White House pushes FCC to mandate that carriers must unlock future devices

Unlocked_Device

In a move that would certainly boost competition, consumer choice, and overall happiness in the mobile device community, the Obama administration is pushing the FCC to mandate that US carriers must unlock some of their future devices. According to the Washington Post, activists devised a petition to garner support, and they were able to collect 114,000 signatures.

Lawrence Strickling, assistant secretary of the NTIA made a comment regarding the petition:

“Americans should be able to use their mobile devices on whatever networks they choose and have their devices unlocked without hassle.”

However, the move would likely only affect GSM devices, leaving CDMA phones alone in the dark. However, we’ll just have to wait and see.

Source: Washington Post

‘Wickr Self-Destruct Messaging’ released to Play Store, features ‘Snapchat-esque’ encrypted SMS/MMS

Wickr

On the heels of the public’s worries about the NSA and “big brother” checking in on us, Wickr has released its app to Android devices, as it was already available through the iOS App Store.

The application allows users to send encrypted messages anonymously and privately, and users can also select an option which will cause your message to be permanently deleted after a certain time period ends, much like Snapchat’s well-known feature.

Here are some words from Wickr’s co-founder, Robert Statica:

“Wickr not only offers the most secure form of correspondence but also helps protect our users’ contacts as we anonymize this information before it leaves the senders phone. Wickr does not collect any personally identifable information on users nor can we read any messages or contents sent through Wickr, therefore, no criminal or rogue government can take them from us.”

So if you’re truly worried about the government and those “big bad corporations” spying on you, it looks like Wickr is the perfect app for you. Hit the break for a video and the link to the app in the Play Store.
Read more

Google is testing NFC security tokens to get rid of the password for good, could be released in 2014

Yubikey-NEO

Security is the buzzword these days and passwords are one royal pain in the you know what. Even locking your phone is a pain. That is why I like Apple’s implementation of the fingerprint scanner. However, Google might be headed in a completely different direction. As you know Google has embraced Near Field Communications (NFC) for a few years now, while Apple doesn’t even talk about it.

According to the Wall Street Journal, Google is testing an NFC security token. Hardware tokens aren’t anything new. Most traditional versions generate random numeric passwords, but the user has to retype them each time they want to login. This form, created by Yubico, Inc., could work by simply touching it to your Android phone or tablet using NFC or it could also be used as a USB plugin on your desktop or laptop. Google would use this token to log into Gmail and other Google services. I should note that Yubico already offers the YubiKey (pictured above) and can be used just like what I described. It can actually be used with Gmail’s 2 step verification. How Google will change it, remains to be seen, but WSJ says Google “plans to offer to consumers” next year.


Read more

Does Google know your Wi-Fi password?

Android_Wi-Fi_Network_Listing

With everything going on surround the NSA and privacy, a lot of people are nervous about just about every form of security. The latest is Wi-Fi passwords. Michael Horowitz of Computer World is reporting that Google knows all the Wi-Fi passwords that are stored on your Android devices. He states that in Android 2.3.4, if you go to Settings/Privacy and choose “Backup my settings”  it will backup your Wi-Fi password on Google servers. Now fast forward to Android 4.2. If you go to Settings/Backup and reset, the option for “Backup my data” specifically says, “Backup application data, Wi-Fi passwords, and other settings to Google servers.”


Read more

Samsung set to announce antivirus software to be installed on all new devices

Lookout_Mobile_Security_Logo_5793

According to a Wall Street Journal report, one of the announcements Samsung will be making today at the second episode of their Samsung Unpacked 2013 event is the installation of antivirus security software from Lookout Inc. on all Samsung KNOX devices in the coming month. The move appears to be part of Samsung’s attempt to protect business users from the reality that many, if not most, employees are using their personal phones for business purposes. The addition of the Lookout package is another step in that direction as the company tries to get protection out in front of the wall erected by other features on their smartphones. Samsung senior vice president Injong Rhee says, “Lookout is the leader in mobile threat protection and they are uniquely equipped to address business mobile security.”
Read more

First post-release Nexus 7 update rolling out, fixes touchscreen issues

Nexus7_8

Google has begun pushing the first-ever update to the 2013 Nexus 7 and will reportedly fix touchscreen problems that some owners were experiencing with their devices.

Google’s Paul Wilcox confirmed the plans to release new firmware on the company’s forums:

“As a couple of you have mentioned, there’s a new system update that’s started rolling out for your Nexus 7s. This update does address the touchscreen issues discussed in this thread. If you’re one of the people experiencing touchscreen issues, please let us know how it’s going after you’ve received and installed the update.”

It’s unknown as to whether the update includes other improvements/bug fixes as well, but it would make sense if it also included the security update that was pushed to other Nexus devices yesterday. Be patient and you should get the update eventually— as we all know, OTA updates are a process.

Source: Google Product Forums

2MB security update possibly rolling out to Nexus 7, 10, and Galaxy Nexus

New_Nexus_7

Just yesterday an OTA update which addressed security issues was rolled out to the T-Mobile Nexus 4 and is now being pushed to other Nexus devices, including the Nexus 7, 10, and the Galaxy Nexus. The changes are unconfirmed at this point, but the update is known as JWR66Y. We do have the download link below to manually update your yakju Galaxy Nexus.

Source:  XDA – Galaxy Nexus / PhoneArena

CyanogenMod readying Device Finder app, general security improvements for CM builds

CyanogenMod_Account

With all of the angst some device owners have over recent incidents of government agencies tapping into user computer data via carriers and major industry players, along with general distrust of what corporations may be doing with user data, the CyanogenMod team is readying some changes and apps to help users be a little more secure. The first change, CyanogenMod Account, has been submitted to the CM Github so developers can review the code and provide some feedback before it is submitted to the nightlies.
Read more

Google confirms cryptographic vulnerability in Android that resulted in $5,700 Bitcoin heist

Bitcoin_Theft

Last week, about $5,720 of bitcoins were stolen out of a digital wallet and the reason is a weakness in Android’s Java Cryptography Architecture. Google security engineer Alex Klyubin confirmed this in a blog post earlier in the week. He also warned that other apps could be compromised unless developers change the way they access pseudo random number generators (PRNG).

“We have now determined that applications which use the Java Cryptography Architecture (JCA) for key generation, signing, or random number generation may not receive cryptographically strong values on Android devices due to improper initialization of the underlying PRNG,” he wrote. “Applications that directly invoke the system-provided OpenSSL PRNG without explicit initialization on Android are also affected.”


Read more

Security researcher highlights risks of Google’s weblogin for one-click authentication in Android

defcon_craig_young

At the recently held Def Con 21 security conference in Las Vegas, security researcher Craig Young with Tripwire demonstrated a proof of concept for a vulnerability in the way Android handles one-click authentication for web sites and apps. The authentication method is called “weblogin” and works by generating a unique token that is used to directly authenticate users via their Google+ accounts. Young’s proof of concept demonstrated how a rogue app could steal the weblogin tokens and redirect them to an attacker. Once they have the tokens, attackers could then impersonate victims with a variety of Google services like Gmail, Google Apps, Drive, Calendar and Voice.
Read more