Earlier today, a massive security exploit involving Samsung’s default SwiftKey keyboard spread across the internet like wildfire showing the dangers of manufacturers pre-loading third-party software on their phones. The vulnerability was pretty obscure and wouldn’t affect everyone with a Samsung device, but it was still a fairly serious exploit Fortunately, Samsung has issued a relatively quick response about the whole situation.
Samsung has stated that they’re working on a fix, and it will be deployed through a security policy update via Knox. The vulnerability was based in how language packs for Samsung’s SwiftKey-backed keyboard were updated, and doesn’t affect the normal version of SwiftKey that you may have downloaded through the Play Store. Read more
Some recent security work on new Samsung smartphones will likely increase the pressure on manufacturers and carriers to dispense with preloading third-party apps. According to security researchers, they were able to figure out a way to deliver a payload capable of executing remote code via the Swift keyboard app that comes pre-installed on new Samsung devices. The vulnerability gives an attacker the ability to run code as a system user, one step shy of being root, and can be launched without input from the device’s user. Read more
Google takes security very seriously, and now that’s more true than ever. The company has offered bounties for anyone that could find or solve vulnerabilities in Chrome and their websites with their Security Rewards program, and today they’re extending that to cover Android, too. Read more
Over the years owners of smartphones have learned the hard way that they need to keep their devices secured against attempts to get private information off of the devices. The worry is not so much that someone will intercept data on the fly, but that a misplaced device could fall into the wrong hands that have plenty of time to try to break through security to access private data. Researchers from the University of New Haven have started work on examining how secure a new crop of devices – smartwatches – may be and the results are not promising. Read more
Google’s Gmail app for Android has gotten some extra new security features that will be very important for those of you using a Yahoo! or Microsoft account. The new update brings Oauth support for both accounts, bringing the security of using those email addresses closer to what you’ll typically experience with Gmail.
Oauth allows users to take advantage of two-step authentication and Google’s account recovery process, both of which are staple security features in 2015. If you use either a Yahoo! or Microsoft mail account in your Gmail app, keep an eye out for this update over the next few days. Read more
Smartphone manufacturer ZTE and antivirus company AVG have announced a new partnership that will ship AVG’s AntiVirus Pro software on all new ZTE phones going forward. The antivirus app will offer its full feature set for 60 days, after which users can pay for an annual subscription or continue using the free version of the software. Read more
Phones, tablets, televisions, computers, gaming consoles and streaming players; it seems that Plex is available almost any content playing device you can think of. With this being the age of criminal gangs of hackers, the NSA and seemingly every other country attempting to get their hands on your data, is it too paranoid to want Plex to be more secure?
So, you are trying to use an account online, and because you’ve forgotten your password, you are asked to answer a security question in order to recover your account. This time, you are being asked to enter the name of your first pets name. Is it Fluffy, Muffy or Tuffy? And is it your very first pet or the first pet you remember growing up with as a child? It can all be very confusing, and worse still, apparently not very secure at all. These random questions often have all too familiar answers, and according to Google’s research, are straightforward enough to be correctly guessed in less than 10 attempts.
Leading tech companies like Apple and Google, along with a host of cryptologists and other advisors, have penned a letter to President Obama urging him to protect privacy rights from attempts by law enforcement agencies to create backdoors to encrypted phone data. The move is in response to several months of statements from officials like FBI Director James Comey who have criticized tech companies for building encryption into their devices possibly at the expense of public safety. Against that fear, the letter notes that “strong encryption is the cornerstone of the modern information economy’s security.” Read more
The Chrome browser is a most versatile piece of software, one can find an extension to satisfy almost any need via the Chrome Web Store. Because of its rising popularity though, Google was forced to take the step of disabling the side-loading of extensions for Windows users in May of last year. Following on from that, Google has just announced on its blog that from July onwards, both Mac and Windows users will only be able to install extensions for its web browser directly from the official Chrome Web Store.