Wireless carriers called on lack of security updates for Android devices

by Jared Peters on Feb 5th 2013, 10:29pm
tagged carriers, Gingerbread, Jelly Bean, malware, security, updates

Mobile security is a big deal on Android devices. While it’s debatable if malware is as big of a problem on Android as security analysts say it is, it’s still very important to keep your devices protected, just in case. Usually, Google does an excellent job of patching most vulnerabilities in their software, the problem is that carriers take way, way too long to get those security patches onto consumer handsets. Activist Chris Soghoian, known for his work with consumer security and privacy, has recently called out wireless carriers on their poor practices with updating these devices.

He’s saying what we’ve all been thinking, but he definitely brings to light some of the less thought about problems of slow updates. Most people complain about being stuck on old software because it’s slower or lacks cooler features, but that outdated software also lacks the updated protection that current software would provide. The antivirus on your computer wouldn’t do much good if it was looking for malware from 2010, would it? He also talks about the stock Android browser, which is one of the more popular browsers simply because it’s preloaded on the device. Unlike Firefox, Chrome, or any other browser you can download from the Play Store, the stock browser lacks constant updates and new malware protection like updateable apps have.

It’s definitely a good read, and definitely a situation that needs to change. Read on past the source to see what Soghoian has to say.

source: Threat Post

McAfee revamps mobile security app with new App Lock feature

by Jared Peters on Dec 10th 2012, 12:53pm
tagged apps, malware, mcafee, security

McAfee is one of the more popular antivirus protections available to PC users, and with the malware on Android devices, they’ve stepped in to provide their trusted protection on smartphones and tablets, too. Recently, McAfee updated their Android application with a refreshed user interface and an innovative new App Lock feature. McAfee claims that since apps like Twitter and Gmail don’t require a password each time you open the app, it’s a possible security threat on your device. App Lock protects against this threat by requiring a pin number each time you want to use one of these applications, protecting you from someone digging through your phone for personal information or even just some nosy friends. This feature can also be used to protect children from having access to certain apps on your device, like the browser or your banking app.

McAfee offers a free trial of the app on Google Play, and offers the paid version at $29.99. Hit the break for the press release and download links. » Read the rest

Microsoft tries to drum up trouble for Android with provocative Tweet

by Alexon Enfiedjian on Dec 4th 2012, 10:12pm
tagged competition, malware, Microsoft Windows Phone, Twitter

It’s no secret that competition between the major phone platforms (Android, IOS, and Windows Phone) is pretty stiff, with each company doing whatever it can to get a leg up on the competition. Things can get pretty ugly sometimes, with competitors trashing one another and tarnishing each other’s reputation in whatever way they can. Tonight Microsoft joined the fire-fight with a tweet from their Windows Phone twitter account. In it they are calling for their followers to send tweets telling the world about their worst malware story while using an Android phone. These tweets should also include the hashtag #DroidRage. Something tells me that the very vocal Android community won’t take this sitting down and will turn Microsoft’s provoking tweet on its head. After all…when you think of viruses and malware, you tend to think of Microsoft products. Let’s see how this unfolds. If you want to reply to the tweet yourself, check it out at the source link below.

Source: Windows Phone Twitter

Google to fix “smishing” vulnerability recently discovered by NCSU researchers

by Jared Peters on Nov 2nd 2012, 9:34pm
tagged malware, security

Smishing, or SMS-phishing, is an old scamming technique that baits users into putting in personal information on fake websites by sending bogus text messages. It hasn’t been too common in the past few years, but some researchers at NC State University have found a vulnerability affecting several Android versions that could make phishing popular again. The exploit identified affects Gingerbread, Ice Cream Sandwich, and even Jelly Bean. » Read the rest

Security Features a big part of Android 4.2

by Sean Stewart on Nov 2nd 2012, 2:26pm
tagged Android 4.2, Android Security, Jelly Bean, malware

Amongst the many other additions that will be part of Android 4.2, it looks like keeping your device secure will be a priority as well. I know we don’t like the idea of malware on our Android devices, but the fact is, it’s out there. Google is looking to combat that in 4.2 by offering the option of scanning an application before it’s fully installed. Once the app is scanned, if it finds something suspicious within the app, it’ll then prompt you and inform you as such and give you the option to continue. Additionally, the scanner will block the installation completely if the fingerprint matches existing malware.

Google isn’t forcing this however. This is an opt-in type of setup and option. I think it’s a good start by Google offering this option. Our devices these days are worth quite a bit of change and hold some valuable information on them, so keeping everything on the up and up is definitely on the top of my list when talking about my mobile device.

source: Android Central

Google Play Store update adds malware checker, other improvements

by Jeff Causey on Oct 15th 2012, 9:58pm
tagged Google, malware, multi-user, Play Store, update, wishlist

Google appears to be in the process of rolling out an update to the Google Play Store app, taking it up to version 3.9.16. Several improvements have been included that should be apparent once users get their hands on the update and start using the Play Store. Improvements include: » Read the rest

Chinese SMS payment app infects half million devices with malware

by Jeff Causey on Aug 19th 2012, 7:23pm
tagged china, malware, TrustGo, virus

Android device sales continue to surge in China, with over 683 million subscribers. A large market like that attracts a lot of attention, some good and some bad. An example of bad attention came to light with the discovery of a new malware/virus infecting over 500,000 owners of Android devices. TrustGo, an anti-virus specialist company, identified the malware on July 25th and it has since been dubbed Trojan!SMSZombie. » Read the rest

Casual User Exposes Major Security Flaw On Galaxy S III, Courtesy Of Samsung Kies Desktop Software

by Roy Alugbue on Aug 1st 2012, 8:23am
tagged hacks, malware, samsung kies, software

It’s no secret some Android devices may have a security hole or two, but what about a device’s software application on a desktop computer? Well apparently, Samsung’s Kies desktop software contains a security vulnerability which could allow malicious applications to be installed and may affect devices such as your brand-new Samsung Galaxy S III smartphone. As highlighted in Andre Moulu’s blog post, what looks like an official or legitimate app could be downloaded from the Play Store (Angry Birds Cheats, Japanese Squid Girls, etc.) for use. As a user installs the certain apps, the apps could manipulate and overtake the install_packages permission found inside the Samsung Kies application. Once the action is done, the malicious app or apps could then have an even further effect by installing more applications without the user being fully aware.

The scary thing is how simple the security vulnerability is pronounced. It seems the vulnerability was easy to pull off using little more than a few lines of Java and more specifically— this is a common vulnerability found in many system applications that come pre-installed on users’ devices thanks to custom UIs. Let’s hope Samsung (and all of the other smartphone manufacturers for that matter) will take note of this and take preventative measures to protect their devices… and quickly.

If you’re ready to see the vulnerability in action, be sure to hit the break in order to see the video.

» Read the rest

Report Claims “Almost Every Device Is Compromised With Some Kind Of Malware”

by Roy Alugbue on Jul 28th 2012, 9:50am
tagged apps, malware, security, virus

Is it possible that the Android platform has one too many flaws? Well as great as Android may be, there are some notable issues that continue to haunt it such as rampant malware in apps. According to the British Times (via Forbes), more than one-third of all Android apps contain some form of Android malware. Jill Knesek, head of the global security practice at BT and former cybersecurity expert for the FBI, highlights her findings when analyzing 1,000 applications:

“We analyzed more than 1,000 Android applications and found a third compromised with some form of active or dormant malware. Almost every device is compromised with some kind of malware, although often it’s not clear if that code is active or what it is doing.”

While the results are nothing short of surprising, there are a few major issues with Knesek’s findings: no one knows what exactly she means by ‘malware’ and she doesn’t offer concrete evidence to support her argument. We’re only going to assume that ‘malware’ is used in the context to describe items such as apps that send back data without the user’s consent and that the apps tested were apps from untrusted developers. Still, these types of studies certainly raise an eyebrow or two and can possibly create fear and pandemonium. Of course we here at Talk Android recommend that you check out our “How To Spot Malware Guide” and always do your homework on both apps and the developers the apps come from, before downloading an app. Oh and it doesn’t hurt to have some sort of antivirus application installed on your smartphone or tablet.
source: Forbes

Duo Security Uploads Malicious App Test, Appears Benign To Google Bouncer (Video)

by Joe Sirianni on Jun 5th 2012, 8:42am
tagged Google Bouncer, Google Play Store, malware

Recall back in February that Google released “Bouncer” for the Play Store in an attempt to catch malicious applications being uploaded. The service scans potential malicious apps by running them in a virtual environment where Bouncer monitors and surveys them for possible security issues and more. Researchers Charlie Miller and John Oberheide have announced several ways they’ve been able to maneuver Bouncer. One such way, which this and more will be announced at the Summercon conference in New York this week, is to allow the app to “know” when it is being run in a virtual environment and not on a physical device or system, thus allowing it to cease any and all malicious activity until it knows it’s on an actual system. According to Oberheide, though Bouncer should be mimicking a real system ”a lot of tricks can be played by malware to learn that it’s being monitored.” Check out the video below of Oberheide and Miller’s test involving an application being uploaded to the Play Store, allowing them to “go inside” Bouncer, catalog fingerprints and allow other malware to know when it’s not running in an actual system environment. Feel free to leave your thoughts in the comments below.

source: Duo Security

12 3 4 5