You’ve probably heard about the latest Android vulnerability that apparently affects over 900 million Android devices. It’s called StageFright, and the worry is that malware can be embedded in a video that could then run roughshod in your device without you initiating any action whatsoever. The malware ridden video would be sent by MMS and your device would download it automatically, thanks to the auto retrieve setting being ticked in settings of the messaging app. While most carriers are waiting for phone manufacturers to issue software patches to block the exploit, Germany’s Deutsche Telekom is taking a more pro-active approach by disabling the MMS auto-retrieve function itself.
Sprint is pushing an update to its Nexus 5 and 6 devices to fix the Stagefright vulnerability. There is no specific SKU for Sprint on either phone, so the update should apply to all of them.
The new update will be build LMY48I. Sprint and AT&T have also updated many Samsung phones to fix the Stagefright bug as well.
Source: Sprint (1), (2)
Stagefright is a new Android security vulnerability that affects millions of Android devices. It is critical it gets fixed right away. Google is pushing out an update to Nexus phones today, but now AT&T and Sprint are pushing the update to many Samsung phones.
Earlier today, Baido released a new security application in the Play Store called DU Privacy Vault. The app provides a simple and organized way to help Android users lock applications for their personal use. The app can also be used to hide certain photos and videos with a passcode. Once a passcode is set, the user will be prompted to enter it whenever they are trying to gain access to those files. For example, when your friend or child asks to use your phone or tablet, you no longer need to worry about them snooping around to private apps and media.
We’ve got another rumor to throw on top of the Galaxy Note 5 pile. Samsung is reportedly working on increasing mobile security in a handful of ways on the Note 5, including an improved security suite, a better fingerprint scanner, and a new trick that will link security elements to the phone’s processor.
Samsung has always taken security pretty seriously, which is evident by how many high-end phones they ship with KNOX on board, so these rumors seem pretty likely at this point. Read more
Today, Google expressed its thoughts on the controversial Wassenaar Arrangement. The company stated that “the proposal would make the world less secure.”
According to AppBugs many popular apps on iOS or Android are vulnerable to password cracking. Very big name apps such as Walmart, ESPN, Pocket, CNN, Slack, SoundCloud, etc. Appbugs testing suggest these apps are subject to brute force attacks. That means an attacker can make unlimited login attempts to a web service until the users password is found.
Dashlane announced today that they have added fingerprint support to their app for Samsung devices. Right now, the only devices supported are the Galaxy S5, Galaxy Note 4, Galaxy Note Edge, Galaxy S6, and Galaxy S6 Edge. You can log in to the password manager app with just your fingerprint; no need to enter a password.
Remember Geeksphone, Spain’s first smartphone manufacturer that developed a MultiOS platform allowing you to choose when you want to use Google’s Android, Mozilla’s Boot2Gecko or another community developed operating system on its handsets? Well, today Geeksphone has announced it will quit making smartphones and leave further development of its MultiOS software in the hands of its community.
Earlier today, a massive security exploit involving Samsung’s default SwiftKey keyboard spread across the internet like wildfire showing the dangers of manufacturers pre-loading third-party software on their phones. The vulnerability was pretty obscure and wouldn’t affect everyone with a Samsung device, but it was still a fairly serious exploit Fortunately, Samsung has issued a relatively quick response about the whole situation.
Samsung has stated that they’re working on a fix, and it will be deployed through a security policy update via Knox. The vulnerability was based in how language packs for Samsung’s SwiftKey-backed keyboard were updated, and doesn’t affect the normal version of SwiftKey that you may have downloaded through the Play Store. Read more