Exynos kernel exploit could open several Samsung devices to malware or worse

Some bad news is surfacing this weekend for owners of several popular Samsung devices. Members of XDA Developers identified a kernel exploit for devices with certain Exynos processors that could provide root access without flashing the device. According to XDA member alephzain, the vulnerability was discovered on his Samsung Galaxy S III in /dev/exynos-mem. The weakness provides full read/write rights to all physical memory.

McAfee revamps mobile security app with new App Lock feature



 

McAfee is one of the more popular antivirus protections available to PC users, and with the malware on Android devices, they’ve stepped in to provide their trusted protection on smartphones and tablets, too. Recently, McAfee updated their Android application with a refreshed user interface and an innovative new App Lock feature. McAfee claims that since apps like Twitter and Gmail don’t require a password each time you open the app, it’s a possible security threat on your device. App Lock protects against this threat by requiring a pin number each time you want to use one of these applications, protecting you from someone digging through your phone for personal information or even just some nosy friends. This feature can also be used to protect children from having access to certain apps on your device, like the browser or your banking app.

McAfee offers a free trial of the app on Google Play, and offers the paid version at $29.99. Hit the break for the press release and download links.

Microsoft tries to drum up trouble for Android with provocative Tweet

It’s no secret that competition between the major phone platforms (Android, IOS, and Windows Phone) is pretty stiff, with each company doing whatever it can to get a leg up on the competition. Things can get pretty ugly sometimes, with competitors trashing one another and tarnishing each other’s reputation in whatever way they can. Tonight Microsoft joined the fire-fight with a tweet from their Windows Phone twitter account. In it they are calling for their followers to send tweets telling the world about their worst malware story while using an Android phone. These tweets should also include the hashtag #DroidRage. Something tells me that the very vocal Android community won’t take this sitting down and will turn Microsoft’s provoking tweet on its head. After all…when you think of viruses and malware, you tend to think of Microsoft products. Let’s see how this unfolds. If you want to reply to the tweet yourself, check it out at the source link below.

Source: Windows Phone Twitter

S-Memo Found To Save Google Passwords In Plain Text And Is Viewable When Device Is Rooted

 

There are always pros and cons when it comes to rooting your Android devices. Among the major pros are being able to make your Android device much more flexible and slap on things like custom ROMs. On the flip side there are cons such as the potential of major security breaches, such as one that was recently found by XDA user graffixnyc. While going through his S-Memo SQLite files on his Galaxy S III, he found out S-Memo store his Google account password in plain text, instead of the password being encrypted. After posting his issue in an open forum thread, another XDA user named ViViDboarder highlighted rooted devices will be able to view internal contents like that of the SQLite files, though graffixnyc the records of the SQLite files should be encrypted, whether a device is rooted or not.

While this is incredibly troubling to hear, this is a good wake up call for all Android owners, especially owners of rooted devices to take extreme caution in ensuring their sensitive information is safe and secure. The last thing you want is your important information getting into the wrong hands and all.

source: XDA Forums

72% percent of Android apps pose a potential security risk, says study

According to a recent study, 72 percent of all Android applications in the Google Play Store request access to at least one extraneous permission that it doesn’t inherently need to function properly. This number may seem alarming, but let’s break down some of the research firm’s so-called “results.”

According to the published findings:

  • 72 percent of all Android apps (more than 290,000) access at least one high-risk permission.
  • 21 percent (more than 86,000) access five or more.
  • 2 percent (more than 8,000) access 10 or more permissions flagged as potentially dangerous.

Google to fix “smishing” vulnerability recently discovered by NCSU researchers

Smishing, or SMS-phishing, is an old scamming technique that baits users into putting in personal information on fake websites by sending bogus text messages. It hasn’t been too common in the past few years, but some researchers at NC State University have found a vulnerability affecting several Android versions that could make phishing popular again. The exploit identified affects Gingerbread, Ice Cream Sandwich, and even Jelly Bean.

T-Mobile and Lookout delivering Mobile Security Solution to protect customers’ devices

 

Today, T-Mobile and the Lookout team have announced a partnership to bring customers an alternative mobile security solution. Lookout’s Automatic App Security will come pre-loaded on select devices this year on T-Mobile and is expected on most Android devices in 2013, securing smartphones and tablets right out of the box for free.

The second you turn on your T-Mobile Android device that has this pre-installed, your device will automatically be secured upon boot. According to T-Mobile and Lookout:

Lookout will scan all applications upon download, in addition to providing weekly scans for potential threats, using its Mobile Threat Network, the world’s largest database of applications. The user will be notified if the application is determined to be safe or not. If an application is identified as potentially harmful, Lookout will provide information and instructions on how to protect against the threat or uninstall the application.

These days, plenty of people are looking for extra ways to protect their mobile phones. After all, these phones are more like computers these days than actual phones. You can always pay $2.99 extra per month for additional features such as remotely locking your device or backing up photos. Do you guys see this as something you’d love to have or do you see it as something you don’t need and will just add to bloat-ware?

You can check T-Mobile and Lookouts press release after the break for further information!

Lookout Mobile Security gets a redesign and new features like finding your phone when the battery is dead

We love Lookout Mobile Security because not only is it a great service with many features, but they also constantly add new features, and today is no exception. Lookout Mobile Security has a new look and some cool new features such as Signal Flare, an Activity Feed, and Safe Dialer. If you ever lose your phone, there’s a good chance your battery will deplete. The good news is that Signal Flare will automatically flag the last location of youe phone if it has a low battery, which will increase your chances of finding it. No other service offers this. The Activity Feed is a dashboard that categorizes updates, which allows you to quickly get notifications of threats, see your app download history, your data backups, and other security notifications. Last but not least, the Safe Dialer insures that any number you click to call from your mobile browser is safe. This is as a result of the recent USSD security threat found on Samsung devices.

Full press release after the break:

Motorola Adds Global RAZR HD and RAZR i to Bootloader Unlock Program

In a move which I’m sure will make plenty of devs and flash-happy consumers elated, Motorola has extended their bootloader unlock program to a couple of their newest devices, the Motorola RAZR HD and Motorola RAZR i. The RAZR HD will be un-lockable in the flowing areas: Europe, Australia, South America and on Rogers in Canada. As for the RAZR i, it will be un-lockable “worldwide.”

Of course, the sad part is that consumers in the US can’t fully take advantage of this, but I suppose that’s where we point the finger to the US carriers, right?

source: Motorola Global Support

Kaspersky Mobile Security gets updated, adding Mugshot and web-based control panel

It is should be no surprise that every day, threats are targeted towards all desktops as well as mobile platforms. Unfortunately, Android in particular is known to see more malware opposed to other mobile operating systems, due to the ease of installing 3rd-party applications and software.

The threat level for Android is always a “win/ lose” situation. If you have unknown sources enabled to download files from the web, you are invulnerable against cyber attacks. However by only downloading software from trusted users, you may be introduced to less clutter. In any case, you have to owe it to great developers from companies like Kaspersky’s Mobile Security, for around the clock mobile security. Especially with some new improvements and tweaks that the dev team had upgraded under the hood.

Google’s 2-step verification easier with Google Authenticator update

If you are interested in adding some extra security to your Android device, you might want to check out Google’s 2-step authentication feature. If you are already using this function, it is a little bit easier to use now due to an update released by Google through the Google Play store.

2-step authentication adds extra security by requiring a user to have something, in this case their smartphone, to go along with the thing they know, their password, when signing in to web sites or their Google account. The smartphone requirement comes into play thanks to the Google Authenticator app which is used to generate a code to be used along with a password. The update today adds the ability to turn-on 2-step authentication without scanning a QR code or re-entering a password on a device.

If you are not sure whether you are using 2-step verification or want to turn it on, check the security settings for your Google Account on your device. Google also provides some video instructions on setting up your Google Account on your desktop computer to use 2-step verification.

Use one of the download links below to grab the app.

QR Code generator

Google Play Download Link

Kindle Fire HD 7 root method

As consumers start to get their hands on a new Amazon Kindle Fire HD 7 device, some will certainly want to stretch the capabilities of their new tablet. They will be met with frustration if they decide to pursue a new bootloader as it appears Amazon has locked down the devices extra tight. XDA forum member kinfauns did some digging only to discover Amazon has employed some high security device techniques similar to Barnes & Noble’s Nook Tablet devices. Unlike a Nook, the Kindle Fire HD 7 does not have an SD card slot that can be used as an alternate boot device. Developers are exploring workarounds for this situation.

There is good news though on the root front. RootzWiki contributor jcase(OP) has determined Amazon failed to secure a known method for gaining root access on Ice Cream Sandwich devices. Using the Android SDK, it is only a matter of minutes to root the device. Just hit the source link for the instructions if you want to give it a try. Just remember though, you are responsible for what happens to your device if you root it and something goes wrong.

source: RootzWiki

Mobile Device Privacy Act: a new initiative to prevent data mining introduced into Congress

Following last year’s Carrier IQ debacle, policymakers around the country bonded together to fight for the American consumer’s right to privacy. Originally drafted in January, the Mobile Device Privacy Act requires companies that sell mobile devices or cellular subscriptions to notify users if any data collecting software is installed.

“Consumers should know and have the choice to say no to software on their mobile devices that is transmitting their personal and sensitive information. This legislation will provide greater transparency into the transmission of consumers’ personal information and empower consumers to say no to such transmission.”

If such software is included, relevant information regarding the type of information being gathered,  along with who’s using it and for what purposes, must be made apparent. Furthermore, information can only be collected with consent of the customer. Those that wish not to have their phones monitored by the service will be completely free to opt out, even after initially accepting the agreement.

Violation of these laws could leave companies facing a $1,000 fine for each offense. Sponsored by US Representative Edward Markey, the bill was introduced to the House of Representatives on Wednesday. The bill now awaits a committee review, which will determine when the new legislation will see a vote.

Source: ExtremeTech, Mobile Device Privacy Act (PDF)

Chrome for Android receives a stability and security update

 

Is Chrome for Android your choice when it comes to a browser for your Android device? If so, it has received a nice maintenance update today that improves stability along with some security updates. The version is called M18.1 and includes, but not limited to:

  • Location preference now integrated to system level Google apps location setting.
  • Youtube videos controls now work in full screen mode; videos continue playing after a screen lock/unlock
  • Fixes to make third-party IMEs work better with Chrome

Head on over to the download link or QR code and give it a shot if you haven’t already!

QR Code generator

Play Store Download Link