Google IO 2017 Coverage

New security heading to Sony devices via “my Xperia” service

Sony has kicked off a new pilot project to bring a remote security service to market for owners of their Xperia smartphone devices. Sony is calling it “my Xperia” as they pilot the service in the Nordics and target a global release during the second quarter of 2013. One of the individuals behind the service, Sony Experience Planner Marcin Zielinski, described some of the service’s features in a one sentence blurb as helping “you locate your misplaced Sony smartphone and protect your personal data.”

Exynos kernel exploit patch starting to roll out for some devices

In December we reported on an exploit that had been discovered in Samsung’s Exynos chips. We have not heard of any malicious activity related to the security hole, though it became a popular vector for rooting devices. After looking into the issue, Samsung has started the process of issue a fix for the vulnerability. The devices and networks include:

  • Sprint Galaxy S II Epic 4G Touch: Sprint’s update FL24 will push out to customers over the course of the next month and will receive Sprint’s Connections Optimizer as part of the update.
  • T-Mobile Galaxy Note II: The T-Mobile version of the Samsung Galaxy Note II is getting an update dubbed T889UVALL4. T-Mobile is pushing this out over-the-air or users can manually update via Kies.

There are other devices on several carriers that have the same chipset and are vulnerable to the exploit. We anticipate seeing patches and updates rolling out for these devices over the next several days as well now that the ball has started rolling.

source: Android Central

Lookout IDs SpamSoldier SMS spammer botnet

Mobile security firm Lookout has posted a security alert on their blog regarding a new threat they have identified for mobile devices. Working with carriers, Lookout has identified SpamSoldier, which they describe as a spammer botnet agent that uses infected phones to send SMS spam messages. They do not indicate which platforms are subject to attack, although the original attack vector is via an SMS message and not through any apps downloaded via app stores.

Exynos kernel exploit could open several Samsung devices to malware or worse

Some bad news is surfacing this weekend for owners of several popular Samsung devices. Members of XDA Developers identified a kernel exploit for devices with certain Exynos processors that could provide root access without flashing the device. According to XDA member alephzain, the vulnerability was discovered on his Samsung Galaxy S III in /dev/exynos-mem. The weakness provides full read/write rights to all physical memory.

McAfee revamps mobile security app with new App Lock feature



 

McAfee is one of the more popular antivirus protections available to PC users, and with the malware on Android devices, they’ve stepped in to provide their trusted protection on smartphones and tablets, too. Recently, McAfee updated their Android application with a refreshed user interface and an innovative new App Lock feature. McAfee claims that since apps like Twitter and Gmail don’t require a password each time you open the app, it’s a possible security threat on your device. App Lock protects against this threat by requiring a pin number each time you want to use one of these applications, protecting you from someone digging through your phone for personal information or even just some nosy friends. This feature can also be used to protect children from having access to certain apps on your device, like the browser or your banking app.

McAfee offers a free trial of the app on Google Play, and offers the paid version at $29.99. Hit the break for the press release and download links.

Microsoft tries to drum up trouble for Android with provocative Tweet

It’s no secret that competition between the major phone platforms (Android, IOS, and Windows Phone) is pretty stiff, with each company doing whatever it can to get a leg up on the competition. Things can get pretty ugly sometimes, with competitors trashing one another and tarnishing each other’s reputation in whatever way they can. Tonight Microsoft joined the fire-fight with a tweet from their Windows Phone twitter account. In it they are calling for their followers to send tweets telling the world about their worst malware story while using an Android phone. These tweets should also include the hashtag #DroidRage. Something tells me that the very vocal Android community won’t take this sitting down and will turn Microsoft’s provoking tweet on its head. After all…when you think of viruses and malware, you tend to think of Microsoft products. Let’s see how this unfolds. If you want to reply to the tweet yourself, check it out at the source link below.

Source: Windows Phone Twitter

S-Memo Found To Save Google Passwords In Plain Text And Is Viewable When Device Is Rooted

 

There are always pros and cons when it comes to rooting your Android devices. Among the major pros are being able to make your Android device much more flexible and slap on things like custom ROMs. On the flip side there are cons such as the potential of major security breaches, such as one that was recently found by XDA user graffixnyc. While going through his S-Memo SQLite files on his Galaxy S III, he found out S-Memo store his Google account password in plain text, instead of the password being encrypted. After posting his issue in an open forum thread, another XDA user named ViViDboarder highlighted rooted devices will be able to view internal contents like that of the SQLite files, though graffixnyc the records of the SQLite files should be encrypted, whether a device is rooted or not.

While this is incredibly troubling to hear, this is a good wake up call for all Android owners, especially owners of rooted devices to take extreme caution in ensuring their sensitive information is safe and secure. The last thing you want is your important information getting into the wrong hands and all.

source: XDA Forums

72% percent of Android apps pose a potential security risk, says study

According to a recent study, 72 percent of all Android applications in the Google Play Store request access to at least one extraneous permission that it doesn’t inherently need to function properly. This number may seem alarming, but let’s break down some of the research firm’s so-called “results.”

According to the published findings:

  • 72 percent of all Android apps (more than 290,000) access at least one high-risk permission.
  • 21 percent (more than 86,000) access five or more.
  • 2 percent (more than 8,000) access 10 or more permissions flagged as potentially dangerous.

Google to fix “smishing” vulnerability recently discovered by NCSU researchers

Smishing, or SMS-phishing, is an old scamming technique that baits users into putting in personal information on fake websites by sending bogus text messages. It hasn’t been too common in the past few years, but some researchers at NC State University have found a vulnerability affecting several Android versions that could make phishing popular again. The exploit identified affects Gingerbread, Ice Cream Sandwich, and even Jelly Bean.

T-Mobile and Lookout delivering Mobile Security Solution to protect customers’ devices

 

Today, T-Mobile and the Lookout team have announced a partnership to bring customers an alternative mobile security solution. Lookout’s Automatic App Security will come pre-loaded on select devices this year on T-Mobile and is expected on most Android devices in 2013, securing smartphones and tablets right out of the box for free.

The second you turn on your T-Mobile Android device that has this pre-installed, your device will automatically be secured upon boot. According to T-Mobile and Lookout:

Lookout will scan all applications upon download, in addition to providing weekly scans for potential threats, using its Mobile Threat Network, the world’s largest database of applications. The user will be notified if the application is determined to be safe or not. If an application is identified as potentially harmful, Lookout will provide information and instructions on how to protect against the threat or uninstall the application.

These days, plenty of people are looking for extra ways to protect their mobile phones. After all, these phones are more like computers these days than actual phones. You can always pay $2.99 extra per month for additional features such as remotely locking your device or backing up photos. Do you guys see this as something you’d love to have or do you see it as something you don’t need and will just add to bloat-ware?

You can check T-Mobile and Lookouts press release after the break for further information!

Lookout Mobile Security gets a redesign and new features like finding your phone when the battery is dead

We love Lookout Mobile Security because not only is it a great service with many features, but they also constantly add new features, and today is no exception. Lookout Mobile Security has a new look and some cool new features such as Signal Flare, an Activity Feed, and Safe Dialer. If you ever lose your phone, there’s a good chance your battery will deplete. The good news is that Signal Flare will automatically flag the last location of youe phone if it has a low battery, which will increase your chances of finding it. No other service offers this. The Activity Feed is a dashboard that categorizes updates, which allows you to quickly get notifications of threats, see your app download history, your data backups, and other security notifications. Last but not least, the Safe Dialer insures that any number you click to call from your mobile browser is safe. This is as a result of the recent USSD security threat found on Samsung devices.

Full press release after the break:

Motorola Adds Global RAZR HD and RAZR i to Bootloader Unlock Program

In a move which I’m sure will make plenty of devs and flash-happy consumers elated, Motorola has extended their bootloader unlock program to a couple of their newest devices, the Motorola RAZR HD and Motorola RAZR i. The RAZR HD will be un-lockable in the flowing areas: Europe, Australia, South America and on Rogers in Canada. As for the RAZR i, it will be un-lockable “worldwide.”

Of course, the sad part is that consumers in the US can’t fully take advantage of this, but I suppose that’s where we point the finger to the US carriers, right?

source: Motorola Global Support

Kaspersky Mobile Security gets updated, adding Mugshot and web-based control panel

It is should be no surprise that every day, threats are targeted towards all desktops as well as mobile platforms. Unfortunately, Android in particular is known to see more malware opposed to other mobile operating systems, due to the ease of installing 3rd-party applications and software.

The threat level for Android is always a “win/ lose” situation. If you have unknown sources enabled to download files from the web, you are invulnerable against cyber attacks. However by only downloading software from trusted users, you may be introduced to less clutter. In any case, you have to owe it to great developers from companies like Kaspersky’s Mobile Security, for around the clock mobile security. Especially with some new improvements and tweaks that the dev team had upgraded under the hood.

Google’s 2-step verification easier with Google Authenticator update

If you are interested in adding some extra security to your Android device, you might want to check out Google’s 2-step authentication feature. If you are already using this function, it is a little bit easier to use now due to an update released by Google through the Google Play store.

2-step authentication adds extra security by requiring a user to have something, in this case their smartphone, to go along with the thing they know, their password, when signing in to web sites or their Google account. The smartphone requirement comes into play thanks to the Google Authenticator app which is used to generate a code to be used along with a password. The update today adds the ability to turn-on 2-step authentication without scanning a QR code or re-entering a password on a device.

If you are not sure whether you are using 2-step verification or want to turn it on, check the security settings for your Google Account on your device. Google also provides some video instructions on setting up your Google Account on your desktop computer to use 2-step verification.

Use one of the download links below to grab the app.

QR Code generator

Google Play Download Link