Security expert finds vulnerability in Samsung’s Find My Mobile service [Updated]

Samsung_Logo_02_TA_CES_2014

Samsung’s Find My Mobile service has come under fire by NIST and security researcher Mohamed Baset regarding an exploit that allows attackers to remotely lock, ring or wipe Samsung devices. Baset points to a vulnerability in Samsung’s service that doesn’t validate the lock code information it receives, allowing an attacker to flood the device with network traffic and do their bidding. No word from Samsung on a patch, but for now we recommend disabling the service until they address the security issue.

Update:

Samsung issued a statement to us and it looks like it only affected the Web interface, not mobile devices. Furthermore, they patched the Web UI on October 13.

The reported issue occurred on the Find My Mobile Web site, and was not a problem on any mobile device. This Web UI was fixed with a patch update on October 13.

Source: Engadget

How to setup Trusted Devices on Android Lollipop to automatically unlock your phone or tablet

Android_Lollipop_Smart_Lock_Trusted_Devices_TA

I can’t stress enough how important it is to use a security lock screen on your mobile devices. If you ever misplace your phone or tablet, no one will be able to get into the device. However, constantly entering a code to unlock your device is a royal pain in the you know what.

Finally, Finally, Finally Google has implemented Trusted Devices in Android. With Android Lollipop and a new feature called Smart Lock, you will be able to set any Bluetooth device, NFC tag, or even your face as a way to automatically unlock your device so you won’t have to constantly enter your PIN code or swipe a pattern over 100 times per day.


Read more

Google adds USB Security Key support to make their 2-Step Verification more robust

google-u2f

Google’s 2-Step Verification is currently the most secure method of signing into your Google account but today the search giant have one-upped their own robust security system by launching Security Key. Security Key is similar to 2-Step Verification except instead of typing in a unique code, you simply insert the USB Security Key. The USB first verifies that the site you’re on is a legitimate Google site and then prompts you to tap the USB key.


Read more

Android Lollipop features “Factory Reset Protection” to stop thieves from wiping stolen phones

Android-5.0-LollipopSecurity and device encryption are hot topics lately, and Google is staying ahead of the game by building a ton of useful new features into the latest version of Android. We already know that Lollipop will feature device encryption by default, but it looks like Google is taking an extra step towards making sure that a stolen phone can’t be wiped and re-used.
Read more

Snapchat images may have been breached through third-party service

snapsaved_logo

According to reports, some 4chan users are claiming that a a third-party app used to access the Snapchat service has been breached giving access to over 200,000 images matched with usernames. The app in question is named SnapSaved and is used to get around Snapchat’s system that alerts users when someone grabs a screenshot of an image that has been posted. Apparently SnapSaved was using a cloud architecture to save the images being grabbed from Snapchat, along with everything else that was being passed to a user, like usernames. According to posters on 4chan, the image database will be posted online by this Sunday, October 12th.
Read more

Dropbox, Google, Open Technology Fund, Security Researchers to simplify security tools

Google_Logo_Visitors_47558

There seems to be a lot of talk about security and privacy today. First Apple took shots at Google in their statement about privacy. Then it was revealed that Google would enable device encryption by default in Android L. Now Google is collaborating with Dropbox, the Open Technology Fund, and leading security researchers for Simply Secure, a new organization that will make open source security tools simpler and easier for people to use.

Many of the security tools that are in place are just too complicated for the average consumer. Take two-factor authentication for instance. It’s widely used in many services, including Gmail and Dropbox, but so few people utilize it. Most people don’t even lock their smartphones.


Read more