Archive for the ‘Android’ Category

Hackers Can Manipulate Media Files You Receive Via WhatsApp and Telegram

July 16th, 2019
If you think that the media files you receive on your end-to-end encrypted secure messaging apps can not be tampered with, you need to think again. Security researchers at Symantec yesterday demonstrated multiple interesting attack scenarios against WhatsApp and Telegram Android apps, which could allow malicious actors to spread fake news or scam users into sending payments to wrong accounts.

Posted in Android, Android privacy, Android Q, fake news, hacking news, mobile hacking, Mobile Security, Telegram, Whatsapp | Comments (0)

Over 1,300 Android Apps Caught Collecting Data Even If You Deny Permissions

July 9th, 2019
Smartphones are a goldmine of sensitive data, and modern apps work as diggers that continuously collect every possible information from your devices. The security model of modern mobile operating systems, like Android and iOS, is primarily based on permissions that explicitly define which sensitive services, device capabilities, or user information an app can access, allowing users decide

Posted in Android, android permissions, Android Security, hacking news, Mobile Security | Comments (0)

Android July 2019 Security Update Patches 33 New Vulnerabilities

July 2nd, 2019
Google has started rolling out this month's security updates for its mobile operating system platform to address a total of 33 new security vulnerabilities affecting Android devices, 9 of which have been rated critical in severity. The vulnerabilities affect various Android components, including the Android operating system, framework, library, media framework, as well as Qualcomm components,

Posted in Android, Android Security, Android Security Bulletin, hacking news, Mobile Security, Vulnerability | Comments (0)

I’ll be passing on Google’s new 2fa for logins on iPhones and iPads. Here’s why

June 12th, 2019
I’ll be passing on Google’s new 2fa for logins on iPhones and iPads. Here’s why

Enlarge (credit: Google)

Google is expanding its new Android-based two-factor authentication (2fa) to people logging in to Google and Google Cloud services on iPhones and iPads. While Google deserves props for trying to make stronger authentication available to more users, I’ll be avoiding it in favor of 2fa methods Google has had in place for years. I’ll explain why later. First, here’s some background.

Google first announced Android’s built-in security key in April, when it went into beta, and again in May, when it became generally available. The idea is to make devices running Android 7 and up users’ primary 2fa device. When someone enters a valid password into a Google account, the phone displays a message alerting the account owner. Users then tap a "yes" button if the login is legitimate. If it's an unauthorized attempt, the user can block the login from going through.

The system aims to tighten account security in a meaningful way. One of the key causes of account breaches is passwords that are compromised in phishing attacks or other types of data thefts. Google has been a leader when it comes to two-factor protections that by definition require something in addition to a password for someone to gain access to an account.

Read 9 remaining paragraphs | Comments

Posted in 2FA, Android, Biz & IT, google, iOS, iPads, iPhones, two-factor authentication | Comments (0)

Google confirms that advanced backdoor came preinstalled on Android devices

June 6th, 2019
Man wearing T-shirt that reads

(credit: Alexandre Dulaunoy / Flickr)

Criminals in 2017 managed to get an advanced backdoor preinstalled on Android devices before they left the factories of manufacturers, Google researchers confirmed on Thursday.

Triada first came to light in 2016 in articles published by Kaspersky here and here, the first of which said the malware was "one of the most advanced mobile Trojans" the security firm's analysts had ever encountered. Once installed, Triada's chief purpose was to install apps that could be used to send spam and display ads. It employed an impressive kit of tools, including rooting exploits that bypassed security protections built into Android and the means to modify the Android OS' all-powerful Zygote process. That meant the malware could directly tamper with every installed app. Triada also connected to no fewer than 17 command and control servers.

In July 2017, security firm Dr. Web reported that its researchers had found Triada built into the firmware of several Android devices, including the Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20. The attackers used the backdoor to surreptitiously download and install modules. Because the backdoor was embedded into one of the OS libraries and located in the system section, it couldn't be deleted using standard methods, the report said.

Read 11 remaining paragraphs | Comments

Posted in Android, backdoor, Biz & IT, google, malware, supply chain attack | Comments (0)

238 Google Play apps with >440 million installs made phones nearly unusable

June 4th, 2019
238 Google Play apps with >440 million installs made phones nearly unusable

Enlarge (credit: NurPhoto | Getty Images)

If the prevalence of abusive Google Play apps has left you numb, this latest report is for you. Carefully concealed adware installed in Google-approved apps with more than 440 million installations was so aggressive that it rendered mobile devices nearly unusable, researchers from mobile security provider Lookout said Tuesday.

BeiTaAd, as the adware is known, is a plugin that Lookout says it found hidden in emojis keyboard TouchPal and 237 other applications, all of which were published by Shanghai, China-based CooTek. Together, the 238 unique apps had a combined 440 million installs. Once installed, the apps initially behaved normally. Then, after a delay of anywhere between 24 hours and 14 days, the obfuscated BeiTaAd plugin would begin delivering what are known as out-of-app ads. These ads appeared on users' lock screens and triggered audio and video at seemingly random times or even when a phone was asleep.

"My wife is having the exact same issue," one person reported in November in this thread discussing BeiTaAd. "This will bring up random ads in the middle of phone calls, when her alarm clock goes off or anytime she uses any other function on her phone. We are unable to find any other information on this. It is extremely annoying and almost [makes] her phone unusable."

Read 7 remaining paragraphs | Comments

Posted in adware, Android, Biz & IT, encryption, google play, obfuscation | Comments (0)

Minecraft Earth gets first live demo, coming to iOS “this summer”

June 3rd, 2019

Mojang, the Microsoft-owned studio behind Minecraft, used Monday's WWDC keynote to unveil the world's first live gameplay look at its next smartphone-exclusive game, Minecraft Earth. This demo also included the firmest tease yet about when series fans will get their hands on the augmented-reality game: "coming this summer to iOS." This specific tease didn't include any indication of whether that means the game's promised Android version will take longer to land as a public beta.

The onstage demo began with two Mojang employees aiming their iOS devices at a table, where a blocky Minecraft game world appeared that both users could simultaneously interact with. By walking around the table and aiming their devices' cameras, the staffers could use items and weapons, interact with switches, and drop or plant items in their inventories. One staffer also placed her Minecraft-styled avatar into the game world like a doll, which she could then animate by moving her real-world body. iOS's upcoming ARKit 3.0 appears to support body gestures like hand-waving, and we saw one-handed and two-handed waves in this portion of the demo.

This was followed by a world shift from the top of a table to all around the WWDC stage, which resulted in the Mojang reps appearing as real people inside the blocky, virtual Minecraft Earth world—and having their bodies occluded by virtual content (like when one staffer hid behind a freshly planted bundle of flowers). While the players could walk around the real-world space to reach new parts of the virtual world, they largely relied on aiming their phones' views to manipulate distant objects or lay down torches.

Read 2 remaining paragraphs | Comments

Posted in Android, arkit, augmented reality, Gaming & Culture, iOS, Minecraft, Minecraft Earth | Comments (0)

Fake cryptocurrency apps on Google Play try to profit on bitcoin price surge

May 24th, 2019
Fake cryptocurrency apps on Google Play try to profit on bitcoin price surge

Enlarge (credit: Google)

Google's official Play Store has been caught hosting malicious apps that targeted Android users with an interest in cryptocurrencies, researchers reported on Thursday.

In all, researchers with security provider ESET recently discovered two fraudulent digital wallets. The first, called Coin Wallet, let users create wallets for a host of different cryptocurrencies. While Coin Wallet purported to generate a unique wallet address for users to deposit coins, the app in fact used a developer-owned wallet for each supported currency, with a total of 13 wallets. Each Coin Wallet user was assigned the same wallet address for a specific currency.

"The app claims it lets users create wallets for various cryptocurrencies," ESET Malware Researcher Lukas Stefanko wrote in a blog post. "However, its actual purpose is to trick users into transferring cryptocurrency into the attackers' wallets—a classic case of what we named wallet address scams in our previous research of cryptocurrency-targeting malware."

Read 6 remaining paragraphs | Comments

Posted in Android, bitcoin, Biz & IT, cryptocurrencies, google, play | Comments (0)

Tor Browser for Android — First Official App Released On Play Store

May 23rd, 2019
Wohooo! Great news for privacy-focused users. Tor Browser, the most popular privacy-focused browser, for Android is finally out of beta, and the first stable version has now arrived on Google Play Store for anyone to download. The Tor Project announced Tuesday the first official stable release of its ultra-secure internet browser for Android devices, Tor Browser 8.5—which you can now

Posted in Android, download tor browser, Google Play Store, tor browser | Comments (0)