rogue app to take complete control of affected handsets. The was exploit discovered in kernel code for phones running Samsung's Exynos CPU, meaning it affects devices like the international Galaxy S3 and S2, as well as all Galaxy Note 2 models. It's a bg deal, and Samsung has acknowledged its existence, saying it's working to deliver a fix "as quickly as possible."
|
|
AT&T Galaxy S II getting a 4.0.4 update
The AT&T Galaxy S II got updated to Ice Cream Sandwich this past June, but tonight there are reports of users getting a slight version bump to Android 4.0.4. The LK3 update can be retrieved from Kies, but luckily users are saying they downloaded it OTA as well.
There is no change log available, and so far nobody has found much difference from 4.0.3. We doubt that the Exynos patch is included, but we'll have to wait until more people get it installed so someone can check. Of course even the smallest bug fixes and security adjustments are appreciated.
Source: XDA. Thanks, Matt!
|
|
Still denying Google Wallet, Verizon grants secure element access to ISIS — does it surprise you?
In case you haven’t heard the news, Verizon’s ISIS application is officially confirmed to have access to the secure element found in the carrier’s NFC-enabled phones. This is a big deal because much has been made about Verizon’s willingness to block Google Wallet access.
When a complaint was filed to the FCC regarding the issue Verizon responded saying Google Wallet would be just as fine as any application if it didn’t need the secure element. The problem is that Google would have to strip NFC payment functionality out of the app in order for it to meet Verizon’s requirements, and that pretty much defeats the purpose of Google Wallet in the first place.
Big Red said ISIS had to pass a certification process in order to be granted the special privileges it has, but we were never told whether or not Google had just as much of a chance of being granted certification. In fact, we’re not even sure if it’s possible for Google to begin any sort of certification process. That’s something that Verizon is being tight-lipped on for now, but should we find out that ISIS is being given special treatment are any of us really surprised?
Before Google Wallet was officially unveiled, it was revealed that three of America’s biggest carriers — AT&T, T-Mobile and Verizon — were teaming up to help build the ISIS wagon. Sprint was the only carrier not willing to join that particular rodeo, and they ended up embracing Google’s mobile payments service no problem. It’s interesting to note that AT&T nor T-Mobile have been against Google Wallet access on their devices, so it’s unlikely that a conflict of interest or some contractual obligation is keeping Verizon from opening its arms.
Some would suggest Verizon’s motives aren’t about security as much as they’re about money. It’s a tough accusation to swing, but some are saying Verizon is using the secure element excuse to mask the fact that it doesn’t want Google Wallet without getting a cut of the revenue from it. This is something we’d only be able to confirm if we were sitting in on those top-secret board meetings ourselves so we can’t say for sure either way, but the fact of the matter is that Verizon’s hand is not being forced by ISIS in the matter.
For consumers’ sake we hope recent FCC complaints will shake the tree a little bit in getting to the bottom of this story, but Verizon’s stance hasn’t changed since they responded to that initial letter, and that’s all we have until further notice. Would you believe Verizon’s blocking access to the secure element for genuine security reasons or do you think there is something more to this cloudy story? Leave your thoughts in the comments section below!
Welcome to Isis! This email confirms that you’ve started the process of activating your new Isis Wallet.
Please visit www.paywithisis.com at your convenience to log into your Isis Account and set up your Security Question and Answer. This is important if you ever lose your phone or forget your Isis Password. (You can also complete this from the Settings option in the Wallet Menu on your phone.)
You can find helpful information at www.paywithisis.com about using your new Isis Wallet. You can also explore the Help option in the Wallet Menu, which includes access to the “Learn More” video series.
You can review and print the Isis Services Terms of Service and Privacy Policy via www.paywithisis.com. These can also be viewed on your phone via the Help option in your Isis Wallet.
Isis will now configure the Secure Element on your phone, setting up your Wallet PIN and delivering any Payment Cards for which you’ve signed up. When your new Isis Wallet is ready for use, Isis will alert you with a text message containing an embedded link. Please follow the instructions in the message to use the link to re-launch the Isis Wallet on your phone. (You should expect this text message within the next 60 minutes. Please ensure that your phone remains powered on with a network connection available.)
We hope you enjoy your new Isis Wallet.
Samsung Issues Statement Regarding Exynos Exploit, Software Fix On The Way
Over the weekend, an exploit was found within Samsung’s Exynos processor that powers many devices, including the new Galaxy S3 and Galaxy Note 2. The exploit, if used by a malicious application, could potentially take control of the device’s RAM, which would spell serious trouble for owners. Samsung has acknowledged the “potential security issue” and plan to provide a…
Click the post title to continue through and join the conversation!
Samsung Acknowledges Exynos Kernel Exploit, Will Fix It "As Quickly As Possible"
Say what you will about Samsung, but their catapulting into the number-one position among Android smartphone vendors hasn’t made them feel “above” responding to various product foibles. Speaking to Android Central, a Samsung spokesperson confirmed that the company is aware of a fairly-serious kernel exploit affecting a number of its high-profile devices using the Exynos 4 chipset. This includes handsets like the Galaxy S III and Note II (in most forms), and tablets such as the Note 10.1 or Tab 7.7.
Here’s the company’s statement, which we have since received an identical copy of, as well:
Samsung is aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible.
- Samsung Exynos 4 Exploit Discovered: Root And Full Access To RAM Possible In A Single App
- HTC Acknowledges Data-Exposing Vulnerability In Some Devices, Promises Over-The-Air Patch Shortly
- [Updated] Google Acknowledges DroidDream: Remotely Wiping Apps, Removing Exploit, Making Changes To Prevent It From Happening Again
- Samsung Galaxy S II Delayed Until June – Spec Changes To Blame?
Samsung Acknowledges Exynos Kernel Exploit, Will Fix It "As Quickly As Possible" was written by the awesome team at Android Police.
|
|
Samsung to fix Exynos vulnerability in software update ‘as quickly as possible’
A Samsung spokesperson has given Android Central an updated statement on its plans to fix the recently-discovered Exynos kernel vulnerability issue. In today's update, the company has indicated that it's aware of the problem and is preparing to move forward with software updates to remedy the situation on affected devices "as quickly as possible." Samsung also confirms what we already knew about the nature of the exploit, specifically that a specially-coded malicious app is required to take advantage of it. (As we mentioned a few days back, if you're not downloading sketchy apps, you probably don't have much to worry about.)
Here's Samsung's statement in full –
Samsung is aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible.
The issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications.
Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices.
The exploit, which was discovered over the weekend, could give a malicious app to free reign over an affected device's RAM, allowing it to take complete control of the device. Over the weekend, popular phones like the Galaxy Note 2 and international Galaxy S3 and Galaxy S2 were found to be vulnerable to the exploit. Given that sales of those devices are measured in the tens of millions, it isn't surprising to see a swift response from the manufacturer.
In the meantime, there are third-party fixes already available for those worried about falling foul of malware based upon this vulnerability.
|
|
Samsung acknowledges Exynos security issue, promises update ‘as quickly as possible’
It may have taken longer than we would have liked, but Samsung has finally confirmed that it’s aware of the Exynos security exploit discovered this weekend. The smartphone maker hasn’t issued a timeline for plugging the hole, but it is indeed on the case, stating “Samsung is aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible.” Project Voodoo’s François Simond (Supercurio) released his own root-free fix just hours after the vulnerability was discovered on Sunday, so you’re welcome to use that simple solution in the meantime (at the source link below). You can also head over to Android Central for the full statement from Samsung.
Filed under: Cellphones, Mobile, Samsung
Source: Project Voodoo, Android Central
Samsung to fix Exynos vulnerability in software update ‘as soon as possible’
Samsung has given Android Central a updated statement on its plans to fix the recently-discovered Exynos kernel vulnerability issue. In today's update, the company has indicated that it's aware of the problem and is preparing to move forward with software updates to remedy the situation on affected devices "as soon as possible." Samsung also confirms what we already knew about the nature of the exploit, specifically that a specially-coded malicious app is required to take advantage of it. (As we mentioned a few days back, if you're not downloading sketchy apps, you probably don't have much to worry about.)
Here's Samsung's statement in full –
Samsung is aware of the potential security issue related to the Exynos processor and plans to provide a software update to address it as quickly as possible.
The issue may arise only when a malicious application is operated on the affected devices; however, this does not affect most devices operating credible and authenticated applications.
Samsung will continue to closely monitor the situation until the software fix has been made available to all affected mobile devices.
The exploit, which was discovered over the weekend, could give a malicious app to free reign over a device's RAM, allowing it to take complete control of an affected device. Over the weekend, popular phones like the Galaxy Note 2 and international Galaxy S3 and Galaxy S2 were found to be vulnerable to the exploit. Given that sales of those devices are measured in the tens of millions, it isn't surprising to see a swift response from the manufacturer.
In the meantime, there are third-party fixes already available for those worried about falling foul of malware based upon this vulnerability.
|
|
Paypal update brings landscape support and payment preferences
Everyone's favorite universal payment app, Paypal, has just been updated with a few nice features. First off, there's full landscape support in this update — something we're surprised wasn't there before. You can also now set a payment preference for specific stores, so for example you can have one credit card set as a default when you pay Amazon, and another to pay Starbucks.
The changelog also notes that Paypal has improved the performance of check scanning, and users should see fewer issues. It has also increased security and a few UI bugfixes, stuff we'll never scoff at in an update. You can grab the app or an update at the Play Store link above.
|
|
The SpamSoldier SMS botnet: What you need to know
A little common sense is all that's needed to avoid the latest piece of scareware making the rounds
Here's how to avoid the latest "ZOMG SCARY ANDROID BOTNET SCARY SCAM!!!" of the week.
- Don't click on obviously spammy text messages from people you don't know.
- Don't click on obviously spammy text messages from people you do know.
- Don't leave leave your phone's built-in security features turned off unless you absolutely need to.
If it seems like we've been here before, well, we have. This week's worry is "SpamSoldier," which uses an infected phone to send a bunch of spammy SMSs to other phones, inviting them to download free apps or games or other free offers that, of course, are trojans that then send hundreds of spammy SMSs to your contacts. It's the evil cycle of life.
|
|
Android 4.1.2 Update for the Galaxy S II and Note Could Be Delayed Until 2013
Samsung has been pretty fair with its customers when it comes to rolling out updates. It was quick to upgrade the likes of the Galaxy S II and the Galaxy Note with Android 4.0 when the time arrived. And the same trend followed with Android 4.1 when the update was rolled out to the likes of the Galaxy S III merely months after the release of the OS update. However, 2011 Samsung flagships haven’t quite seen Jelly Bean yet. And now there’s some disturbing news coming for Galaxy S II and Galaxy Note owners. It is believed that the Android 4.1.2 update has been delayed until 2013, contrary to reports which suggested that the update would arrive as early as last month. This news will certainly disappoint the owners of the two devices, unless of course they have a workaround to get Android 4.1 running on their device via custom ROMs.
So what exactly is causing the delay? Well, as we reported yesterday, devices running on Samsung’s Exynos 4210 and 4412 chipsets have been revealed to have a major security loophole which would give third party apps to access the device’s RAM and gather data and possibly even brick the device. So basically, Samsung wants to deal with this bug so as to fix it before rolling out the update to its older devices. This is a very commendable move as it shows Samsung does care about user privacy and doesn’t just provide updates just for the sake of it. There’s no word yet on when the fix would be in place, so it could take a few months now or probably sooner for the update to arrive. People who have been waiting for the official update, shouldn’t mind bearing with the company for another few days as they’ve already waited this long.
Let’s hope the update makes its way to these devices soon as they were at one point one of the top selling smartphones in the market. The bright side of course is that we know that the update will go live in 2013, which is only a couple of weeks from now. So basically, if Samsung makes up its mind, a fix can be rolled out by the beginning of January. Let’s hope that happens. As for existing Jelly Bean devices like the Galaxy S III and the Galaxy Note II, I guess Samsung will roll out an OTA to fix the said security flaw.
Source: Sam Mobile
Via: Phone Arena
Lookout IDs SpamSoldier SMS spammer botnet
Mobile security firm Lookout has posted a security alert on their blog regarding a new threat they have identified for mobile devices. Working with carriers, Lookout has identified SpamSoldier, which they describe as a spammer botnet agent that uses infected phones to send SMS spam messages. They do not indicate which platforms are subject to attack, although the original attack vector is via an SMS message and not through any apps downloaded via app stores.
Lookout indicates distribution is currently limited. The big threat for users is the potential to see charges for text messages and if the botnet grows, carrier networks could be slowed down due to the additional traffic.
According to Lookout, the trojan will first appear on a user’s device in the form of a text message with a link to download a free version of a popular app. Examples include:
- “You’ve just won a $1000 Target gift card but only the 1st 1000 people that enter code 7777 at hxxp://holyoffers.com can claim it!”
- “Download Grand Theft Auto 3 & Need for Speed Most Wanted for Android phones for free at hxxp://trendingoffers.com for next 24hrs only!”
If a user clicks on the link, they will be asked to download the “install” file. Once downloaded, if the user attempts to install the app, it will actually activate the infected file. After installing the payload, the trojan will remove its own icon. Lookout reports that in some cases it will also go ahead and install the app the user thought they were downloading in order to keep them unsuspecting.
Once loaded and concealed, the botnet will contact its command server to retrieve the text of an SMS message and a list of 100 U.S. phone numbers. The software then starts sending the message to those phone numbers and once complete, will retrieve a new list and start over until shutdown. SpamSoldier takes other steps to conceal itself like hiding outgoing messages and trying to intercept SMS replies.
Lookout recommends users only download and install apps from reputable sources and install a mobile security app like the one they produce, which they claim will protect users against SpamSoldier.
source: Lookout Blog
Trustonic: a way for mobile apps to benefit from ARM’s hardware-level security
This here narrative begins back in April, when ARM, Giesecke & Devrient and Gemalto teamed up and gave themselves precisely nine months in which to find the perfect brand name for their newly merged mobile security platform. Today, we’re looking at the fruits of their efforts: Trustonic; a word which snappily captures the essence of what’s at stake (trust-onic) and which you may soon encounter in connection with your next-gen smartphone, Mastercard payment app or 20th Century Fox DRM’d media.
What does Trustonic do, exactly? Pretty much what Mobicore already does in the Galaxy S III, or what Trusted Foundation does inside an Tegra-powered tablet: it allows certain pieces of software to tap into hardware-level encryption and authentication, courtesy of the TrustZone silicon that many ARM chips already contain, thereby removing many of the risks associated with malware and other intrusions within the mobile OS. As far as we understand it, the key difference with Trustonic is that it won’t require direct input from OEMs like Samsung and NVIDIA, but will instead be more readily accessible to any banking, payment or DRM service that is willing to pay for a key. In return, the service would get enhanced security and faster logins for its users, who’d only need to enter a short, locally-verified PIN rather than wading through cloud-based steps to prove their identity. Indeed, perhaps that’s where the tonic comes into it.
Continue reading Trustonic: a way for mobile apps to benefit from ARM’s hardware-level security
Filed under: Cellphones, Tablets, Mobile
Lookout IDs SpamSoldier SMS spammer botnet
Mobile security firm Lookout has posted a security alert on their blog regarding a new threat they have identified for mobile devices. Working with carriers, Lookout has identified SpamSoldier, which they describe as a spammer botnet agent that uses infected phones to send SMS spam messages. They do not indicate which platforms are subject to attack, although the original attack vector is via an SMS message and not through any apps downloaded via app stores.
Lookout indicates distribution is currently limited. The big threat for users is the potential to see charges for text messages and if the botnet grows, carrier networks could be slowed down due to the additional traffic.
According to Lookout, the trojan will first appear on a user’s device in the form of a text message with a link to download a free version of a popular app. Examples include:
- “You’ve just won a $1000 Target gift card but only the 1st 1000 people that enter code 7777 at hxxp://holyoffers.com can claim it!”
- “Download Grand Theft Auto 3 & Need for Speed Most Wanted for Android phones for free at hxxp://trendingoffers.com for next 24hrs only!”
If a user clicks on the link, they will be asked to download the “install” file. Once downloaded, if the user attempts to install the app, it will actually activate the infected file. After installing the payload, the trojan will remove its own icon. Lookout reports that in some cases it will also go ahead and install the app the user thought they were downloading in order to keep them unsuspecting.
Once loaded and concealed, the botnet will contact its command server to retrieve the text of an SMS message and a list of 100 U.S. phone numbers. The software then starts sending the message to those phone numbers and once complete, will retrieve a new list and start over until shutdown. SpamSoldier takes other steps to conceal itself like hiding outgoing messages and trying to intercept SMS replies.
Lookout recommends users only download and install apps from reputable sources and install a mobile security app like the one they produce, which they claim will protect users against SpamSoldier.
source: Lookout Blog
Samsung ‘conducting an internal review’ on Exynos kernel vulnerability
There was potentially worrying news for Samsung phone owners this weekend, as a serious kernel security vulnerability was identified in Android devices running Exynos 4210 and 4412 chips. The list of affected devices includes some of the most popular Samsung phones, like the international Galaxy S2 and Galaxy S3, and all Galaxy Note 2 models. The exploit in Samsung's kernel could give a malicious app free reign over a device's memory, allowing it to take complete control of it.
We reached out to Samsung for comment, and the company has today informed us that it is "currently in the process of conducting an internal review" into the matter. That's not a whole lot of information, but it at least confirms that Samsung's aware of the issue and is looking into it.
We'll keep you apprised of any further developments. In the meantime, if you're concerned about whether your own phone could be affected by this security vulnerability, check out our full report from yesterday.
More: The Samsung Exynos kernel exploit – what you need to know
|
|
Samsung rolling out Exynos security patch to UK Galaxy S III owners
Posted by admin in News on January 4, 2013
A few weeks back a security exploit was discovered that left owners of select Exynos-powered Samsung devices feeling uneasy. While an independent developer quickly cooked up a fix, Samsung soon acknowledged the issue and pledged that an official patch was in the works. UK Galaxy S III owners can now breathe a sigh of relief, as Sammy has made good on its word and is now issuing an over-the-air update that addresses this potential security flaw. While we’re happy to see Samsung actively working on this issue, there’s still no word of when the company will release this fix to other devices and additional regions. Hopefully the software’s ongoing European tour is a sign of things to come globally.
Filed under: Software, Mobile, Samsung
Comments
Via: Android Central
Source: XDA-Developers
CentralSource, Exynos, Filed, independent developer, issue, Relief, samsung, SamsungCommentsVia, security, Security Exploit, security flaw, security patch, software, UK Galaxy, Update, XDA-Developers
No Comments