Tagged: security

Premium phone number scams and malware on the rise, says Symantec

0
Premium phone number scams and malware on the rise, says Symantec
Android is taking the world by storm, and unfortunately, that means that scammers and hackers are coming along for the ride. Security firm Symantec released new research today detailing the biggest threats faced by Android users, and while most of it is familiar information, there are some fiendishly innovative new forms of malware and other malicious apps that users should be aware of. Chief among them is the "Premium rate number billing scam".
Continue Reading...

HTC promises OTA privacy patch in pipeline

0
HTC promises OTA privacy patch in pipeline
HTC has confirmed that a fix for the recently uncovered security vulnerability in its Android smartphones is in the pipeline, addressing what some security experts suggested was a "massive" privacy issue. "In our ongoing investigation into this recent claim," the company told Engadget, "we have concluded that while this HTC software itself does no harm to customers' data, there is a vulnerability that could potentially be exploited by a malicious third-party application" However, HTC also insists that it has seen no reports of the loophole actually being taken advantage of, with the potential for harm seemingly more theoretical than practical at this stage. Nonetheless, a security update is being worked on now, and which - after some carrier testing - will be delivered OTA to HTC Android phones. There's no timeline for its release - HTC says the carrier testing period will be "short" though that's presumably up to the networks themselves to deliver on - so until then the company points out that people should "use caution when downloading, using, installing and updating applications from untrusted sources." That's pretty sensible advice no matter what the situation. Full HTC Statement:
HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers' data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability. HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.
Continue Reading...

“Massive” security/privacy issues found in HTC phones

2
“Massive” security/privacy issues found in HTC phones
The Android world had a major shock earlier today when several members of Android Police (appropriate, no?) published a "massive" security flaw found on several high-profile devices from HTC. The problem comes from a customization that HTC has implemented on the core Android system, allowing any app that asks for the right permission access to a staggering amount of users' private and technical data. Even more disturbing, it seems to be the case that some of this information can be retrieved remotely by HTC or anyone else due to an HTC app opening up a network port on any affected phone. The primary issue stems from the "android.permission.INTERNET" permission. Once an app calls this permission into effect, it has access to all sorts of disturbing information on both rooted and non-rooted phones. The private information which any app can access includes email addresses, GPS locations and at least some former locations, call logs, SMS logs, and information from running apps. The HTC app "HtcLoggers.apk" is capable of collecting much of this data and then supplying it to anyone who opens up a network port on the phone. Theoretically, it's possible to duplicate a user's entire phone using these vulnerabilities. Trevor Eckhart originally discovered these vulnerabilities, and the flaws have been verified and cataloged by Artem Russakovskii and Justin Case of Android Police. According to these three, the problems effect a wide range of HTC Android devices across all major carriers. The EVO 4G, EVO 3D, EVO Shift 4G, MyTouch 4G Slide and Thunderbolt were mentioned specifically, so it's a fair bet that anything running similar hardware and software is likewise affected. The whistle-blowers have created a proof-of-concept app which allows any user (no root required) to examine the data being collected in real-time. You can find their exhaustive research and the proof of concept app at the source link. Though Eckhart said that he alerted HTC of these security issues more than a week ago, no official response has been made. Update: HTC has made the following statement: "HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken"
Continue Reading...

AT&T Samsung Galaxy S II lock screen security flaw, and how to fix it

0
AT&T Samsung Galaxy S II lock screen security flaw, and how to fix it
It seems like the shiny new AT&T version of the Samsung Galaxy S II has at least one dull spot. There's an easy work-around that will let anyone access your phone if you've implemented Android's unique pattern-based or PIN lock screen. Don't worry, though, an industrious early adopter has already found a way to secure the Galaxy S II while keeping the lock screen in place.
Continue Reading...

TazPad Inches Closer to Production, NFC and Fingerprint Biometric Security in Tow

1
TazPad Inches Closer to Production, NFC and Fingerprint Biometric Security in Tow
There's approximately a billion trillion tablets on the market now, or so it would seem, the vast majority of them running Android or some presto-change-o OS based on the Android kernel. What manufacturers will have to do if they plan on taking a piece of this pie at this point is one of two things: get a whole new most-powerful processor to become king OR make a unique tablet to carve out a niche. What the team at French NFC and Zigbee specialist TazTag has done is to integrate AuthenTec's TCS2 TouchChip sensor into its TazPad Android tablet alongside fingerprint biometric security -- a tablet with real business intentions.
Continue Reading...

Android has the most Malware according to McAfee

2
Android has the most Malware according to McAfee
McAfee is one of the larger security and virus protection companies out the. The company has put a lot of work into helping to secure Android devices with their soaring popularity for users and as targets for attackers. McAfee has said that Android is plagued by the most Malware of all OS'. The amount of malicious software targeting Android has grown 76% in the last quarter according to McAfee.
Continue Reading...

TekTrak app helps you find your lost phone and protect your personal data

1
TekTrak app helps you find your lost phone and protect your personal data
If you are anything like me, you might lose your smartphone quite a bit. I generally lose mine around the house and more often than not, it has slipped off the arm of the couch and between the cushions. Other times my wife has put a bunch of junk on top of it in an apparent attempt to drive me crazy. The TekTrak app will help you find your phone in your house or anywhere else if you lose it.
Continue Reading...

Tenable Network Security offers Nessus Android app

0
Tenable Network Security offers Nessus Android app
The number of threats that are looking to compromise networks and security in the business world are always growing. New attacks on networks are launched all the time and network administrators need to be able to access reports on their network from anywhere when they need them. A company called Tenable Network Security has announced a new app for Android users that allows the Android device to access the Nessus server and read reports on the network.
Continue Reading...

Google Rolling Out Fix for Android Security over Wifi

2
Google Rolling Out Fix for Android Security over Wifi
Over the last few days there has been some talk regarding another security issue in Google's Android OS. Apparently there is a problem where 3rd party's could potentially access and snoop around in a users Calander, and Contacts. From what we are hearing this is a security loophole that is causing some snooping while a user is operating on a Wifi network. Google quickly mentioned this has been fixed in Android 2.3.4 and above but all earlier versions need the fix, that is like 99% of Android phones.
Continue Reading...

Skype takes action, removes vulnerabilities

0
If you're following the scoreboard, last week we reported that Skype for Android had a vulnerability which allowed a third party to harvest a user's data without their consent. Skype replied that they were taking action, but didn't tell us what it was. Now we know. Skype has solved the issue for now by removing the ability of a hacker to do so. And there's more ...
Continue Reading...