Mobile security is a big deal on Android devices. While it’s debatable if malware is as big of a problem on Android as security analysts say it is, it’s still very important to keep your devices protected, just in case. Usually, Google does an excellent job of patching most vulnerabilities in their software, the problem is that carriers take way, way too long to get those security patches onto consumer handsets. Activist Chris Soghoian, known for his work with consumer security and privacy, has recently called out wireless carriers on their poor practices with updating these devices.
He’s saying what we’ve all been thinking, but he definitely brings to light some of the less thought about problems of slow updates. Most people complain about being stuck on old software because it’s slower or lacks cooler features, but that outdated software also lacks the updated protection that current software would provide. The antivirus on your computer wouldn’t do much good if it was looking for malware from 2010, would it? He also talks about the stock Android browser, which is one of the more popular browsers simply because it’s preloaded on the device. Unlike Firefox, Chrome, or any other browser you can download from the Play Store, the stock browser lacks constant updates and new malware protection like updateable apps have.
It’s definitely a good read, and definitely a situation that needs to change. Read on past the source to see what Soghoian has to say.
source: Threat Post
Sony has kicked off a new pilot project to bring a remote security service to market for owners of their Xperia smartphone devices. Sony is calling it “my Xperia” as they pilot the service in the Nordics and target a global release during the second quarter of 2013. One of the individuals behind the service, Sony Experience Planner Marcin Zielinski, described some of the service’s features in a one sentence blurb as helping “you locate your misplaced Sony smartphone and protect your personal data.”
In December we reported on an exploit that had been discovered in Samsung’s Exynos chips. We have not heard of any malicious activity related to the security hole, though it became a popular vector for rooting devices. After looking into the issue, Samsung has started the process of issue a fix for the vulnerability. The devices and networks include:
- Sprint Galaxy S II Epic 4G Touch: Sprint’s update FL24 will push out to customers over the course of the next month and will receive Sprint’s Connections Optimizer as part of the update.
- T-Mobile Galaxy Note II: The T-Mobile version of the Samsung Galaxy Note II is getting an update dubbed T889UVALL4. T-Mobile is pushing this out over-the-air or users can manually update via Kies.
There are other devices on several carriers that have the same chipset and are vulnerable to the exploit. We anticipate seeing patches and updates rolling out for these devices over the next several days as well now that the ball has started rolling.
source: Android Central
Mobile security firm Lookout has posted a security alert on their blog regarding a new threat they have identified for mobile devices. Working with carriers, Lookout has identified SpamSoldier, which they describe as a spammer botnet agent that uses infected phones to send SMS spam messages. They do not indicate which platforms are subject to attack, although the original attack vector is via an SMS message and not through any apps downloaded via app stores.
Some bad news is surfacing this weekend for owners of several popular Samsung devices. Members of XDA Developers identified a kernel exploit for devices with certain Exynos processors that could provide root access without flashing the device. According to XDA member alephzain, the vulnerability was discovered on his Samsung Galaxy S III in /dev/exynos-mem. The weakness provides full read/write rights to all physical memory.
McAfee is one of the more popular antivirus protections available to PC users, and with the malware on Android devices, they’ve stepped in to provide their trusted protection on smartphones and tablets, too. Recently, McAfee updated their Android application with a refreshed user interface and an innovative new App Lock feature. McAfee claims that since apps like Twitter and Gmail don’t require a password each time you open the app, it’s a possible security threat on your device. App Lock protects against this threat by requiring a pin number each time you want to use one of these applications, protecting you from someone digging through your phone for personal information or even just some nosy friends. This feature can also be used to protect children from having access to certain apps on your device, like the browser or your banking app.
McAfee offers a free trial of the app on Google Play, and offers the paid version at $29.99. Hit the break for the press release and download links.
It’s no secret that competition between the major phone platforms (Android, IOS, and Windows Phone) is pretty stiff, with each company doing whatever it can to get a leg up on the competition. Things can get pretty ugly sometimes, with competitors trashing one another and tarnishing each other’s reputation in whatever way they can. Tonight Microsoft joined the fire-fight with a tweet from their Windows Phone twitter account. In it they are calling for their followers to send tweets telling the world about their worst malware story while using an Android phone. These tweets should also include the hashtag #DroidRage. Something tells me that the very vocal Android community won’t take this sitting down and will turn Microsoft’s provoking tweet on its head. After all…when you think of viruses and malware, you tend to think of Microsoft products. Let’s see how this unfolds. If you want to reply to the tweet yourself, check it out at the source link below.
Source: Windows Phone Twitter
There are always pros and cons when it comes to rooting your Android devices. Among the major pros are being able to make your Android device much more flexible and slap on things like custom ROMs. On the flip side there are cons such as the potential of major security breaches, such as one that was recently found by XDA user graffixnyc. While going through his S-Memo SQLite files on his Galaxy S III, he found out S-Memo store his Google account password in plain text, instead of the password being encrypted. After posting his issue in an open forum thread, another XDA user named ViViDboarder highlighted rooted devices will be able to view internal contents like that of the SQLite files, though graffixnyc the records of the SQLite files should be encrypted, whether a device is rooted or not.
While this is incredibly troubling to hear, this is a good wake up call for all Android owners, especially owners of rooted devices to take extreme caution in ensuring their sensitive information is safe and secure. The last thing you want is your important information getting into the wrong hands and all.
source: XDA Forums
According to a recent study, 72 percent of all Android applications in the Google Play Store request access to at least one extraneous permission that it doesn’t inherently need to function properly. This number may seem alarming, but let’s break down some of the research firm’s so-called “results.”
According to the published findings:
- 72 percent of all Android apps (more than 290,000) access at least one high-risk permission.
- 21 percent (more than 86,000) access five or more.
- 2 percent (more than 8,000) access 10 or more permissions flagged as potentially dangerous.
Smishing, or SMS-phishing, is an old scamming technique that baits users into putting in personal information on fake websites by sending bogus text messages. It hasn’t been too common in the past few years, but some researchers at NC State University have found a vulnerability affecting several Android versions that could make phishing popular again. The exploit identified affects Gingerbread, Ice Cream Sandwich, and even Jelly Bean.
Today, T-Mobile and the Lookout team have announced a partnership to bring customers an alternative mobile security solution. Lookout’s Automatic App Security will come pre-loaded on select devices this year on T-Mobile and is expected on most Android devices in 2013, securing smartphones and tablets right out of the box for free.
The second you turn on your T-Mobile Android device that has this pre-installed, your device will automatically be secured upon boot. According to T-Mobile and Lookout:
Lookout will scan all applications upon download, in addition to providing weekly scans for potential threats, using its Mobile Threat Network, the world’s largest database of applications. The user will be notified if the application is determined to be safe or not. If an application is identified as potentially harmful, Lookout will provide information and instructions on how to protect against the threat or uninstall the application.
These days, plenty of people are looking for extra ways to protect their mobile phones. After all, these phones are more like computers these days than actual phones. You can always pay $2.99 extra per month for additional features such as remotely locking your device or backing up photos. Do you guys see this as something you’d love to have or do you see it as something you don’t need and will just add to bloat-ware?
You can check T-Mobile and Lookouts press release after the break for further information!
We love Lookout Mobile Security because not only is it a great service with many features, but they also constantly add new features, and today is no exception. Lookout Mobile Security has a new look and some cool new features such as Signal Flare, an Activity Feed, and Safe Dialer. If you ever lose your phone, there’s a good chance your battery will deplete. The good news is that Signal Flare will automatically flag the last location of youe phone if it has a low battery, which will increase your chances of finding it. No other service offers this. The Activity Feed is a dashboard that categorizes updates, which allows you to quickly get notifications of threats, see your app download history, your data backups, and other security notifications. Last but not least, the Safe Dialer insures that any number you click to call from your mobile browser is safe. This is as a result of the recent USSD security threat found on Samsung devices.
Full press release after the break:
In a move which I’m sure will make plenty of devs and flash-happy consumers elated, Motorola has extended their bootloader unlock program to a couple of their newest devices, the Motorola RAZR HD and Motorola RAZR i. The RAZR HD will be un-lockable in the flowing areas: Europe, Australia, South America and on Rogers in Canada. As for the RAZR i, it will be un-lockable “worldwide.”
Of course, the sad part is that consumers in the US can’t fully take advantage of this, but I suppose that’s where we point the finger to the US carriers, right?
source: Motorola Global Support
It is should be no surprise that every day, threats are targeted towards all desktops as well as mobile platforms. Unfortunately, Android in particular is known to see more malware opposed to other mobile operating systems, due to the ease of installing 3rd-party applications and software.
The threat level for Android is always a “win/ lose” situation. If you have unknown sources enabled to download files from the web, you are invulnerable against cyber attacks. However by only downloading software from trusted users, you may be introduced to less clutter. In any case, you have to owe it to great developers from companies like Kaspersky’s Mobile Security, for around the clock mobile security. Especially with some new improvements and tweaks that the dev team had upgraded under the hood.