A lot of people saw Google’s purchase of Nest, the popular modern thermostat manufacturer, as a sign of some pretty scary things to come.
For example: If you have your (internet-connected) thermostat set to stop heating your home while you’re on vacation, Nest (and now Google) will have access to that information. Imagine if that information was leaked, hacked, or sold to advertisers— do you really want the world knowing when you’re on vacation or out of your home? I certainly don’t.
It should be no surprise to anyone at this time that Samsung is working on some form of physical user-authentication similar to the fingerprint scanning technology introduced by HTC and Apple during 2013. Reports have already surfaced that the work on sourcing components for fingerprint scanners is underway for most major smartphone manufacturers, including Samsung. We have also seen reports that Samsung was considering eye-scanning technology as a possible way to differentiate themselves. In a new report, Samsung has reportedly dropped the idea of iris-based authentication for now, though they continue to study the concept.
If you use the official Starbucks mobile payment app, you may want to reconsider. According to security researcher Daniel Wood, the application stores information like your email address, password, and GPS location and an unencrypted plain-text format. Anyone who has access to your phone could do a bit of work to steal that information, which is not something you want someone else to have access to. Even worse, because the app makes payments using an on-screen barcode, that barcode method could be manipulated to suck money out of your bank account.
Fortunately, someone would need access to your phone to get this information, but it’s still a vulnerability that you should be aware of. Hopefully Starbucks addresses this soon.
source: Computer World
One of the biggest topics this year is going to be privacy, and BlackPhone is looking to capitalize on that. This smartphone comes out of a joint venture between Silent Circle and Geeksphone, and it will run a secure version of Android called PrivatOS. It will support secure phone calls, texting, file storage, and video chats. It will also run on GSM networks. Obviously corporations will be a target demographic, but consumers are likely to jump in as well.
The BlackPhone will be unveiled at next month’s Mobile World Congress, but if you want to sign up for updates, be sure to hit the source link.
Last month security researchers from Ben-Gurion University Cyber Security Labs claimed to have discovered a vulnerability in Samsung’s KNOX security platform. Samsung has issued a statement regarding the claims, indicating the issue identify by the Ben-Gurion researchers was really a classic Man in the Middle (MitM) attack and not a bug or flaw in KNOX or Android. Samsung indicates they reached out and discussed the issue with the security researchers and were able to verify that the exploit that was identified exists as it “uses legitimate Android network functions in an unintended way to intercept unencrypted network connections from/to applications on the mobile device.”
Today, Google continued its efforts to integrate many of its products— Gmail users will now be able to send email to Google+ connections.
If you want to turn the feature off, you’ll be able to in just a few steps. You’ll also be able to set whether you want to let anyone (or nobody) from Google+ email you at all.
It’s also important to note that while people from Google+ will be able to email you, they won’t actually be able to see your email address through Gmail— just your name. Privacy is still most important here, and it’s good to see that Google recognizes that.
Source: Google Blog
It was recently confirmed that around 4.6 million Snapchat phone numbers and usernames associated with those numbers has been leaked online. Unofficial site SnapchatDB is now allowing open access to two files, one SQL dump and one CSV text file – both showing users phone numbers, usernames and locations.
The final two digits of each phone number has been censored in order to “minimize spam and abuse”, but despite this SnapchatDB has said that it can be contacted for the uncensored files, as they may be willing to release it under certain circumstances. Otherwise users can “find phone number information associated with Facebook and Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with.”
Earlier this week Gibson Security tweeted some information it claimed could be used to exploit Snapchat enabling malicious hackers to match usernames with phone numbers and build a profile of users. Gibson Security also claimed the security holes could allow for the creation of dummy accounts in bulk. According to Gibson Security, they notified Snapchat of the problems last August, but after not seeing any move to correct an issue that supposedly could be fixed with ten lines of code, proceeded with making the exploit public.
Researcher Mordechai Guri at the Ben-Gurion University’s Cyber Security Lab in Israel recently discovered a major vulnerability in Samsung’s Knox security platform on the Galaxy S4. The flaw “could allow malicious software to track emails and record data communications.”
While Samsung is still investigating the claims, a Samsung spokesperson said that the allegations are not as serious as they might seem.
Remember that little vulnerability we heard about on Nexus devices that could be maliciously exploited to cause a device to lock up and reboot? Looks like Google has finally added a fix for that in Android 4.2.2, which should be rolling out fairly soon. There are no other camera improvements or anything like that in this update, but according to the 4.4.2 changelog, there were a handful of things that got patched. The most major one is that SMS exploit, but that doesn’t mean the few other things that were patched aren’t appreciated. If you’re a Nexus user, keep an eye out for this update.