Some testing recently conducted by Pen Test Partners revealed a man-in-the-middle vulnerability in Samsung smart fridges that could be used to hack into a user’s Gmail account. The Samsung refrigerator that was tested has Wi-Fi capability that among other things, allows a user to display their Gmail calendar on the screen. The Pen Test Partners’ testing showed that although Samsung implemented a Secure Sockets Layer for connections, the fridge was not validating certificates leaving it vulnerable to attack. Read more
While many OnePlus 2 fans are still waiting to get their hands on an actual device thanks to the slow rollout of invites, OnePlus has been busy with its OxygenOS firmware, announcing its first over-the-air (OTA) update that bumps the firmware to version 2.0.1. The OTA includes security patches, bug fixes and other improvements, and we have the changelog after the break.
OnePlus recently announced that it is slowing down the rate at which it issues invites for its 2016 flagship killer, the OnePlus 2, which isn’t great news for its fans. But, on the other hand, it has also just announced that it’s released a firmware update for the OnePlus One to deal with the marauding StageFright exploit. And that is good.
Joining a list of companies shaken by the Stagefright vulnerability on Android, LG has announced they will be implementing a new policy to issue security updates on a monthly basis. This strategy is similar to one recently announced by Google for their Nexus devices as well as other smartphone manufacturers like Samsung. Read more
LG can now proudly say their current flagship, the G4, is officially secure enough for use in the US government after passing some pretty strict testing.
The device meets the US National Security Agency’s National Information Assurance Partnership standards, certifying it for use in over 25 countries, including the US. It meets international security standards as well as the US government’s Cryptographic Modules standards, which is a pretty big accomplishment and opens up a large new market for the G4. Read more
Amid the concerns of Android’s Stagefright vulnerability, Google has commented on the protection of its own devices. Nexus devices ranging from the Nexus 7 to the Nexus 6 will now be covered by monthly security updates. The company pointed out that Android being open source means that potential security risks can be identified and addressed by anyone to strengthen the platform.
We’ve got another rumor to throw on top of the Galaxy Note 5 pile. Samsung is reportedly working on increasing mobile security in a handful of ways on the Note 5, including an improved security suite, a better fingerprint scanner, and a new trick that will link security elements to the phone’s processor.
Samsung has always taken security pretty seriously, which is evident by how many high-end phones they ship with KNOX on board, so these rumors seem pretty likely at this point. Read more
Security firm CrowdStrike has announced a $100 million investment from Google Capital. CrowdStrike was founded by ex-McAfee executives and utilizes cloud-based tools and security experts called “hunters” to actively combat hacking attempts, sometimes while they are in progress. Read more
Earlier today, a massive security exploit involving Samsung’s default SwiftKey keyboard spread across the internet like wildfire showing the dangers of manufacturers pre-loading third-party software on their phones. The vulnerability was pretty obscure and wouldn’t affect everyone with a Samsung device, but it was still a fairly serious exploit Fortunately, Samsung has issued a relatively quick response about the whole situation.
Samsung has stated that they’re working on a fix, and it will be deployed through a security policy update via Knox. The vulnerability was based in how language packs for Samsung’s SwiftKey-backed keyboard were updated, and doesn’t affect the normal version of SwiftKey that you may have downloaded through the Play Store. Read more
Google takes security very seriously, and now that’s more true than ever. The company has offered bounties for anyone that could find or solve vulnerabilities in Chrome and their websites with their Security Rewards program, and today they’re extending that to cover Android, too. Read more