Last month security researchers from Ben-Gurion University Cyber Security Labs claimed to have discovered a vulnerability in Samsung’s KNOX security platform. Samsung has issued a statement regarding the claims, indicating the issue identify by the Ben-Gurion researchers was really a classic Man in the Middle (MitM) attack and not a bug or flaw in KNOX or Android. Samsung indicates they reached out and discussed the issue with the security researchers and were able to verify that the exploit that was identified exists as it “uses legitimate Android network functions in an unintended way to intercept unencrypted network connections from/to applications on the mobile device.” Read more
Today, Google continued its efforts to integrate many of its products— Gmail users will now be able to send email to Google+ connections.
If you want to turn the feature off, you’ll be able to in just a few steps. You’ll also be able to set whether you want to let anyone (or nobody) from Google+ email you at all.
It’s also important to note that while people from Google+ will be able to email you, they won’t actually be able to see your email address through Gmail— just your name. Privacy is still most important here, and it’s good to see that Google recognizes that.
Source: Google Blog
It was recently confirmed that around 4.6 million Snapchat phone numbers and usernames associated with those numbers has been leaked online. Unofficial site SnapchatDB is now allowing open access to two files, one SQL dump and one CSV text file – both showing users phone numbers, usernames and locations.
The final two digits of each phone number has been censored in order to “minimize spam and abuse”, but despite this SnapchatDB has said that it can be contacted for the uncensored files, as they may be willing to release it under certain circumstances. Otherwise users can “find phone number information associated with Facebook and Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with.”
Earlier this week Gibson Security tweeted some information it claimed could be used to exploit Snapchat enabling malicious hackers to match usernames with phone numbers and build a profile of users. Gibson Security also claimed the security holes could allow for the creation of dummy accounts in bulk. According to Gibson Security, they notified Snapchat of the problems last August, but after not seeing any move to correct an issue that supposedly could be fixed with ten lines of code, proceeded with making the exploit public. Read more
Researcher Mordechai Guri at the Ben-Gurion University’s Cyber Security Lab in Israel recently discovered a major vulnerability in Samsung’s Knox security platform on the Galaxy S4. The flaw “could allow malicious software to track emails and record data communications.”
While Samsung is still investigating the claims, a Samsung spokesperson said that the allegations are not as serious as they might seem.
Remember that little vulnerability we heard about on Nexus devices that could be maliciously exploited to cause a device to lock up and reboot? Looks like Google has finally added a fix for that in Android 4.2.2, which should be rolling out fairly soon. There are no other camera improvements or anything like that in this update, but according to the 4.4.2 changelog, there were a handful of things that got patched. The most major one is that SMS exploit, but that doesn’t mean the few other things that were patched aren’t appreciated. If you’re a Nexus user, keep an eye out for this update.
Lookout Mobile Security‘s research has found that 63% of people just can not keep up with mobile technology. In a study group of more than 2000 people, one in three of them depend on someone who has a great deal of knowledge in the field. And of those that depend on a “Tech Hero,” 75% will turn to them for advice on what smartphone or tablet to purchase. These mobile tech-savy individuals may have accounted for $2.8 billion in the third quarter of 2013.
To reward these “Tech Heroes,” Lookout is holding a contest on Facebook. All you have to do is head over to their page and nominate your go-to for mobile technology. From there, nominees receive votes and become eligible to win prizes. The grand prize winner will be announced on January 7, 2014 and split $2,000 with their nominator. Leading up to that date, nominees will be randomly selected as winners for a few different devices. The four weeks prior will feature two Nexus 7 tablets, two Samsung Galaxy Gear smart watches, and two Samsung smart TVs.
You can find the Facebook page here. Hit the break for a video. Read more
Fingerprint Cards, an identity technology company from Sweden that manufactures touch sensors, hopes to ride the wave of touch recognition demand by selling to the likes of Samsung, LG and Huawei among others. Fingerprint’s CEO Johan Carlstrom thinks Apple’s inclusion of fingerprint identity technology in the iPhone 5S will set off a scramble by Android device producers to include the same technology in their products during 2014. Read more
An IT administrator named Bogdan Alecu has discovered that Nexus phones receiving a flood of texts may start to function a little bit differently. The Galaxy Nexus, Nexus 4, and Nexus 5 are all effected by this new exploit that causes those phones to reboot, crash the messaging app, or even disable a network connection. While other devices seem to be safe, Alecu advises that he hasn’t tested many others. The bug is coming from Class 0 SMS messages that are not regularly stored on a handset.
A developer has already taken to the Play Store to release a fix. Class0Firewall is a free app that prevents the Class 0 SMS messages from sending your handset into a tailspin. Google has told PCWorld that they are looking into the issue; however, we have no timetable on when to expect a patch.
Source: DefCamp, Class0Firewall (Play Store)
Previously (as in, before today), your warranty on your Motorola device would be voided if you requested the Bootloader to be unlocked. It was an evil, but perhaps a necessary one.
But today, it seems that change is in the air. If you request an unlock bootloader code for your Moto device you can keep your warranty. Not only that, but Moto will be posting the return-to-factory software images. Awesome, right?
This news serves as even more proof that Motorola has become more and more “Google-fied” since it was purchased by the search giant.
Moto will also be reinstating all warranties to Developer edition devices that were purchased from 2012-2013.
Remember, this information is only for Developer edition devices, and it’s definitely not expected that they’ll do the same for other devices. Still, great news.
Source: Moto Blog