Symantec reports the largest Malware scare in the Android Market, Lookout Mobile Security says no way

by Robert Nazarian on Jan 29th 2012, 2:08pm
tagged Lookout Movile, security, symantec

Symantec is reporting they found what they’re saying is the “highest distibution of any malware identified so far this year.” According to them, up to 5 million users are affected, but before everyone gets their panties in a bunch, they list the risk level as “very low,” not to mention this probably isn’t malware.

It’s called Android.Counterclank, and it can be found in the following applicatons:

Publisher	Malicious App Title	Category
iApps7 Inc	Counter Elite Force	Arcade & Action
iApps7 Inc	Counter Strike Ground Force	Arcade & Action
iApps7 Inc	CounterStrike Hit Enemy	Arcade & Action
iApps7 Inc	Heart Live Wallpaper	Entertainment
iApps7 Inc	Hit Counter Terrorist	Arcade & Action
iApps7 Inc	Stripper Touch girl	Entertainment
Ogre Games	Balloon Game	Sports Games
Ogre Games	Deal & Be Millionaire	Sports Games
Ogre Games	Wild Man	Arcade & Action
redmicapps	Pretty women lingerie puzzle	Photography
redmicapps	Sexy Girls Photo Game	Lifestyle
redmicapps	Sexy Girls Puzzle	Brain & Puzzle
redmicapps	Sexy Women Puzzle	Brain & Puzzle

» Read the rest

O2 UK security hole sends customer phone numbers to websites

by Robert Nazarian on Jan 25th 2012, 8:31am
tagged O2, security

If you’re an 02 UK subscriber you might want to read this. Apparently when on the O2 UK network, and you’re browsing the web, your phone number might be exposed to all visited websites. O2 customer Lewis Peckover discovered that his phone number was included in the HTTP headers sent to each website he visited when connected to 3G over O2.

What are HTTP headers? It’s information exchanged between the browser and the web server before the page is loaded. You’re phone number would be included alongside information like your IP address and OS. On the bright side, the header used to send phone numbers is “x-up-calling-line-id” which isn’t normally logged by web servers, but malicious servers could have access to it easily.

This doesn’t have anything to do with Android in general, but this does affect Android users on the O2 network. I’m pretty sure this isn’t something O2 intended, and they did say they are “investigating” the issue. Hopefully it will be resolved quickly without any damage. For now, you can head over to Lewis Peckover’s site to find out if you’re affected. Just click the source link below and see if you spot your phone number among the HTTP headers. Make sure you’re not connected to WiFi, you must be on the O2 network. We’re told that not everyone is affected, but the majority are.

source: lew.io
via: androidcentral

Lookout Labs Introduces Mobile Threat Tracker App

by Roy Alugbue on Jan 24th 2012, 12:40pm
tagged Froyo 2.2, internet security, lookout, malware, mobile security, security apps, spyware, viruses

Mobile security developer Lookout is looking to further innovate internet security on our mobile devices. Using the Lookout Labs (which is how the Lookout team creates and launches new products), they’ve gone ahead and introduced the Mobile Threat Tracker. The app allows you to zoom through time and watch as thousands of sparks light up the globe; each spark represents Lookout blocking a threat to protect a real user. The Mobile Threat Tracker is essentially an interactive means of seeing the threats that Lookout identifies and catches every day. Basically, the app should answer basic questions including “are there really mobile threats?” and “how many mobile threats are there?” There’s even the ability to see the names of the top three trending threats such as week’s top threat, RuPaidMarket, masquerades as a useful app but actually sends premium SMS messages without allowing you to opt out, or letting you know that you will be charged. Sounds awful familiar, doesn’t it?

The app is only compatible with Froyo+ devices, so if you don’t have Android 2.2, sadly you’re out of luck. You can find the Mobile Threat Tracker app in the Android Market today. So be sure to grab it in the Market or using the handy QR code provided to you below.

Android Market link

[via Lookout Labs]

Recent OTA Updates For Sprint’s EVO 4G, EVO Design 4G And Epic 4G Confirms Removal Of Carrier IQ Software

by Roy Alugbue on Jan 21st 2012, 6:27pm
tagged Carrier IQ, HTC EVO 4G, HTC EVO Design 4G, samsung epic 4g, security, Sprint, updates

Sprint is doing whatever it takes to keep its customer’s trust and happiness. We mentioned to you a few days ago that Sprint provided some security updates to a handful of its devices, but were unsure if the updates included the removal of some dreaded spy software. We now have confirmation that the recent updates being pushed out to a HTC and Samsung devices completely removes Carrier IQ thanks to the gang at XDA. As previously highlighted, the recent updates include both the removal of Carrier IQ software and minor software enhancements. HTC devices will receive automatic notifications starting on January 24th (or you can manually check right now), while the Epic 4G’s update is being pushed out in phases until January 29th. While owners of the EVO Design 4G, EVO 4G and Epic 4G won’t have Ice Cream Sandwich, they will have a piece of mind at least knowing they won’t have tracking software of their devices anymore.

[via Sprint Community 1, 2, 3 by XDA]

OTA Updates From Sprint Rolling Out For The EVO 4G, Epic 4G, Evo Design 4G

by Spencer McClendon on Jan 19th 2012, 7:16pm
tagged EVO, HTC, Samsung, Sprint, update

Sprint, HTC, and Samsung, have finally got together to release some updates. Better battery life is going out to both the Evo 4g and the Evo Design 4G, and Samsung is removing some preloaded apps from the Epic 4G, and all three phones are getting security updates. Could this is be code for Carrier IQ removal. I guess we will just have to wait and see as the updates start today. Check out the break down of each device after the break. » Read the rest

Mass File-Sharing Site Megaupload.com Shut Down Over Piracy Violations

by Jack Holt on Jan 19th 2012, 5:21pm
tagged Craigslist, DOJ, Google, Governement shutdown, Megaupload, Mods, PIPA, piracy, roms, SOPA, wikipedia

One of the world’s largest file-sharing sites on the internet was shut down today after its founder and several company executives were charged with violating piracy laws according to federal prosecutors. These charges accuse Megaupload.com of costing more than $500 million in lost revenue from pirated films as well as other pirated content for copyright holders. This happened a day after sites and companies, like Google, Wikipedia and Craigslist shut down in protest of the SOPA and PIPA proposals sent before Congress that were intended to stop online piracy.

This is a surprising turn of events as Megaupload was unique in that it had support from celebrities, musicians and other content producing folk that are usually the ones who are victims of said copyright infringement and piracy. The company complied with DMCA takedown requests in a timely fashion was endorsed by celebrities like Kim Kardashian, Alicia Keys and Kanye West, and the like. A lawyer for the company was quoted to say: » Read the rest

New Kernel Source Available for Epic 4G and Epic 4G Touch, OTAs Probably to Follow

by Jack Holt on Jan 19th 2012, 11:28am
tagged 4G Touch, Carrier IQ, epic 4g, htc evo 3d, kernel source, Samsung, Samsung Open Source, Sprint

If you check out Samsung‘s open source portal you’ll see that both the Epic 4G and 4G Touch have a new kernel source up. The 4G has both a kernel and other open-source items for update version EL30 ready for download while the 4G Touch has theirs for version EL29. An OTA update usually follows when Samsung posts the source code so be on the look out for that. So for you developer folk out there you can hit the source below to get your hands on the kernel sources right now.

We don’t have details on what these updates encompass but it might be regarding Sprint‘s push to rid their devices of Carrier IQ as it did with the update for the HTC EVO 3D. We will keep you updated as we find out. Stay tuned!

[via Samsung Open Source]

5.9.902 Update for the DROID Bionic Heading to Testers

by Jack Holt on Jan 17th 2012, 3:19pm
tagged 5.9.901, 5.9.902, Amazon MP3, Bug fixes, Droid Bionic, Google, motorola, verizon wireless

The DROID Bionic, the phone to rule all phones, came out with some pretty big bugs. Some of the bigger bugs included the 3G/4G signal issue, and even the whine that some users were complaining of. Well it was roughly 3 months after the fact that the phone received its first major bug fix and since then the folks at Motorola and Verizon have been cranking out the bug fixes.The mysterious update that came out a week after the major bug fix appears to have been a test build somehow released to the public and the new build going out to testers today only adds a few more changes on top of 5.9.901. This update that brings the software version to 5.9.902 includes the fixes in that mysterious 5.9.901 update and adds the following: » Read the rest

National Security Agency releases SE Android, A security enhanced version of Google’s Android

by Robert Nazarian on Jan 17th 2012, 2:42pm
tagged malware, security

The National Security Agency (NSA) just announced their security enhanced version of Android, dubbed SE Android. Stephen Smalley of the NSA recently explained what SE Android does at the 2011 Linux Security Summit. Basically it brings Mandatory Access Control to Android’s Linux kernel and it works to protect against malicious exploits. Every file and folder that Android has access to can be locked down with encryption.

To build SE Android, you need to download and compile the latest code from the Android Open Source Project (AOSP) and put SE Android on top of it. It’s intended for emulators and the Nexus S, but there won’t be much support. You need to be familiar with Android from source and Linux/Unix-based systems.

[via androidcommunity]

HTC Pledges To Remove Carrier IQ From All CDMA Handsets This Month

by Joe Sirianni on Jan 17th 2012, 12:58pm
tagged Al Franken, Carrier IQ, HTC

It’s going to be a long time before everyone forgets the stunt Carrier IQ pulled by secretly loading its tracking software on mobile devices and kicking it back to carriers. It still baffles me how a company like this can easily be turned upside down by the voice of one developer. It’s a constant reminder to me that on the web, we all have a voice. In further Carrier IQ news, HTC has jumped on board and pledges to remove the software from all of its CDMA handsets as we’ve seen with the HTC Evo 3D, one of the devices reported as definitely housing the software. The monitoring software will slowly but surely be removed from all of the company’s devices as per a statement by HTC:

“HTC can confirm that we’re working with Sprint to provide maintenance releases that will remove Carrier IQ and provide security enhancements and bug fixes beginning in January”

So there you have it. After this month, there should no longer be any personal user-information periodically being sent back to any specific carrier without the knowledge or consent of the subscriber. According to their site, Carrier IQ offers a number of “tiers” of monitoring and tracking when it comes to how the device functions on a specific network and not so much “personal user” interaction. However, in the manner of which the company went about preloading the software on handsets, bigger guns like Senator Al Franken was already engaging FBI directors on its usage (see video below). Let us know what you think in the comments section. And don’t forget, if you’re not sure whether or not your device has Carrier IQ’s software on it, you can use the Carrier IQ Detector app from Look Out labs here.

[via The Verge]

« First ‹...8 91011 12...›Last »