KNOX embedded devices from Samsung receive mobile industry’s first Common Criteria certification

samsung_knox_logo

At the RSA Conference 2014 in San Francisco, Samsung has announced select Galaxy devices that have KNOX embedded on them have received Common Criteria certification as assessed by Gossamer Labs. The Common Criteria certification is described as a “gold standard” for security, demonstrating compliance with a predefined set of security requirements. By meeting this standard, Galaxy devices with the certification can provide additional assurance to enterprises that the devices are acceptable for use in accessing “high-value information assets.”

Samsung’s Knox 2.0 provides better app data security and brings a new cloud-based store

samsung_knox_logo

Samsung has announced today the next step for its Knox security suite. With Knox 2.0, apps no longer have to be run within Knox. Instead, many apps from the Google Play Store can now operate with Knox to secure app data. Samsung has also launched the Knox Marketplace — a cloud-based store that allows managers to remotely install apps on employee devices. So far, Box and GoToMeeting have joined the Knox Marketplace and Samsung says more companies are actively working on adding their apps. While the Galaxy S 5 ships with Knox 2.0, other Knox-ready devices will be upgraded when they receive the Android 4.4 KitKat update.

Hit the break for the full press release.

Intel announces 2 new mobile processors at MWC 2014

Intel at MWC - Barcelona, Spain

While much of the focus at MWC 2014 is on smartphone and tablet manufacturers and where they are heading with their devices, other companies are present to help show how they want to power those new devices. Intel was on hand today to announce two new Atom processors, the Merrifield and the Moorefield.

The 64-bit Atom Z3480, formerly known by the codename Merrifield, is a dual-core chip running at 2.13GHz. Using Intel’s 22nm Silvermont architecture, the processor includes an Intel XMM 7160 LTE chip and a PowerVR Series 6 graphics core. Intel says Z3480 equipped devices should start shipping during the second quarter.

SlickLogin, sound-based security alternative, acquired by Google

slicklogin_logo

SlickLogin, which announced a new sound-based security system a few months ago at the TechCrunch Disrupt event, has been acquired by Google for an undisclosed amount. The goal of the SlickLogin team is to make logging in “easy instead of frustrating” and that it should not get in the way of a user even when two-factor authentication is used. According to their announcement, SlickLogin says Google agrees.

Privacy Guard receives new feature in CyanogenMod 11

Screenshot_2014-01-31-15-32-46

If you’ve taken a quick gander over in CM11’s Privacy settings, you’ll see that a new feature has been added. Over in the advanced AppOps view, a new panel has been added showing apps that start up upon your device booting up. This allows you to pick and choose which apps you would like to disable upon booting up.

Certainly a cool feature if you ask me. Out of curiosity, any of you guys use CM as your daily ROM?

source: CM’s Google+

Google Glass vulnerable to JavaScript exploit

Google_Glass_Prescription_Lenses_01

There was a security issue back in Android 4.1 that would allow malicious code (specifically JavaScript) to interject itself into apps that created a WebView, which is something typically done when an app opens up a web window to display an external website, ads, etc. Needless to say, that’s a pretty common thing on Android apps. and apparently that potentially dangerous bug is present in Google Glass, too.

Metasploit, a popular vulnerability testing framework, added a new test module that would allow users to test how vulnerable some versions of the Android browser are to being hacked from shell access, and that’s when this exploit was found in Glass. The exploit would involve a man-in-the-middle hijacking that WebView instance, which wouldn’t be too difficult to do if you’re on a public WiFi or anything that isn’t well secured. At that point, the malicious code could do anything from taking photos with your device to remotely turning on your microphone. Definitely not a good thing.

Rovio affirms it does not share user data with NSA, other surveillance agencies

rovio

If you were worried that the NSA was spying on you while playing Angry Birds, fear not. Rovio has issued a press release to clear the air. Right out of the gate, Rovio makes it clear that they do “not share data, collaborate or collude with any government spy agencies such as NSA or GCHQ anywhere in the world.” This comes after news broke earlier that the NSA may actually be doing so. Rovio says that third party advertising networks seem to be the culprit of the rumors and the company does not allow any third party network to use or trade any user data.

Hit the break for the full press release.

The NSA might be spying on you while you’re playing Angry Birds

angry-bird-icon

Here’s the latest revelation from documents leaked by US whistleblower Edward Snowden.

While you’re enjoying slinging birds at pigs in Angry Birds, chances are that N.S.A might be tracking your personal information. According to documents leaked by Edward Snowden,  N.S.A and Britain’s Government Communications Headquarters have been working since 2007 towards achieving a method to snatch data from smartphone apps that contain user’s information. The amount of data gathering is not yet known, but reports suggest that data is collected from social network, mapping and gaming apps.

Earlier reports revealed N.S.A eavesdropping on phone calls as well as intercepting text messages in an effort to prevent terrorism acts. However a recent report by the Guardian indicates that every time the user launches a “leaky” application, the spying agencies can collect information related to user’s location, sex, age and other personal information as well as the phone model and screen size.

New Windows malware can enter your Android device, affecting Korea for now

android-virus

Computer security giant Symantec has found a new piece of malware that targets Android devices through a Windows computer that have been infected. The malware goes by “Trojan.Droidpak” and uses ADB as its way of entry. An app will appear like the Google Play Store; however, it is called the “Google App Store.” After starting the malicious app, it will search for Korean banking apps. After that, it will prompt the user to install malicious ones over the originals. Also, it can intercept emails so users will miss fraud protection notices. It is unknown if this is widespread or just limited to Korea at this time.

As usual, you should be smart and only connect your Android device to a computer that you trust. Disabling “USB Debugging” and enabling “Verify apps” is likely your best choice. Hit the source link to see Symantec’s detailed breakdown.

Source: Symantec
Via: XDA

Chrome exploit allows malicious websites to listen in on you

google_chromebook_stack

Here’s the drawback to Google recently implemented voice recognition into Chrome; malicious websites can utilize that voice recognition to listen in and possibly record you.

Before you freak out, that sounds significantly worse than it actually is. The “exploit,” according to developer Tal Ater, involves a website asking for your permission to use your microphone for whatever purpose. Afterwards, that site can exploit a bug in Chrome’s voice recognition to listen in on you. A site may launch a pop-up to continue listening in even if you’ve closed the tab for that particular site.

Cisco security report finds 99% of mobile malware targeted at Android devices

Android Security

A new security report published by Cisco has found that 99% of all mobile malware attacks are targeted at Android devices. On top of that, the report says Android suffered 91% of all Java-based web exploits and 71% of all overall web-based exploits. Ouch. This is compared to Cisco finding that Apple’s iOS only encountered 17% of web exploits.

Eric Schmidt has publicly claimed that Android is more secure than iOS, but despite all of Android’s jumps in security and privacy over the past few years, that’s still not quite true. Obviously this doesn’t mean all Android devices are infested pits of malware, but just that you’re more likely to encounter malware attacks on an Android device.

You can check out the full security report below.

source: Cisco

via: TechnoBuffalo

Researchers claim discovery of new Android VPN vulnerability

Android Security

Researchers at the Ben Gurion University Cyber Security Lab are back in the news with a claim that they have discovered a new vulnerability in the Android implementation of VPN. According to the researchers, the exploit would allow a malicious app to bypass an active VPN connection and redirect traffic to a different server. The vulnerability can supposedly be installed without root access and does not need any specific VPN permissions. When the data is redirected by the malicious app, it can be sent unencrypted to a target server without the user being aware the data is being redirected.

Nest CEO Tony Fadell speaks out on privacy concerns after Google acquisition, promises transparency

Nest privacy

A lot of people saw Google’s purchase of Nest, the popular modern thermostat manufacturer, as a sign of some pretty scary things to come.

For example: If you have your (internet-connected) thermostat set to stop heating your home while you’re on vacation, Nest (and now Google) will have access to that information. Imagine if that information was leaked, hacked, or sold to advertisers— do you really want the world knowing when you’re on vacation or out of your home? I certainly don’t.

Samsung Galaxy S5 to use fingerprint, not iris, authentication

Samsung_Eye_Iris_Scanning_Mockup_Featured_Large

It should be no surprise to anyone at this time that Samsung is working on some form of physical user-authentication similar to the fingerprint scanning technology introduced by HTC and Apple during 2013. Reports have already surfaced that the work on sourcing components for fingerprint scanners is underway for most major smartphone manufacturers, including Samsung. We have also seen reports that Samsung was considering eye-scanning technology as a possible way to differentiate themselves. In a new report, Samsung has reportedly dropped the idea of iris-based authentication for now, though they continue to study the concept.

Starbucks app stores personal information in plain-text format

Starbucks_Logo_Store_Front

If you use the official Starbucks mobile payment app, you may want to reconsider. According to security researcher Daniel Wood, the application stores information like your email address, password, and GPS location and an unencrypted plain-text format. Anyone who has access to your phone could do a bit of work to steal that information, which is not something you want someone else to have access to. Even worse, because the app makes payments using an on-screen barcode, that barcode method could be manipulated to suck money out of your bank account.

Fortunately, someone would need access to your phone to get this information, but it’s still a vulnerability that you should be aware of. Hopefully Starbucks addresses this soon.

source: Computer World

via: Engadget