Ever heard of ASLR? It’s a security feature that is used in many different opearting systems such as Windows XP or iOS6. For quite a while Android has been avoiding it and then used a little bit of it in Android 4.0. Now with the release of Jelly Bean it is being used to its fullest, but this implementation of ASLR still lags behind the security of the soon to be released, iOS 6.
Wikipedia defines ASLR quite well:
Yesterday the Sprint Galaxy S III began receiving a security update OTA, but little information was given as to what the update addressed. Users have reported that the update has removed the universal search feature from the device, meaning only web results are given from the search bar. The removal of local search is undoubtedly in response to the recent Apple lawsuit against the Samsung Galaxy Nexus for the very same ability. Google and Samsung are working together to fight that case and this move is a preemptive strike in case Apple decides to take on Samsung’s latest star.
Sprint just released an OTA update for their Samsung Galaxy S III. The software version is L710VPLG2 and according to Sprint, it provides a “Google security update.” The user should feel nothing relatively new with this update, it seems as if Sprint is just enhancing the security of the phone. Nonetheless, it’s always good to give your phone any beneficial update. Hit up the source link for more information!
If you are a parent of a teenager – someone between 12 and 17 years old – the odds are pretty good that they have a cell phone or smartphone. Ensuring safe and responsible use of those mobile devices is a challenge for any parent. Sprint hopes to help with that with the availability of the previously announced Sprint Guardian solution. According to Fared Adib, vice president – Product Development, Sprint, “With Sprint Guardian, Sprint is giving families and individuals tools and information to better manage their wireless experience.” Sprint Guardian is a collection of bundles of services – a Family Safety Bundle and a Mobile Security Bundle. Sprint Guardian should now be available to customers with many Android powered devices via the Sprint Zone application on their smartphone.
The Family Safety Bundle is a set of services to manage family members’ wireless experience. The bundle includes Mobile Controls, Drive First and Family Locator. These services enable parents to oversee and control phone use, limiting texting while driving, and locate a child on an interactive map.
The Mobile Security Bundle helps manage phone security by backing up certain data so it can be restored to a new phone, locating lost phones, and even locking and wiping phones. These tools can help protect against identity theft, fraud, and the loss of other data.
The services do come at a cost though. The Family Safety Bundle runs $9.99 per month and the Mobile Security Bundle runs $4.99 per month (also available for $49.99 per year). For parents trying to keep their kids safe and using their mobile devices in a responsible manner, the cost may be well worth it.
More details about pricing and specific services are included in the Sprint press release. Hit the break to read it.
Our friends at Lookout are doing it again. They are throwing their “Party Your Apps Off” bash the night before Google I/O kicks off, and trust me you don’t want to miss it because there will be plenty of food, drink, and some nice gifts for those that show up early. We have 20 tickets to giveaway and you can also bring a guest. You don’t have to be attending Google I/O to go to the party, but you do need to be in San Francisco for this event. We don’t know the specific location, but we’re sure Lookout has something special planned. Here’s the full details:
- When: Tuesday, June 26 @ 8PM
- Where: This part is a secret :)
- What: Lookout’s big party in San Francisco on the first night of Google I/O. Drinks will start flowing at 8PM at a hot secret location in downtown SF & one of the city’s best Food Trucks will be there serving snacks. There will be some goodies for the first folks who show up at the door. *Please note, this event is 21 and over.
To enter this contest, all you have to do is head over to our forum thread
and tell us what you’re most looking forward to at this year’s Google I/O. It’s a simple as that. You have until 11:59pm Sunday June 17th. We will randomly pick 20 winners, announce them on the 18th, and email them with instructions to the account associated with their username.
Click here to enter
Recall back in February that Google released “Bouncer” for the Play Store in an attempt to catch malicious applications being uploaded. The service scans potential malicious apps by running them in a virtual environment where Bouncer monitors and surveys them for possible security issues and more. Researchers Charlie Miller and John Oberheide have announced several ways they’ve been able to maneuver Bouncer. One such way, which this and more will be announced at the Summercon conference in New York this week, is to allow the app to “know” when it is being run in a virtual environment and not on a physical device or system, thus allowing it to cease any and all malicious activity until it knows it’s on an actual system. According to Oberheide, though Bouncer should be mimicking a real system “a lot of tricks can be played by malware to learn that it’s being monitored.” Check out the video below of Oberheide and Miller’s test involving an application being uploaded to the Play Store, allowing them to “go inside” Bouncer, catalog fingerprints and allow other malware to know when it’s not running in an actual system environment. Feel free to leave your thoughts in the comments below.
source: Duo Security
Android Malware is the craze these days. Everyone’s talking about it like it’s the biggest things since sliced bread yet I’m yet to run into anyone who was infected by any of them. Everyone’s trying to make a name for themselves so throw in the Android Malware Genome Project. It was started by researchers at North Carolina State University and they say the biggest problem is that we don’t really understand the malware.
They were able to collect more than 1,200 malware samples from August 2010 to October 2011. They found that malware is getting better at preventing detection from mobile security software. They tested four different mobile security apps with over 1200 malware samples that were gathered from August 2010 to October 2011. The four apps included Lookout Mobile, AVG, Norton, and Trend Micro. Lookout led the way by detecting 79.6% of the malware. Next was Trend Micro, which detected 76.7%. In third was AVG, which detected 54.7%, and lastly Norton was only able to detect 20.2%.
Given that as we’re moving away from Desktop computers to a mobile web browsing experience it’s only a logical step that malware should do the same. Well Lookout Mobile Security has found this to be the case as they have recently discovered new sites that act as a drive-by malware node. What this means is that if an Android device that isn’t fully patched visits one of these sites, the site would download and install malware without your knowing. This Trojan could then pose as a system update file which in turn acts like a proxy redirect. This could cause problems for IT and Network folk should that device be connected to their network as once secure information could be now accessible.
The Trojan, known as “NotCompatible” shouldn’t be a problem if you have your devices updated and any one of the various virus scanners out there, like AVG or Lookout for example. Like I said, the risk is low as these sites are few and far between. However, while the risk is low now, the risk is out there and it could potentially grow. But if you make sure to have the “Install from Unknown Sources” unchecked combined with a virus scanner, you should be more than alright as Lookout is working on an update as you read this. They say:
We’re big fans of Lookout Mobile Security here at Talk Android. They just keep getting better. Today they announced two new services: File System Monitoring and Install Monitoring. These two services are aimed at those of you that like to download apps from alternative markets, forums, or any other means. Lookout already has protection for scanning apps after installation, but this update will scan these 3rd party apps before installation. That’s the ultimate form of protection because there’s no sense installing something that’s malware to begin with.
Sure the filter enhanced social photo app Instagram is apparently worth 1 billion dollars and now owned by Facebook, but no amount of cabbage will protect it from being faked and infected with malware. This application which was originally an iOS exclusive was recently ported to Android, and became an instant hit. Somewhere around 5 million+ downloads in the first week. These malware creators took swift advantage of the photo apps popularity and created a fake version of Instagram and it is now infecting unsuspecting Android users.
Finding from Sophos, an IT security and data protection company, spoke about the malware called Andr/Boxer-F:
“In our tests, the app didn’t do a very good job of emulating the genuine Instagram app, but that may be because it failed to find the correct network operator. Because this is a malicious app that seems to be relying in the sending of background SMS messages to earn its creators revenue.”
We all need to be cautious as of course this isn’t the first time malware has raised its ugly head in the Android community, and won’t be the last. Your safest bet to decrease your chances of malware is to stay away from third party android markets where the security isn’t monitored as well (if at all) as it is with Google Play. On another note, if you chose to just stay away from Instagram all together, our own Ed Caggiani put together a great article listing and discussing 7 free Instagram Alternatives.
Hit the source for more information on this malicious software.