Android malware can attack devices with “Fake ID” exploit

Android_Malware_01

It’s been awhile since we’ve heard of any major security exploits in Android, but it looks like another pretty massive security vulnerability has been uncovered by Bluebox Security. The latest exploit takes advantage of Android’s failure to check the authenticity of digital certificates, allowing some apps to gain access to the OS and resources that they otherwise should not have access to.
Read more

The internet will be a safer place thanks to Google’s Project Zero

Google_Logo_7356

Today, Google announced a new “well-staffed team called Project Zero.” Project Zero aims to put an end to targeted internet attacks such as those criminals or state-sponsored actors that try to infect your computer to steal information or monitor your activities.

Google is hiring the best security researchers who will devote 100% of their time towards improving security with all types of software. Google will also continue its tradition of transparency by filing each and every bug they discover in an external database. Before they become public, they will report the bugs to only the software vendor. After the bug is patched, it will become public.

This sounds like another sound Google project and if you think you might have the expertise to help Google, be sure to contact them because they are hiring now.

source: Google Online Security

Google Play Services holds important role in security for Android devices

google_io_2014_play_services_update

During Google I/O 2014 today, some time was spent sharing the role that Google Play Services holds in keeping all users up-to-date and secure against malicious attacks. According to Google, Google Play Services gets updated every six weeks and is one of the few frameworks that they actively monitor to make sure it stays on that schedule. With these updates rolling out regularly, Google says 93% of all Google users are on the latest version.
Read more

Yo app dealing with hacks

 yo_its_that_simple

In case you haven’t noticed, over the last few days a new app called Yo has been trending in some circles. Launched back on April Fool’s Day, Yo has attracted over 50,000 users and $1.2 million in funding for an app that does nothing but send a two-letter greeting to recipients. Now word is out that Yo has attracted some less desirable attention. Some Georgia Tech students claim they have hacked the app, a claim that Yo has verified.
Read more

AT&T reports data breach targeting unlock codes for phones

AT&T_Logo_01_TA

AT&T has reported a data breach that occurred between April 9th and April 21st by three employees of a third-party vendor working with AT&T. According to the report, the vendor’s employees had access to a wide swath of users’ personal information including call record, social security numbers, and possibly financial data like credit card numbers. However, none of that information was the target of the hackers. Instead, the employees were trying to secure unlock codes to be used to unlock AT&T phones. AT&T’s report of the breach came out in a filing with the state of California, where breaches involving at least 500 customers must be reported.
Read more

1Password app gets major update

1password_app_icon

If you are in need of a password manager that will work on your Android device, you may want to check out 1Password from AgileBits. The developers have released an updated version that received a major facelift compared with the old version. This new version is such a major change that anyone with the old version will not be able to update their app, they have to install this completely new version.
Read more

Contest: Win 1 of 10 tickets to Lookout’s Annual Kickoff party at Google I/O 2014 [updated with winners]

Lookout_Mobile_Security_Logo_5793

It’s hard to believe that Google I/O is only a couple of weeks away. The conference itself is always a exciting, but you can’t forget the parties. Lookout’s Annual Kickoff party is always a blast, and we are excited to offer our readers a chance to get a ticket because it’s one you don’t want to miss. If delicious food, unlimited drinks, great entertainment and cool giveaways from Lookout and T-Mobile sounds like fun to you, then you will want to enter this contest right now. We have 10 tickets (plus one guest) to give away and the details are as follows:


Read more

Spotify notifies everyone that one user’s account was breached

Spotify_Large_Icon

Music streaming service Spotify has 10 million paid users, but only one of them has a reason to be a little unhappy today. The company sent out a notice that alerts everyone there has been a security breach in which a single user was effected. Just because the hack is not involving a ton of people, Spotify is still taking extensive measures. Interestingly enough, the single user’s password or financial information was not touched.

All users, over the course of the coming days, will be required to update the Spotify application. This is merely for Android users that downloaded Spotify from Google Play and the Amazon Appstore. Users on other platforms do not have to take any sort of action. In the meantime, Spotify says it will continue to strengthen its security.

Source: Spotify

Google amps up productivity and security with new Google Apps Mobile Management features

Google_Apps_Device_Management_01

Yesterday, we heard news that Google is buying Divide, which should give Android a boost in the enterprise world in the near future, but Google already has a few things in store. They just announced new features to Google Apps Mobile Management that will help employees be more productive and protect corporate data.

Inactive Account Wiping will allow IT administrators to set the amount of days an inactive account will automatically get wiped. Compromised device detection will alert IT administrators if someone has rooted a device or installed a custom ROM. They also added support for EAP-based WiFi networks as well as additional reporting fields via the API and Admin console. These additional fields include Serial number, IMEI, MEID, WiFi MAC address, baseband version, kernel version, build number, mobile operator/carrier, language settings, and account ownership/management.

source: Google Enterprise