Chrome exploit allows malicious websites to listen in on you

google_chromebook_stack

Here’s the drawback to Google recently implemented voice recognition into Chrome; malicious websites can utilize that voice recognition to listen in and possibly record you.

Before you freak out, that sounds significantly worse than it actually is. The “exploit,” according to developer Tal Ater, involves a website asking for your permission to use your microphone for whatever purpose. Afterwards, that site can exploit a bug in Chrome’s voice recognition to listen in on you. A site may launch a pop-up to continue listening in even if you’ve closed the tab for that particular site.
Read more

Cisco security report finds 99% of mobile malware targeted at Android devices

Android Security

A new security report published by Cisco has found that 99% of all mobile malware attacks are targeted at Android devices. On top of that, the report says Android suffered 91% of all Java-based web exploits and 71% of all overall web-based exploits. Ouch. This is compared to Cisco finding that Apple’s iOS only encountered 17% of web exploits.

Eric Schmidt has publicly claimed that Android is more secure than iOS, but despite all of Android’s jumps in security and privacy over the past few years, that’s still not quite true. Obviously this doesn’t mean all Android devices are infested pits of malware, but just that you’re more likely to encounter malware attacks on an Android device.

You can check out the full security report below.

source: Cisco

via: TechnoBuffalo

Researchers claim discovery of new Android VPN vulnerability

Android Security

Researchers at the Ben Gurion University Cyber Security Lab are back in the news with a claim that they have discovered a new vulnerability in the Android implementation of VPN. According to the researchers, the exploit would allow a malicious app to bypass an active VPN connection and redirect traffic to a different server. The vulnerability can supposedly be installed without root access and does not need any specific VPN permissions. When the data is redirected by the malicious app, it can be sent unencrypted to a target server without the user being aware the data is being redirected.


Read more

Nest CEO Tony Fadell speaks out on privacy concerns after Google acquisition, promises transparency

Nest privacy

A lot of people saw Google’s purchase of Nest, the popular modern thermostat manufacturer, as a sign of some pretty scary things to come.

For example: If you have your (internet-connected) thermostat set to stop heating your home while you’re on vacation, Nest (and now Google) will have access to that information. Imagine if that information was leaked, hacked, or sold to advertisers— do you really want the world knowing when you’re on vacation or out of your home? I certainly don’t.


Read more

Samsung Galaxy S5 to use fingerprint, not iris, authentication

Samsung_Eye_Iris_Scanning_Mockup_Featured_Large

It should be no surprise to anyone at this time that Samsung is working on some form of physical user-authentication similar to the fingerprint scanning technology introduced by HTC and Apple during 2013. Reports have already surfaced that the work on sourcing components for fingerprint scanners is underway for most major smartphone manufacturers, including Samsung. We have also seen reports that Samsung was considering eye-scanning technology as a possible way to differentiate themselves. In a new report, Samsung has reportedly dropped the idea of iris-based authentication for now, though they continue to study the concept.
Read more

Starbucks app stores personal information in plain-text format

Starbucks_Logo_Store_Front

If you use the official Starbucks mobile payment app, you may want to reconsider. According to security researcher Daniel Wood, the application stores information like your email address, password, and GPS location and an unencrypted plain-text format. Anyone who has access to your phone could do a bit of work to steal that information, which is not something you want someone else to have access to. Even worse, because the app makes payments using an on-screen barcode, that barcode method could be manipulated to suck money out of your bank account.

Fortunately, someone would need access to your phone to get this information, but it’s still a vulnerability that you should be aware of. Hopefully Starbucks addresses this soon.

source: Computer World

via: Engadget

BlackPhone will sport a secure version of Android called PrivatOS and will debut at MWC 2014

BlackPhone_Secure_Version_Of_Android_PrivatOS

One of the biggest topics this year is going to be privacy, and BlackPhone is looking to capitalize on that. This smartphone comes out of a joint venture between Silent Circle and Geeksphone, and it will run a secure version of Android called PrivatOS. It will support secure phone calls, texting, file storage, and video chats. It will also run on GSM networks. Obviously corporations will be a target demographic, but consumers are likely to jump in as well.

The BlackPhone will be unveiled at next month’s Mobile World Congress, but if you want to sign up for updates, be sure to hit the source link.

source: BlackPhone
via: Slashgear

Samsung issues response to recent claims of KNOX vulnerability

samsung_knox_logo

Last month security researchers from Ben-Gurion University Cyber Security Labs claimed to have discovered a vulnerability in Samsung’s KNOX security platform. Samsung has issued a statement regarding the claims, indicating the issue identify by the Ben-Gurion researchers was really a classic Man in the Middle (MitM) attack and not a bug or flaw in KNOX or Android. Samsung indicates they reached out and discussed the issue with the security researchers  and were able to verify that the exploit that was identified exists as it “uses legitimate Android network functions in an unintended way to intercept unencrypted network connections from/to applications on the mobile device.”
Read more

Gmail now letting users send email to Google+ connections

Gmail connectionsToday, Google continued its efforts to integrate many of its products— Gmail users will now be able to send email to Google+ connections.

If you want to turn the feature off, you’ll be able to in just a few steps. You’ll also be able to set whether you want to let anyone (or nobody) from Google+ email you at all.

It’s also important to note that while people from Google+ will be able to email you, they won’t actually be able to see your email address through Gmail— just your name. Privacy is still most important here, and it’s good to see that Google recognizes that. 

Source: Google Blog

Millions of Snapchat phone numbers and usernames leaked online

snapchat_app_icon

It was recently confirmed that around 4.6 million Snapchat phone numbers and usernames associated with those numbers has been leaked online. Unofficial site SnapchatDB is now allowing open access to two files, one SQL dump and one CSV text file – both showing users phone numbers, usernames and locations.

The final two digits of each phone number has been censored in order to “minimize spam and abuse”, but despite this SnapchatDB has said that it can be contacted for the uncensored files, as they may be willing to release it under certain circumstances. Otherwise users can “find phone number information associated with Facebook and Twitter accounts, or simply to figure out the phone numbers of people you wish to get in touch with.”


Read more