Security - Featured Articles

HTC One Accounts

So, you want to adopt BYOD?

What you need to know before integrating employee devices on your network Bring Your Own Device (BYOD) is the current hot trend. (And has been for a while, really.) There are many perceived advantages for a company that allows employees to bring their own devices to work and have access to your...
LG G Pro 2 Knock Code

How to use Knock Code on the LG G Pro 2

Knock Code will come to other LG phones via software updates this year With Knock On — wherein you tap the display twice to turn on your phone — has been one of our favorite new features of the past few months. LG introduced it with the LG G2 in 2013, and it returned with the LG G Flex toward...
The Boeing Black

Boeing reveals the Boeing Black — a super-secure smartphone for those with super security needs

This phone will self destruct in ten seconds… In this day and age of malicious apps and intrusive government surveillance, you might be wondering how to keep your data secure. You could turn to a solution like the up-and-coming Geeksphone Blackphone, with a modified version of Android and sets...

Security - Top Articles

SD card: Activate

KitKat and SD cards — what's fixed, what's broken and what's misunderstood

Why your SD card doesn't work the same in Android 4.4 KitKat, and the reasons for the change “Curse you, Google! Your KitKat update broke my SD card!” Poke around the Android section of the Internet and you’ll hear something similar. Users like you and me are in an uproar because they updated...
Google fixes Heartbleed

Google updates back-end in light of Heartbleed vulnerability

If you've been online at some point in the last 36 hours, chances are you've heard of 'Heartbleed', a flaw in OpenSSL that has exposed data to theft on approximately 2/3 of servers in use around the globe over the past two years. It's not known how bad the damage may be, but the revelation of the...
Android Central

NBC News and the bullshit 'ZOMG Sochi Olympics Android hack' story

Your Android smartphone only installs malware if you're being dumb (or do it on purpose) — not automatically, and not just because you're in Russia. This is just ridiculous, even for American "news" television. A report from NBC News was exposed — and rightfully so — by Errata Security (via...
The Boeing Black

Boeing reveals the Boeing Black — a super-secure smartphone for those with super security needs

This phone will self destruct in ten seconds… In this day and age of malicious apps and intrusive government surveillance, you might be wondering how to keep your data secure. You could turn to a solution like the up-and-coming Geeksphone Blackphone, with a modified version of Android and sets...
Gmail

All Gmail will now use HTTPS, messages will be encrypted when moving inside Google

Initiatives were 'made a top priority after last summer's revelations' Google has steadily improved the overall security of several of its apps and services, and the latest move is moving to HTTPS and encryption across all of Gmail. Starting today, every single time you send or check your Gmail...
SkipLock.

Unlock With Wifi app retooled and is now SkipLock

Safety meets convenience with a set of great features  You may have heard us talk about an app called Unlock With Wifi a time or two. It's an app that tells your lock screen when to become secured with a password or PIN, based on what Wifi AP you're connected to. It's one of those apps that you...
Cerebus

Cerberus servers have a data leak, users advised to change password

Users of the popular phone security app Cerberus are reporting a slightly disturbing email coming from the developers today. While Cerberus assures that no passwords were compromised — they are encrypted, of course — attackers did gain access to some usernames and passwords. If you're using...
HTC One Accounts

So, you want to adopt BYOD?

What you need to know before integrating employee devices on your network Bring Your Own Device (BYOD) is the current hot trend. (And has been for a while, really.) There are many perceived advantages for a company that allows employees to bring their own devices to work and have access to your...
LG G Pro 2 Knock Code

How to use Knock Code on the LG G Pro 2

Knock Code will come to other LG phones via software updates this year With Knock On — wherein you tap the display twice to turn on your phone — has been one of our favorite new features of the past few months. LG introduced it with the LG G2 in 2013, and it returned with the LG G Flex toward...
Android Central

Android Device Manager app launches on Google Play

Like the web interface, the new app lets you remotely track and lock down your other Android devices Google has launched a new Android app allowing users of the Android Device Manager feature to remotely track, ring, lock down or wipe their other devices. Not to be confused with the Google Play...

Security - Photos

Security RSS Feed

It looks like that T-Mobile U.S. update advisory was right on the money. A few hours after T-Mo updated its support site with word of a security update for the Nexus 4, we're seeing signs that an update to build JWR66Y (from the earlier JWR66V) is pushing out to the Nexus 4 and (GSM) Galaxy Nexus. Posters on the XDA forums have said that they've received a small OTA update to the new version, which still identifies itself as Android 4.3.

It's been speculated that the new version addresses Android security vulnerabilities which were recently involved in a high-profile Bitcoin heist.

So far we're not seeing any signs that the Nexus 10 or either Nexus 7s have been updated, but we'd expect the update to be extended to all Nexus devices sooner rather than later. Let us know in the comments if you've already updated your phone this morning.

Source: XDA (1, 2)

Read more and comment

 

From time to time you might find yourself wanting to use Chromecast on a tab that you might not otherwise want to show up in your browser history. (Yes, as a warning to parents and a reminder to perverts, Chromecast can beam anything from a browser to the big screen. Anything.)

But in Incognito Mode, extensions are turned off by default. Flipping the switch is easy, and you can do it for individual extensions.

Just type chrome://extensions and you'll be taken to the Extensions page. From there, scroll down until you find "Google Cast," and then click the "Allow in incognito" checkbox. Now it'll work in Incognito mode, and you'll be able to Cast all those ... things .. that you might not want prying eyes to see.

Read more and comment

 

Unless you can see what it's doing, you have to trust that the software running on your mobile device is for your eyes only

We're going to spend a bit of time talking security on Talk Mobile 2013 this week. A lot of the discussion is going to be about what you share online, with or without your knowledge, and ways we can keep our mobile devices secured when they leave our hands. It's all very important stuff, but there is one other thing I want to bring up, and that's what I like to call the transparency factor.

To put it simply, the only time you can trust any software is when you can read the code and see what it is doing. Maybe you (and often times, me as well) don't understand all of it, but rest assured someone out there does. And they are looking. Putting code online for peer review is the only way independent third parties can see what it is really doing. And that can be pretty damn important.

Read more and comment

 

The ability to add a second user profile was added to tablets in Android 4.2, and it's gained even more granular functionality in Android 4.3 with the addition of "restricted profiles." In a nutshell, this lets you choose which applications that restricted user can use.

It's not quite a full-functioned kids mode, and there still are a couple things to watch out for. But for basic account compartmentalization, it works pretty well.

Let's dive into it and show how to use the new "restricted profile" feature in Android 4.3.

Read more and comment

 

Cracked encryption allows hackers to potentially clone your SIM, priovided you're still using an out-dated encryption protocol.

Over the weekend some news broke about an exploit that affects millions of phone users. Apparently, the encryption used has a flaw that allows a hacker to clone the encryption credentials of a SIM (Subscriber Identity Module) card, potentially allowing them to clone your SIM card and retrieve things like information about your plan and payments, or identify you on the network.

It sounds scary, and it is for the 500 million affected SIM cards in the wild. But like any good security scare worth it's salt, there's a lot more to the story than we're hearing. Click through and we'll talk about it a bit.

Source: Security Research Labs

Read more and comment

 

All Android code is available for public review, and plenty of people are reviewing it

It came to light today (though it was never a secret) that the NSA (the National Security Agency), a U.S. intelligence service that's been in the news as of late for things nobody likes, is contributing code to Google's Android project. Of course, the Internet's first reaction was predictably "OMG PRISM! They're building in PRISM!!11one!"

You can relax folks. While the NSA has no official statement about what they call their Security Enhancements for Android project's link to the PRISM project, this isn't something new. They've been working on this Android code since 2011, which is an offshoot of their SE (Security-Enhanced) Linux project before that. Their SELinux code was peer reviewed by anyone and everyone, and the commits were generally accepted as being great additions that make a secure operating system even more safe.

While Android isn't developed in the open, upon release the code is all available. There are all manner of very smart and god-like code nerds pouring through it, and any shenanigans would be quickly uncovered. Let's just take a deep breath, and realize that the NSA could be very helpful writing code to keep systems secure. 

More: Bloomberg

Read more and comment

 

Heads up everyone using CyanogenMod on their Android device -- there's a security release coming your way. The 10.1.1 release patches several high-profile security issues (including the Master Key exploit) and it is highly recommended that all users install the update when available for their device. Specifics are:

  • Bug 8219321 aka “MasterKey” exploit (also patched in CM 7 and CM 9 source)
  • CVE-2013-2094 (Linux kernel exploit)
  • CVE-2013-2596 (Qualcomm-specific exploit)
  • CVE-2013-2597 (Qualcomm-specific exploit)
  • General device bug-fixes

There are no new user-facing features in this release, so everything should look and feel exactly as you're used to. Stay safe, guys and gals!

Source: CyanogenMod

Read more and comment

 

No evidence that exploit has actually been used, Google spokeswoman tells ZDNet

Last week it emerged that a security vulnerability affecting all current versions of Android could allow applications to be maliciously altered without affecting their cryptographic signatures. You might've heard it referred to as the Android "master key" vulnerability.

At the time it was reported that Samsung's Galaxy S4 had already been patched to address the issue, and now we have further information from Google on the company's response to the incident. According to ZDNet, Google spokeswoman Gina Scigliano said that the company had already released a fix for the bug to OEMs, and that some manufacturers like Samsung were already shipping the fix in devices.

Scigliano reiterated that Google had found no evidence that the vulnerability had actually been exploited in malware on Google Play or other app stores. As AC's Jerry Hildenbrand mentioned in his write-up of the issue last week, the bug, while potentially serious, is easy to avoid by sticking to official app stores and avoiding pirated apps.

More: Making sense of the latest Android 'master key' security scare

Source: ZDNet

Read more and comment

 

Sony mobile security service going global 'over the next few weeks'

Following a limited beta rollout in Nordic countries earlier in the year, Sony's "My Xperia" security service for smartphones has begun rolling out globally. After listening to user feedback, Sony has finalized the service, and expects to enable it for 2012 and 2013 Xperia devices around the world "over the next few weeks."

My Xperia lets Sony phone owners locate and secure their devices in the event they're lost or stolen, using a web-based interface. From here, they can sound an alarm, even if the phone's set to silent mode, lock it to keep private information secured, or wipe the phone entirely.

The web interface is live now at myxperia.sonymobile.com.

Source: Sony Mobile Blog

Read more and comment

 

No spin, no bullshit, just clear simple talk about what's going on this time

Some real talk about this exploit that the Bluebox security team discovered is needed. The first thing to know is that you’re probably affected. It’s an exploit that works on every device that’s not been patched since Android 1.6. If you’ve rooted and ROM'd your phone, you can freely ignore all of this. None of this counts for you, because there is a whole different set of security concerns that comes with root and custom ROMs for you to worry about.

If you don’t have the infamous “Unknown Sources” permission box checked off in your settings, this all means nothing to you. Carry on, and feel free to be a little smug and self-righteous — you deserve it for eschewing sideloading all this time in case something like this could happen. If you don't know what this means, ask someone

For the rest of us, read past the break.

More: IDG News Service.

Special thanks to the whole Android Central Ambassador team for helping me make sense of this!

Read more and comment

 

Two branded security apps to help keep customer's smart phone data safe

In an effort to offer better comprehensive security to its customers, U.S. Cellular announced today that it will partner with NQ Mobile to provide security apps to its 5.2 million customers. The partnership expands on a previous program that offered an app called "NQ Family Guardian" to customers, with two new apps called "U.S. Cellular Mobile Data Security powered by NQ Mobile™" and "U.S. Cellular Privacy Protector powered by NQ Mobile™". The apps will be free in the Play Store as branded options limited to the carrier's customers.

Together the apps aim to give customers protection from viruses, malicious URLs and other outside threats along with a security suite that offers secure encryption for photos, videos and other data users want to keep safe. On their own, NQ Mobile's self-branded versions of the apps have done well in the Play Store with high ratings and reviews, so U.S. Cellular certainly seems to have made a good choice here.

Source: U.S. Cellular

Read more and comment

 

Money doesn't grow on trees. Take a few steps to password protect your Google Play purchases.

When it comes to things that cost real money, people tend to become a little more cautious. Nobody wants their child or kid brother accidentally buying a bunch of apps or in-app purchases from Google Play while they are supposed to be playing Angry Birds, and it's easy enough to do with just a few taps -- unless you've password protected your Google Play app.

With the password enabled, every time you try to spend money in Google Play, whether it be buying an app or book, renting a movie, or adding coins to your favorite game you'll need to enter your Google credentials to finalize the purchase. It's a great option, and one I suggest everyone enable. Luckily, it's easy to enable. Follow past the break to see how.

Visit our Google Play mini-site for everything there is to know about Google Play

Read more and comment

 
Building on its history of making security applications that cover a broad range of use cases and features, McAfee released a new app called "McAfee Security Innovations" that aims specifically to help users not lose or have their device stolen. The app does so by working with the fact that users often have more than one device, letting them link the devices together to alert the user whenever the devices are more than 30 feet apart at any time. The so-called "Smart Perimeter" feature will set off an alarm if the devices become separated and let you track down whichever one is out of your possession.

The app also includes two more quick pieces of security by way of a safe QR code reader to check for malicious material before redirecting you to its content, as well as a "Data Vault" to lock specific data on the device with a PIN. McAfee Security Innovations is available for free in the Play Store at the link above.

Read more and comment

 

Larry Page, chief legal officer Drummond pen post in response to recent reports of government snooping

Google's chief executive this afternoon weighed in on the reports from The Guardian and The Washington Post that have created a bit of a firestorm over personal liberty versus anti-terrorism efforts. Parsing Larry Page's post, which is co-authored with Google Chief Legal Officer David Drummond, you get the following:

  • First, we have not joined any program that would give the U.S. government—or any other government—direct access to our servers
  • Second, we provide user data to governments only in accordance with the law. Our legal team reviews each and every request, and frequently pushes back when requests are overly broad or don’t follow the correct process.
  • Finally, this episode confirms what we have long believed—there needs to be a more transparent approach.

Read Page and Drummond's full explanation on Google's official blog.

Read more and comment

 

Embedded system increases the chances that devices will be recovered after theft

Absolute Software, the makers of the LoJack theft recovery service, announced today that through a partnership with Samsung it will be offering its services to all Galaxy S4 handsets. The service, which was previously targeted at desktop and laptop computers, is making the move into the mobile space with one of the most popular devices out today. Unlike other services that can pretty easily be removed when a phone is factory reset, the LoJack system is embedded at the firmware level and will survive any tampering or attempts to remove it by a criminal. 

Beyond just making sure that the phone is traced, locked and remotely wiped, you'll get the expertise of LoJack's years of experience in tracking stolen property. When we spoke to LoJack representatives here at CTIA they said they've recovered laptops in as little as 40 minutes, and as long as four and a half years after they were stolen. That just shows the determination of the people behind this service.

While it is embedded in every Galaxy S4 device, it won't be available to be activated until "early this summer". LoJack isn't releasing specific pricing at this point, but has indicated that the service will start at $29.99 with multiple subscription options ranging from 1 to 4 years at a time. 

Read more and comment

 

Ren Zhengfei spoke to reporters for the first time since founding Huawei in 1988

Huawei CEO Ren Zhengfei denied allegations that its products represent a threat to U.S. national security. Speaking directly with the press for the first time today, Ren also denied any illicit ties to the Chinese government, a central part of U.S. concerns over the Chinese communications giant, according to reports from Reuters.

Last October a damning Congressional report concluded that Huawei and local competitor ZTE "cannot be trusted to be free of foreign state influence and thus pose a security threat to the United States and to our systems." The panel behind the report also singled out Huawei for criticism, saying it'd received evidence of corruption, bribery and copyright infringement at the firm from industry experts and Huawei employees.

Read more and comment

 

Samsung smart devices get the Pentagon's stamp of approval

Update: Samsung's just passed along an official press release, which states that the DoD approval applies to both smartphones and tablets running Knox. You'll find the full presser after the break.

Original story: The Samsung Galaxy S4 has been approved for use on the U.S. Department of Defense's secure networks, Korea's Yonhap news agency reports. The news follows announcements by the DoD indicating plans to open its networks up to Android and iOS-based smart devices by next February.

Samsung has been keen to advance into the secure smartphone market in recent months, a space traditionally dominated by BlackBerry devices. The company's new Samsung Knox security system for BYOD, aimed at enterprise and government customers, is a major part of this push.

In related news, BlackBerry's latest BlackBerry 10 phones and its PlayBook tablet were also approved for DoD use yesterday. The Next Web reports that Apple's iPhone and iPad should gain DoD approval later this month.

Source: Yonhap; via: The Next Web

Read more and comment

 

It's worth a quick reminder that the Samsung Galaxy S4 is one one of the first devices to actually launch with Android 4.2.2.  And it's also worth a reminder that the developer options are hidden by default starting with that version of Android. As those of us who have been using Nexus devices for the past quickly learned, you'll need to spend about 20 seconds and a few taps of the ol' index finger -- OK, any finger will do -- to open up the nether regions of your Galaxy S4. 

So. You're sure you want to do this? You want to unlock the developer options on your Galaxy S4? Cool. Here's how.

Read more and comment

 

Sony's Xperia Z is joining the ranks of the iPhone and Galaxy S3 today with some tinkering that has exposed a security flaw in the lockscreen of the device. According to Scott Reed, who found the flaw on his personal Xperia Z, the lockscreen bypass only takes a few easy steps and allows full access to the device. That's a bit further than some other recent lockscreen bugs will get you, and is certainly troubling. Sony has supposedly fixed the bug that led to some Xperia Z devices randomly bricking themselves, and now they've got another fun bug to fix on their hands.

It's always a good idea to keep your phone in your sight if it has some sensitive data on it, but you may want to be extra careful until this bug is fixed up. If you want to see the flaw in action, stick around after the break for a video of Scott doing it on his device.

Source: GSMArena

Read more and comment

 

Droid RAZR HD and MAXX HD owners have started receiving an update for their devices. This latest OTA will bump both versions of the RAZR HD to Android 4.1.2, and comes with security patches from Google and a fix for data roaming.

Multiple software improvements have also been made. Detection of USB cables has been improved, as has the devices' Wifi connectivity. Wallpaper options have been added when selecting home screen icons, and the camera app has had improvements made to its touch-to-focus, notifications, and low light performance. Headset connectivity is better, as is pixelation in video streaming. Media sync problems should also be gone, now that sync more stable.

If you're rocking a Droid RAZR HD or MAXX HD, be sure to hit the forums and let us know how you're getting on..

Source: Droid Life

Read more and comment

 

Pages