It’s been awhile since we’ve heard of any major security exploits in Android, but it looks like another pretty massive security vulnerability has been uncovered by Bluebox Security. The latest exploit takes advantage of Android’s failure to check the authenticity of digital certificates, allowing some apps to gain access to the OS and resources that they otherwise should not have access to.
Today, Google announced a new “well-staffed team called Project Zero.” Project Zero aims to put an end to targeted internet attacks such as those criminals or state-sponsored actors that try to infect your computer to steal information or monitor your activities.
Google is hiring the best security researchers who will devote 100% of their time towards improving security with all types of software. Google will also continue its tradition of transparency by filing each and every bug they discover in an external database. Before they become public, they will report the bugs to only the software vendor. After the bug is patched, it will become public.
This sounds like another sound Google project and if you think you might have the expertise to help Google, be sure to contact them because they are hiring now.
source: Google Online Security
Avast, one of the leaders in security software, has what might be bad news for those of you looking to sell or trade in your old Android smartphone. It is always recommended that you run Android’s factory data reset option before getting rid of your phone, which is supposed to wipe all data and settings. Unfortunately that might not be the case.
During Google I/O 2014 today, some time was spent sharing the role that Google Play Services holds in keeping all users up-to-date and secure against malicious attacks. According to Google, Google Play Services gets updated every six weeks and is one of the few frameworks that they actively monitor to make sure it stays on that schedule. With these updates rolling out regularly, Google says 93% of all Google users are on the latest version.
In case you haven’t noticed, over the last few days a new app called Yo has been trending in some circles. Launched back on April Fool’s Day, Yo has attracted over 50,000 users and $1.2 million in funding for an app that does nothing but send a two-letter greeting to recipients. Now word is out that Yo has attracted some less desirable attention. Some Georgia Tech students claim they have hacked the app, a claim that Yo has verified.
AT&T has reported a data breach that occurred between April 9th and April 21st by three employees of a third-party vendor working with AT&T. According to the report, the vendor’s employees had access to a wide swath of users’ personal information including call record, social security numbers, and possibly financial data like credit card numbers. However, none of that information was the target of the hackers. Instead, the employees were trying to secure unlock codes to be used to unlock AT&T phones. AT&T’s report of the breach came out in a filing with the state of California, where breaches involving at least 500 customers must be reported.
If you are in need of a password manager that will work on your Android device, you may want to check out 1Password from AgileBits. The developers have released an updated version that received a major facelift compared with the old version. This new version is such a major change that anyone with the old version will not be able to update their app, they have to install this completely new version.
It’s hard to believe that Google I/O is only a couple of weeks away. The conference itself is always a exciting, but you can’t forget the parties. Lookout’s Annual Kickoff party is always a blast, and we are excited to offer our readers a chance to get a ticket because it’s one you don’t want to miss. If delicious food, unlimited drinks, great entertainment and cool giveaways from Lookout and T-Mobile sounds like fun to you, then you will want to enter this contest right now. We have 10 tickets (plus one guest) to give away and the details are as follows:
Music streaming service Spotify has 10 million paid users, but only one of them has a reason to be a little unhappy today. The company sent out a notice that alerts everyone there has been a security breach in which a single user was effected. Just because the hack is not involving a ton of people, Spotify is still taking extensive measures. Interestingly enough, the single user’s password or financial information was not touched.
All users, over the course of the coming days, will be required to update the Spotify application. This is merely for Android users that downloaded Spotify from Google Play and the Amazon Appstore. Users on other platforms do not have to take any sort of action. In the meantime, Spotify says it will continue to strengthen its security.
Yesterday, we heard news that Google is buying Divide, which should give Android a boost in the enterprise world in the near future, but Google already has a few things in store. They just announced new features to Google Apps Mobile Management that will help employees be more productive and protect corporate data.
Inactive Account Wiping will allow IT administrators to set the amount of days an inactive account will automatically get wiped. Compromised device detection will alert IT administrators if someone has rooted a device or installed a custom ROM. They also added support for EAP-based WiFi networks as well as additional reporting fields via the API and Admin console. These additional fields include Serial number, IMEI, MEID, WiFi MAC address, baseband version, kernel version, build number, mobile operator/carrier, language settings, and account ownership/management.
source: Google Enterprise