CyanogenMod official blog post reveals security bug fix in latest version, CM 10.1.1

CyanogenMod

Once again, the CyanogenMod team seems to be on top of things, as they just released version 10.1.1 of their famed firmware. A post on their blog today issued a follow-up to the general release. They pointed out that the CM 10.1.1 build is simply a security bug-fix release on top of their previous release, the 10.1.0.x code-base. Check out the full blog post after the break for more details.
Read more

Bluebox Security releases app to check if your phone has been patched or not from Android security exploit

Bluebox_Patch_Check

 

We told you about a recent observation where 99% of all Android devices out there are vulnerable to major security threats, so it should come as no surprise that there is now a way to check and see if you have an affected device. Bluebox Security recently unveiled its newest app to allow device owners to see if they have received the coveted security patch or not. Additionally, this app will check if your system settings allow non-Google Market application installs and if any installed application on your device is trying to maliciously take advantage of the security flaw.

Of course there are some phones out there that are on their way to being fixed, but for the rest of you out there, it may be a good idea to grab the app ASAP and ensure your device is safe and secure.

 

Bluebox_Security

Play Store download link

 

source: Phone Arena

Google releases patch to fix Bluebox security threat, users await OEMs and carriers for updates

android_trojan

Last week we told you about a new security threat that was uncovered by Bluebox. It was actually uncovered several months ago and Google was informed about it in February. At the time of the posting, Google didn’t make a comment, but it appears Google did indeed patch the hole back in March.

Gina Scigliano, Google’s Android Communications Manager, did “confirm that a patch has been provided to our partners – some OEMs, like Samsung, are already shipping the fix to the Android devices.”

There is only one problem. The patch is in the hands of the OEMs and it’s up to them to update devices. Anyone want to take a guess as to how long it will take for all Android devices to receive the update? Have no fear because there hasn’t been one case of the exploit taking place. Google regularly scans the Play Store for such things and nothing has popped up.

source: ZDNet

Motorola Droid X2 shows serious privacy issues, may affect other Motorola devices

Motorola_Logo_From_DROID_RAZR_MAXX_HD_TA

With more and more privacy problems popping up, especially in portable technology, everyone is paying more attention to what information their phones have access to and how they’re handling it. The latest problem may come from Motorola, as a Droid X2 owner has found out that tons of information is being funneled through Motorola servers from the device.

According to a bit of snooping done by Ben Lincoln, his Droid X2 was sending information about apps, files on his phone, login credentials, and even the types of photos uploaded onto the internet to a Motorola server, which is a scary thought. Although Motorola does claim to get a little invasive in their privacy policies (which absolutely every other company in the world does, too) there’s some concern that Motorola might be extending its reach a bit with user data.

Of course, there’s nothing to suggest this is malicious, and it may not even affect other devices aside from the Droid X2, Regardless, it’s a great reminder that when you’re dealing with the internet, true privacy is hard to get.

source: Beneath the Waves

via: PocketNow

Sony’s “my Xperia” remote security service now rolling out globally

My_Xperia

After some successful beta testing, Sony has announced on their blog that they are ready to roll out their “my Xperia” remote security service globally.

While there are certainly other alternatives to Sony’s service currently on the Play Store, “my Xperia” will surely introduce some new and useful options.

It does all the basics, such as locate and protect your phone should it ever be misplaced, sound an alert which overrides silent mode and wakes the display, maps the phone’s location through the cloud, locks the phone, pings a message with contact details, and even erase internal and external SD card data info or data if needed.

Check out the full press release after the break for more info.
Read more

Security flaw makes 99% of Android devices vulnerable, should you be worried?

android_trojan

If the title is correct than nearly 900 million Android devices are vulnerable to hackers who are looking to read your data, grab your passwords, or even control certain aspects of your phone. We have heard these kinds of things before and these articles seem to create more buzz about the “issue” rather than reporting about actual real life examples. Apparently this vulnerability is due to “discrepancies” on how Android apps are approved and verified. All a developer needs to do is create a trojan application and they will have access to the things I mentioned. This is according to Jeff Forristal, CTO of Bluebox, a startup mobile security company.

Could this be just a young company looking to make some press? Well I don’t doubt there is an issue here, one thing we do know is that Google is aware of the problem. There were told about it back February, but when Venture Beat asked about the situation, they didn’t comment. Of course that doesn’t mean that Google is ignoring it. I am sure they are doing everything they can to ensure apps with trojans such as these don’t make it to the Play Store, however they can’t control other third party app stores. There is also the issue with the manufacturers and trying to get the latest updates on all phones, which we know isn’t going to happen anytime soon.


Read more

Google posts FAQ page for Glass focusing on security issues and goals for future

google_glass_ui_leak_hero

Since the official announcement of Google Glass and its wide spread over social media and the internet, many questions have been raised concerning the device, what it does, what it’s meant to do, and what it will do in the future. Google hopes to quell some of these concerns through a new FAQ page on their Google Glass site, focusing on some of these issues and explaining what exactly they’re trying to do with this extensive project. Specifically, Google mentions app policies, privacy concerns, and even technology addiction. It’s not likely that this is enough information to please everyone, but this is certainly a start for those looking for answers. Check it out in the source link below.

Source: Google Glass FAQ Page

 

 

Norton discovers privacy leak in Facebook application

Norton_Mobile_Security

Norton is famous for privacy and security protection, including some work done on Android. Yesterday, they released a new version of their latest Android application that contains their new Mobile Insight technology, which analyzes different aspects of Android applications to see where major security breaches may be coming from.

One particularly surprising security leak was Facebook. Everyone’s always been pretty aware that Facebook isn’t exactly delicate with user data, but Norton found something even more alarming than a not-so-great privacy policy; actually, the Facebook application leaks phone numbers, regardless of whether or not you’ve put your phone number anywhere in the app or on your Facebook account. As soon as you start the application, your device phone number is sent to Facebook servers, with or without your permission. This even happens if you’ve just run the application and don’t actually have a Facebook account.

Norton says Facebook was made aware of the issue and is working to fix the vulnerability, which should be pushed out in their next app update. Facebook has also deleted those numbers from their servers, so fortunately it wasn’t a malicious security breach. Still, though, those privacy features in Cyanogenmod are looking better and better.

FingerQ case is designed to protect your device and the information inside using fingerprint-scanning technology

fingerq_s3case

Phone cases are a dime a dozen and range from bulletproof to flimsy decoration, and everything in between. Until now these cases only protected your physical phone, and not the valuable information stored inside.  Hong Kong company FingerQ has decided to fill that gap, releasing cases for many popular phones that feature a small fingerprint scanner on the back, which pairs with a FingerQ app on your phone. The scanner works with your mobile OS’s built-in security (pattern lock, face unlock, etc) for a comprehensive security solution.
Read more

CyanogenMod developer starts work on Secure Device-to-Device Messaging

Cyanogenmod

While it is rare for Android users to envy anything related to iOS, CyanogenMod developer Koush openly expressed his love for iMessage in a Google+ post, also revealing that he plans to build a plugin somewhat similar into future builds of CyanogenMod. The plugin will be built into the framework, working with any SMS app to send encrypted messages to compatible devices running CyanogenMod (7 million users and counting) and falling back to standard SMS when necessary.

Not much else is known about this feature but its another step in the right direction for the CM team, who’ve been hard at working making their ROM more and more secure. For now we can only ponder possible features of this plugin, but Koush is looking for feedback so hit the source to let him know what you want to see.

Source: CyanogenMod Google+