Posts Tagged ‘android’

WARNING! Android phones can be hacked with a simple text

Monday, July 27th, 2015

The problem stems from the way Android phones analyze incoming text messages. Even before you open a message, the phone automatically processes incoming media files — including pictures, audio or video. That means a malware-laden file can start infecting the phone as soon as it’s received, according Zimperium, a cybersecurity company that specializes in mobile devices.

If this sounds familiar, that’s because this Android flaw is somewhat like the recent Apple text hack.

But in that case, a text message with just the right characters could freeze an iPhone or force it to restart. This Android flaw is worse, because a hacker could gain complete control of the phone: wiping the device, accessing apps or secretly turning on the camera.

In a statement to CNNMoney, Google (GOOGLTech30) acknowledged the flaw. It assured that Android has ways of limiting a hacker’s access to separate apps and phone functions. Yet hackers have been able to overcome these limitations in the past.

The bug affects any phone using Android software made in the last five years, according to Zimperium. That includes devices running Android’s Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Bean, KitKat and Lollipop iterations (Google names its Android versions alphabetically after desserts).

android text

Zimperium said it warned Google about the flaw on April 9 and even provided a fix. The company claims Google responded the very next day, assuring a patch would be shared with customers in the future.

Typically, in these situations, companies are given a 90-day grace period to issue a fix. It’s a rule even Google abides by when it finds flaws in others’ software.

But it’s been 109 days, and a fix still isn’t largely available. That’s why Zimperium is now going public with the news.

The issue now is how quickly Google will manage to fix this for everybody. While Apple can push out updates to all iPhones, Google can’t.

Google is notorious for having a fractured distribution system. Several entities stand in between Google and its users, and they routinely slow down the release of new software. There’s phone carriers — like AT&T (TTech30) and Verizon (VZTech30) — and makers of physical devices — likeSamsung (SSNLF) — all of which need to work together to issue software updates.

Google told CNNMoney it already sent a fix to its “partners.” However, it’s unclear if any of them have started pushing that out to users themselves.

For that very reason, Google recently put its own Nexus phones first in line to receive updates.

This could be a test case that shows why it’s so important to receive updates quickly.

Chris Wysopal is a longtime hacker and now an executive at cybersecurity firm Veracode. He called this Android’s version of Heartbleed, the devastating bug that put millions of computer networks at serious risk last year.

“I’m interested to see if Google comes up with a way to update devices remotely,” he said. “Unless they can do that, we have a big disaster on our hands.”

 

Android phones can be hacked with a simple text – Jul. 27, 2015.

Phone Firewall Can Identify Rogue Cell Towers Trying to Intercept Your Calls | WIRED

Wednesday, September 3rd, 2014

Rogue cell phone towers can track your phone and intercept your calls, and it’s only a matter of time before they’re as ubiquitous as GPS trackers. But at least now there’s a way to spot them.A firewall developed by the German firm GSMK for its secure CryptoPhone lets people know when a rogue cell tower is connecting to their phone. It’s the first system available that can do this, though it’s currently only available for enterprise customers using Android phones.GSMK’s CryptoPhone 500, a high-end phone that costs more than $3,000 and combines a Samsung Galaxy S3 handset with the CryptoPhone operating system, offers strong end-to-end encryption along with a specially hardened Android operating system that offers more security than other Android phones and the patented baseband firewall that can alert customers when a rogue tower has connected to their phone or turned off the mobile network’s standard encryption.

via Phone Firewall Can Identify Rogue Cell Towers Trying to Intercept Your Calls | Threat Level | WIRED.

Remote Attack Could Format Your Pebble Smartwatch Easily

Wednesday, August 27th, 2014

 

Pebble smartwatch hacking

Pebble, a wristwatch that can connect to your phone – both iOS and Android – and interact with apps, has a hard-coded vulnerability that allows a remote attacker to destroy your Smartwatch completely.

Pebble Smartwatch, developed and released by Pebble Technology Corporation in 2013, is considered as one of the most popular SmartWatches that had become the most funded project in the history of Kickstarter. Just two hours after its crowd-funding campaign launched, Pebble had already surpassed its $100,000 goal and at last had reached over $10.25 million pledged by nearly 70,000 Kickstarter backers.

A security enthusiast Hemanth Joseph claimed to have found that his Pebble SmartWatch with the latest v2.4.1 Firmware can be remotely exploited by anyone with no technical knowledge in order to delete all data stored in the device, apps, notes, and other information stored in it.

via Remote Attack Could Format Your Pebble Smartwatch Easily.

Android 4.4.4 KitKat Update: 15 Things to Expect

Monday, August 11th, 2014

For several weeks now, Google’s Android 4.4.3 KitKat update and Android 4.4.4 KitKat update have both been rolling out to Android users all over the globe. With both roll outs pushing out at an increasing rate of speed, we want to take a look at what we expect from the Android 4.4.3 KitKat and Android 4.4.4 KitKat updates moving forward.

Back in June, Google pushed out three new Android updates. One, the Android L update, is currently in beta form and is only available to users with the Nexus 7 or Nexus 5. Its release will be coming sometime later this year. The other two were Android 4.4 KitKat updates in the forms of Android 4.4.3 KitKat and Android 4.4.4 KitKat, two updates aimed at solving Android 4.4.2 KitKat problems.

Android 4.4.3 KitKat pushed out on June 4th while the Android 4.4.4 KitKat rolled out just a few weeks later. For Nexus users, Android 4.4.4 KitKat delivered but one security patch for an OpenSSL vulnerability. For other users, it delivered Android 4.4.3 KitKat bug fixes on top of that security fix. Both are extremely important updates so it hasn’t been surprising to see Android users starving for information.

Fortunately, we’ve seen a ton of Android 4.4.3 KitKat and Android 4.4.4 KitKat update details emerge in the past few weeks as companies work to upgrade their devices. We’ve also seen some companies remain silent about the prospects of Android 4.4.3 KitKat and Android 4.4.4 KitKat. Unsurprisingly, we’ve been getting tons of Android 4.4 KitKat questions from friends, family and readers alike.

With all of that in mind, we want to take a look at how we expect the Android 4.4.3 KitKat and Android 4.4.4 KitKat update processes to play out. Here, we make some Android 4.4.3 KitKat and Android 4.4.4 KitKat predictions based on concrete information, based on rumors and based on a lengthy history covering Android updates across various manufacturers.

via Android 4.4.4 KitKat Update: 15 Things to Expect.

Android iOS Market Share: July 2014 sees Android top iOS | BGR

Friday, August 1st, 2014

samsung s5

We all know Android’s market share crushes every other mobile platform out there in terms of shipment volume, but Android’s share of mobile usage as recorded by various networks around the world has always lagged Apple’s iOS platform… until now.

Just as we noted would be the case, Net Applications shows that Android’s share of global smartphone and tablet usage has narrowly topped worldwide combined usage of iPhones and iPad tablets. This marks the first time in the platform’s history that it finds itself at the top of the mobile pile.

Net Applications measure global mobile usage, which it refers to as market share, by monitoring traffic across its massive global network.

Screen Shot 2014-08-01 at 9.21.48 AM

In the month of July, the firm shows that Android’s usage share jumped to 44.62% from 43.75% in June. As Android was gaining almost a point, iOS’s share of global mobile usage dipped to 44.19% in July from 45.61% in June.

via Android iOS Market Share: July 2014 sees Android top iOS | BGR.

Can BlackBerry Become The Next Security Superpower?

Thursday, July 31st, 2014

BlackBerry announced its intent to acquire Secusmart. It’s a company that offers high-security voice and data encryption and anti-eavesdropping solutions for government organizations, enterprises and telecommunications service providers. BlackBerry had previously partnered with the company to offer Secusmart’s technology to its customers. John Chen said “We have addressed eavesdropping concerns with Secusmart, who has been a partner since 2009 and we currently have the SecuSUITE for BlackBerry 10. It’s a solution used by Germany’s Federal Office for Information Security for classified communications between the country’s top officials, including Chancellor Angela Merkel.”What to take away from the transaction? In case you hadn’t noticed, BlackBerry is fully retrenched on the enterprise and highly regulated industries. The company cut a deal with Amazon and Android that allows BlackBerry users to have access to more than 200,000 Android applications, including thousands of popular apps and games. Effectively, this allows BlackBerry to have consumer apps without requiring developers to build apps for its operating system. As a result, BlackBerry developers can focus their resources on creating more lucrative enterprise apps.BlackBerry is hanging its hat on becoming the next security company…and that’s not a bad thing. BlackBerry is making progress with its Enterprise Mobility Management EMM solution but this is a tough market to win against the likes of Vmware/Airwarch and Mobileiron. However, Mobileiron’s IPO is good for BlackBerry because there will be tighter pressure on the company to demonstrate good margins and revenue growth, not just customer wins. While the recently announced Apple and IBM partnership appears to make this harder, the focus of that partnership is on apps and analytics.

via Can BlackBerry Become The Next Security Superpower?.

Can you work on an iPad like Tim Cook? – CBS News

Monday, July 28th, 2014

In a recent speech celebrating a new partnership between his company and IBM (IBM), Apple (AAPL) CEO Tim Cook asserted that he did about 80 percent of his work on an iPad, and suggested that this should work for everyone else as well: "There’s no reason why everyone shouldn’t be like that," he said.

That’s easy for Apple’s chief executive to say. But how realistic is it for ordinary workers to rely largely on a tablet for their computing needs?Actually, he might not be that far off the mark.

Studies show that 28 percent workers’ time is occupied with email correspondence, and the iPad (along with all other major tablet platforms, including Android and Windows 8) can handle most email just fine, including POP, IMAP and Microsoft Exchange.

via Can you work on an iPad like Tim Cook? – CBS News.

First Android Ransomware that Encrypts SD Card Files

Monday, June 9th, 2014

 

android ransomware virus

We have seen cybercriminals targeting PCs with Ransomware malware that encrypts your files or lock down your computer and ask for a ransom amount to be paid in a specified duration of time to unlock it.

To deliver the Ransomware malwares to the mobile devices, cyber criminals have already started creating malicious software programs for android devices. Last month, we reported about a new Police Ransomware malware that locks up the devices until the victims pay a ransom to get the keys to unlock the phone. But, the malware just lock the mobile screen and a loophole in the its implementation allowed users to recover their device and data stored on SDcard.
Now, in an effort to overcome this, threat actors have adopted encryption in the development of mobile Ransomware malwares. Recently, the security firm ESET has discovered a new Android ransomware, dubbed as Android/Simplocker.A, that has ability to encrypt the files on the device SD card and then demand a ransom from the victim in order to decrypt those files.
Once installed, the malware scans the SD card for certain file types such as image, document or video with extensions – jpeg, jpg, png, bmp, gif, pdf, doc, docx, txt, avi, mkv, 3gp, mp4 and encrypts them using AES in a separate thread in the background. After encrypting the files, the malware displays the following ransom message, written in Russian, which clearly means that this threat is targeting Russian Android users.

WARNING your phone is locked!
The device is locked for viewing and distributing child pornography , zoophilia and other perversions.
To unlock you need to pay 260 UAH.
1.) Locate the nearest payment kiosk.
2.) Select MoneXy
3.) Enter {REDACTED}.
4.) Make deposit of 260 Hryvnia, and then press pay. Do not forget to take a receipt!
After payment your device will be unlocked within 24 hours. In case of no PAYMENT YOU WILL LOSE ALL DATA ON your device!

The Ransomware malware directs victim to pay the ransom amount i.e. 260 UAH, which is roughly equal to $21 US, through the MoneXy service, as this payment service is not easily traceable as the regular credit card.
mobile virus
To maintain anonymity the malware author is using the Command-and-Control server hosted on TOR .onion domain and the malware sends the information of the infected device such as IMEI number to its server. The researchers at ESET are still analysing the malware:

Our analysis of the Android/Simplock.A sample revealed that we are most likely dealing with a proof-of-concept or a work in progress – for example, the implementation of the encryption doesn’t come close to “the infamous Cryptolocker” on Windows.

The researchers have found that the malware is capable to encrypt the victim’s files, which could be lost if the decryption key is not retrieved from the malware author by paying the ransom amount, but on the other hand the researchers strongly advise users against paying fine, as their is no guarantee that the hacker will provide you decryption keys even after paying the amount.
Unfortunately, mobile antivirus products are only capable to detect such known/detected threats only and can’t detect similar the new threats. So, it is important for you to always keep the back-up of all your files either manually on the computer system or use cloud backup services like dropbox, google drive etc, in order to protect it from the emerging threats.

via First Android Ransomware that Encrypts SD Card Files – The Hacker News.

Secure Smartphone Manufacturer Silent Circle Raises $30 Million

Wednesday, May 21st, 2014

Silent Circle announced today that it has raised $30 million in a new round of funding led by Ross Perot Jr and Cain Capital LLC that it will use to build on strong demand for its Android-based Blackphone, a smartphone expressly designed to improve security for everyday users. Silent Circle has also added Ross Perot Jr. and former British Telecom CEO Peter Bonfield to its Advisory Board and made former Dell exec Anurag Jain vice chairman.

 

Silent Circle

 

Silent Circle products available for iPhone and Android

 

“Awareness of global privacy threats is irrevocably affecting individuals’ and businesses’ behavior and driving worldwide demand for Silent Circle’s unmatched secure communication technology, calling plans and Blackphone devices,” said Silent Circle CEO Mike Janke. “We now have the resources to meet the demand for our encrypted mobile voice, video, secure file transfer and international secure calling plans – all available for iOS and Android.”

 

 

Silent Circle first came to national attention when it shut down its encrypted email service and destroyed their servers so that they couldn’t be forced to be complicit in National Security Agency snooping by the FISA court. The company risked the ire of the US government (and possibly customers who lost important emails without notice), but it also proved that it is willing to stand up for its customers’ privacy.

 

Silent Circle moving to Europe after NSA harassment

 

While the email service is still defunct, Silent Circle cooperated with Geeksphone to develop a secure smartphone that could encrypt text messages and phone calls, meeting a bigger market response than their email service ever had. To avoid a second round of government strong-arming, Silent Circles now has servers in Canada and Switzerland and it is moving its headquarters to Switzerland to take advantage of the country’s strong privacy protection and tradition of neutrality (it still maintains an office in the US). Any tech company that claims to protect user privacy and security within the US has an immediate credibility problem, and this could just be the first of many such tech firms to set up shop abroad because of NSA spying.

via Silent Circle Raises $30 Million.

Research Project Enables iOS Apps to Run on Android | NDTV Gadgets

Wednesday, May 14th, 2014

A team of six students at Columbia University has created a software framework for Android that allows simple iOS apps to run as if they were native. The technique tricks Android into believing the apps were designed for it, while creating an environment that the apps can run in stably.

The students, Jeremy Andrus, Alexander Van’t Hof, Naser AlDuaij, Christoffer Dall, Nicolas Viennot and Jason Nieh, managed to create Project Cider at the individual processing thread level rather than using a virtualisation layer, which has already been done across various platforms.

In an abstract of the full PDF report posted to Columbia University’s Software Systems Laboratory website (and reported by TheNextWeb), the team describes two new binary compatibility mechanisms, compile-time code adaptation, and diplomatic functions. The abstract reads, “Compile-time code adaptation enables existing unmodified foreign source code to be reused in the domestic kernel, reducing implementation effort required to support multiple binary interfaces for executing domestic and foreign applications. Diplomatic functions leverage per-thread personas, and allow foreign applications to use domestic libraries to access proprietary software and hardware interfaces.”

The team used a Google Nexus 7 tablet to demonstrate the technique, referring to Android as the “domestic OS” and iOS the “foreign OS”. By intervening between iOS apps and Android’s binary app interfaces, the team was able to successfully run various iOS apps side by side with Android apps. Translation occurs for the iOS apps only, without the rest of the system being affected.

Project Cider has its limitations related to app and hardware functionality. It cannot currently translate instructions and interfaces for access to a device’s Bluetooth, GPS, cameras and even cellular radios. iOS apps that can still run with these functions turned off will do so. The team intends to continue development work on this project.

via Research Project Enables iOS Apps to Run on Android | NDTV Gadgets.