Chinese SMS payment app infects half million devices with malware

Android device sales continue to surge in China, with over 683 million subscribers. A large market like that attracts a lot of attention, some good and some bad. An example of bad attention came to light with the discovery of a new malware/virus infecting over 500,000 owners of Android devices. TrustGo, an anti-virus specialist company, identified the malware on July 25th and it has since been dubbed Trojan!SMSZombie.
Read more

T-Mobile’s Samsung Galaxy S III to Receive Maintenance Update; Removes Universal Search Feature

 

An update for T-Mobile’s Samsung Galaxy S III is due out and includes several improvements, and possibly a feature being removed that will cause some controversy. Here’s a little of what you can expect from this maintenance update:

  • Resolve an error, ‘Enter Mac address’ after entering the correct MAC address in the Mobile Hotspot
  • Resolve issue where the contents of the home screen folder would not rearrange alphabetically
  • Resolve issue where name does not populate when trying to add a contact with nameID information, must manually add.

 

You can also expect the addition of a brightness slide bar in the notification shade, a new radio/modem and a new kernel that’s been on the new batches of S III’s that have been recently arriving at T-Mobile. While there’s no full proof verification on this, there is a strong possibility that this update will take away the Universal Search feature out of the S III. If you don’t remember, this is the feature that Apple has been trying to take away from numerous Android devices so it wouldn’t surprise me if Samsung took it out as a precaution.

As we get more details on this impending update, we’ll be sure to let you all know.

source: TMONEWS

Lookout Launches Updated Mobile Web Site, Makes Finding Lost Phones Easy

Lookout Security and Antivirus has always been a great security suite that keeps your phone virus-free, helps you find lost phones, and securely backs up your data to the cloud. Now it got even better with the newly-revamped mobile web site, which allows you to find a lost or stolen device from any browser. The site has always had the ability to find a lost device, but the new layout makes it simpler than ever.

The new mobile site allows you to view your contacts, locate your phone through Google Maps, and remotely wipe and lock your device if you’re a Premium user. The redesign makes it very touch friendly since most people locate their lost phones from other mobile devices (usually a nearby friend’s phone as soon as the user first notices his phone is missing). You can even force your phone to “scream”, even if the sound is off, in case you lost your phone nearby.

So if you’re prone to losing things, or if you just want to be ultra-safe, download Lookout from the Play Store link or QR code below, and be sure to visit mylookout.com from a mobile device to check out the new site. 

QR Code generator

Play Store Download Link

source: lookout blog

How to easily bypass Android liveness check [Video]

 

As much as I love Android, I’ve always felt the face unlock feature that was introduced in Ice Cream Sandwich is more of a gimmick than anything. While it’s cool to show off to non-Android users, it isn’t practical and can be bypassed rather easily if one were to try. In my opinion, using the pattern or pin unlock system provides a faster and safer way to lock your phone from others.

In Android 4.1 Jelly Bean, Google developers attempted to make the face unlock feature more secure by adding a “liveness check” feature. The problem with face unlock was that one could easily use a picture of the person to unlock the phone. With liveness check enabled, the owner is required to blink for the phone to unlock. This adds another element into the security of face unlock which fixes the issue of simply using ones picture.

Of course, it never takes too long before people figure out a way to bypass that as well. The YouTube video below, uploaded by idaka82, shows a group of guys quickly showing you how to do just that. They simply took a picture and hastily photo-shopped his eyes so that it looks like he’s blinking. Then by transitioning the original and edited photo simultaneously, it gives the effect it’s blinking.

Needless to say, while it can be done rather quickly, it does take a bit of effort. Nonetheless, I’ll always suggest Android users to stick with the pattern or pin unlock system if you wish to secure your phone.

You can head over to the video after the break!


Read more

Casual User Exposes Major Security Flaw On Galaxy S III, Courtesy Of Samsung Kies Desktop Software

 

It’s no secret some Android devices may have a security hole or two, but what about a device’s software application on a desktop computer? Well apparently, Samsung’s Kies desktop software contains a security vulnerability which could allow  malicious applications to be installed and may affect devices such as your brand-new Samsung Galaxy S III smartphone. As highlighted in Andre Moulu’s blog post, what looks like an official or legitimate app could be downloaded from the Play Store (Angry Birds Cheats, Japanese Squid Girls, etc.) for use. As a user installs the certain apps, the apps could manipulate and overtake the install_packages permission found inside the Samsung Kies application. Once the action is done, the malicious app or apps could then have an even further effect by installing more applications without the user being fully aware.

The scary thing is how simple the security vulnerability is pronounced. It seems the vulnerability was easy to pull off using little more than a few lines of Java and more specifically— this is a common vulnerability found in many system applications that come pre-installed on users’ devices thanks to custom UIs. Let’s hope Samsung (and all of the other smartphone manufacturers for that matter) will take note of this and take preventative measures to protect their devices… and quickly.

If you’re ready to see the vulnerability in action, be sure to hit the break in order to see the video.


Read more

NFC could be the next big security exploit

Everyone is looking for something to put fear into people and the latest is NFC. Security researcher Charlie Miller recently showed flaws in the way Android (and MeeGo) handles NFC. He designed an NFC tag that was able to execute malicious code on a device. Obviously this tag could be place anywhere like a point-of-sale terminal.

The issue is not NFC in general, but more of the software implementation. The Android Beam specification allows NFC to automatically launch the web browser which allows for a wide range of web-based exploits. A lot of the browser bugs that were in older versions of Android have been fixed, but early Ice Cream Sandwich builds still have a lot of security holes related to the WebKit-based stock browser. A simple fix to this would be a pop up notifying the user that NFC is trying to open the browser and to either give or deny permission.

Older Android phones are still an issue in that Miller was able to hijack the application daemon that controls NFC functions in Android 2.3, in a sense bypassing the browser. Thankfully there really isn’t too many devices on Android 2.3 that have NFC. Miller used a Nexus S to demonstrate.

So there you have it folks. Is this the next big scare? I would assume Google will make software fixes accordingly, but the bottomline is that for anyone to exploit your phone (or tablet) with this method, they have to be really close to you.

source: theverge

Android Will Be More Secure With Jelly Bean

Ever heard of ASLR? It’s a security feature that is used in many different opearting systems such as Windows XP or iOS6. For quite a while Android has been avoiding it and then used a little bit of it in Android 4.0. Now with the release of Jelly Bean it is being used to its fullest, but this implementation of ASLR still lags behind the security of the soon to be released, iOS 6.

Wikipedia defines ASLR quite well:


Read more

Samsung Removes Universal Search From Sprint Galaxy S III

Yesterday the Sprint Galaxy S III began receiving a security update OTA, but little information was given as to what the update addressed. Users have reported that the update has removed the universal search feature from the device, meaning only web results are given from the search bar. The removal of local search is undoubtedly in response to the recent Apple lawsuit against the Samsung Galaxy Nexus for the very same ability. Google and Samsung are working together to fight that case and this move is a preemptive strike in case Apple decides to take on Samsung’s latest star.


Read more

Sprint Samsung Galaxy S III Receives Security Update

Sprint just released an OTA update for their Samsung Galaxy S III. The software version is L710VPLG2 and according to Sprint, it provides a “Google security update.” The user should feel nothing relatively new with this update, it seems as if Sprint is just enhancing the security of the phone. Nonetheless, it’s always good to give your phone any beneficial update. Hit up the source link for more information!

source: Sprint