Privacy Guard receives new feature in CyanogenMod 11

Screenshot_2014-01-31-15-32-46

If you’ve taken a quick gander over in CM11′s Privacy settings, you’ll see that a new feature has been added. Over in the advanced AppOps view, a new panel has been added showing apps that start up upon your device booting up. This allows you to pick and choose which apps you would like to disable upon booting up.

Certainly a cool feature if you ask me. Out of curiosity, any of you guys use CM as your daily ROM?

source: CM’s Google+

Google Glass vulnerable to JavaScript exploit

Google_Glass_Prescription_Lenses_01

There was a security issue back in Android 4.1 that would allow malicious code (specifically JavaScript) to interject itself into apps that created a WebView, which is something typically done when an app opens up a web window to display an external website, ads, etc. Needless to say, that’s a pretty common thing on Android apps. and apparently that potentially dangerous bug is present in Google Glass, too.

Metasploit, a popular vulnerability testing framework, added a new test module that would allow users to test how vulnerable some versions of the Android browser are to being hacked from shell access, and that’s when this exploit was found in Glass. The exploit would involve a man-in-the-middle hijacking that WebView instance, which wouldn’t be too difficult to do if you’re on a public WiFi or anything that isn’t well secured. At that point, the malicious code could do anything from taking photos with your device to remotely turning on your microphone. Definitely not a good thing.
Read more

Rovio affirms it does not share user data with NSA, other surveillance agencies

rovio

If you were worried that the NSA was spying on you while playing Angry Birds, fear not. Rovio has issued a press release to clear the air. Right out of the gate, Rovio makes it clear that they do “not share data, collaborate or collude with any government spy agencies such as NSA or GCHQ anywhere in the world.” This comes after news broke earlier that the NSA may actually be doing so. Rovio says that third party advertising networks seem to be the culprit of the rumors and the company does not allow any third party network to use or trade any user data.

Hit the break for the full press release.
Read more

The NSA might be spying on you while you’re playing Angry Birds

angry-bird-icon

Here’s the latest revelation from documents leaked by US whistleblower Edward Snowden.

While you’re enjoying slinging birds at pigs in Angry Birds, chances are that N.S.A might be tracking your personal information. According to documents leaked by Edward Snowden,  N.S.A and Britain’s Government Communications Headquarters have been working since 2007 towards achieving a method to snatch data from smartphone apps that contain user’s information. The amount of data gathering is not yet known, but reports suggest that data is collected from social network, mapping and gaming apps.

Earlier reports revealed N.S.A eavesdropping on phone calls as well as intercepting text messages in an effort to prevent terrorism acts. However a recent report by the Guardian indicates that every time the user launches a “leaky” application, the spying agencies can collect information related to user’s location, sex, age and other personal information as well as the phone model and screen size.


Read more

New Windows malware can enter your Android device, affecting Korea for now

android-virus

Computer security giant Symantec has found a new piece of malware that targets Android devices through a Windows computer that have been infected. The malware goes by “Trojan.Droidpak” and uses ADB as its way of entry. An app will appear like the Google Play Store; however, it is called the “Google App Store.” After starting the malicious app, it will search for Korean banking apps. After that, it will prompt the user to install malicious ones over the originals. Also, it can intercept emails so users will miss fraud protection notices. It is unknown if this is widespread or just limited to Korea at this time.

As usual, you should be smart and only connect your Android device to a computer that you trust. Disabling “USB Debugging” and enabling “Verify apps” is likely your best choice. Hit the source link to see Symantec’s detailed breakdown.

Source: Symantec
Via: XDA

Chrome exploit allows malicious websites to listen in on you

google_chromebook_stack

Here’s the drawback to Google recently implemented voice recognition into Chrome; malicious websites can utilize that voice recognition to listen in and possibly record you.

Before you freak out, that sounds significantly worse than it actually is. The “exploit,” according to developer Tal Ater, involves a website asking for your permission to use your microphone for whatever purpose. Afterwards, that site can exploit a bug in Chrome’s voice recognition to listen in on you. A site may launch a pop-up to continue listening in even if you’ve closed the tab for that particular site.
Read more

Cisco security report finds 99% of mobile malware targeted at Android devices

Android Security

A new security report published by Cisco has found that 99% of all mobile malware attacks are targeted at Android devices. On top of that, the report says Android suffered 91% of all Java-based web exploits and 71% of all overall web-based exploits. Ouch. This is compared to Cisco finding that Apple’s iOS only encountered 17% of web exploits.

Eric Schmidt has publicly claimed that Android is more secure than iOS, but despite all of Android’s jumps in security and privacy over the past few years, that’s still not quite true. Obviously this doesn’t mean all Android devices are infested pits of malware, but just that you’re more likely to encounter malware attacks on an Android device.

You can check out the full security report below.

source: Cisco

via: TechnoBuffalo

Researchers claim discovery of new Android VPN vulnerability

Android Security

Researchers at the Ben Gurion University Cyber Security Lab are back in the news with a claim that they have discovered a new vulnerability in the Android implementation of VPN. According to the researchers, the exploit would allow a malicious app to bypass an active VPN connection and redirect traffic to a different server. The vulnerability can supposedly be installed without root access and does not need any specific VPN permissions. When the data is redirected by the malicious app, it can be sent unencrypted to a target server without the user being aware the data is being redirected.


Read more

Nest CEO Tony Fadell speaks out on privacy concerns after Google acquisition, promises transparency

Nest privacy

A lot of people saw Google’s purchase of Nest, the popular modern thermostat manufacturer, as a sign of some pretty scary things to come.

For example: If you have your (internet-connected) thermostat set to stop heating your home while you’re on vacation, Nest (and now Google) will have access to that information. Imagine if that information was leaked, hacked, or sold to advertisers— do you really want the world knowing when you’re on vacation or out of your home? I certainly don’t.


Read more

Samsung Galaxy S5 to use fingerprint, not iris, authentication

Samsung_Eye_Iris_Scanning_Mockup_Featured_Large

It should be no surprise to anyone at this time that Samsung is working on some form of physical user-authentication similar to the fingerprint scanning technology introduced by HTC and Apple during 2013. Reports have already surfaced that the work on sourcing components for fingerprint scanners is underway for most major smartphone manufacturers, including Samsung. We have also seen reports that Samsung was considering eye-scanning technology as a possible way to differentiate themselves. In a new report, Samsung has reportedly dropped the idea of iris-based authentication for now, though they continue to study the concept.
Read more