26
Jan
mm

Remember how Marriott hotels wanted to block WiFi hotspots and make everyone pay for internet access? It turns out giving Marriott money for lodging is maybe not a good idea in the first place. According to software developer Randy Westergren, it has been possible to access customer information on Marriott's servers without a password since the Android app was released in 2011.

2015-01-26 10_02_04-Marriott Hotel Reservations and Payment Information Compromised by Web Service V

23
Jan
nexusae0_jb-new-logo_thumb_thumb.png
Last Updated: January 26th, 2015

You might have noticed a number of recent stories (like this one) claiming Google was abandoning some huge portion of Android users rather than fixing WebView security holes. It's exactly the kind of thing that makes good clickbait. Google has now issued a statement on the security issues in Android 4.3 and earlier, basically pointing out it's not feasible to update old code forever and offering tips for avoiding potential exploits.

20
Jan
unnamed (10)
Last Updated: January 21st, 2015

Verizon isn't making many friends when it comes to keeping private information private. Just two days after news broke that Verizon Wireless is collecting and in some cases selling web browsing info, its parent company has been given a black eye for insecure practices associated with the FiOS Internet service. Security researcher Randy Westergren discovered a way to access any FiOS user's Verizon email account by using the mobile API.

16
Jan
android_privacy_investigation_580_thumb.jpg
Last Updated: January 18th, 2015

Not long after British Prime Minister David Cameron did the same, President Obama said Friday that he opposes encryption methods that are inaccessible to law enforcement. Rather naively, he advocated that the technology should still exist, but with methods of access for approved entities like police and preferred spy agencies. This is his first clear issue stance on the matter, though it is not necessarily out of step with his previous actions and statements.

16
Jan
nexus2cee_nexusae0_verizon-horns_thumb.png
Last Updated: January 18th, 2015

If you are using data as a Verizon Wireless customer, Verizon is tracking you. Not only that, but their method to ensure that you can't navigate around it makes your unique identifier visible to every website you visit. The injected data has been called a "supercookie," a term that reflects the fact that it is not removable like a tracking cookie. Now, recent reports show that at least one third-party ad agency has been using Verizon's supercookie to track users after they have deleted cookies or opted out of data collection.

05
Jan
TrueKey-Thumb
Last Updated: January 12th, 2015

PasswordBox is a password manager that automatically enters your credentials into various websites and apps, not unlike LastPass. Last month the company was acquired by Intel Security, which is both absorbing the service and leaving it available in its current form for the time being. The PasswordBox team has been hard at work for its new boss, and at this year's CES, Intel Security announced True Key, built on top of the technology made available by the partnership.

22
Dec

Reddit user Ponkers posted an interesting find to /r/Android today, pointing out a significant privacy hole in Skype that essentially allows users to force an Android device to answer a call, making eavesdropping nearly effortless.

Ponkers drew a diagram below, which I feel compelled to include based on its artistic merits, but here's the gist of how the process works.

Assume you have three devices, device 1, device 2, and device 3.

17
Dec
coolpad

In a report released today, security researchers claim to have identified a vulnerability in as many as 24 Coolpad devices. The backdoor, which the researchers at Palo Alto Networks call "CoolReaper," reportedly installs adware without user consent or notification. More problematic is the fact that Coolpad built the backdoor into the operating systems themselves. The cherry on top is that Coolpad even had the nefarious app impersonate the Google Play Services framework file to avoid alerting users.

12
Dec
Cryptoy

Who better to learn encryption from than the people who have actively tried to build vulnerabilities into encryption? Nobody, says the GCHQ, the British NSA equivalent that has released a free Android app called Cryptoy to teach children the basics of encryption. The app, designed for tablets, focuses on four basic techniques and allows users to create encrypted messages for sharing to friends to decode.

10
Dec
Cerberus-Thumb

There are updates, and then there are updates. For Cerberus, version 3.0 is the latter. It gets the app ready for Android 5.0 by covering it with pretty materials. Well, as pretty as this particularly unflattering app is going to get.

Cerberus still consists mostly of menus, but now the action bar is very red, a hamburger icon sits in the top left corner, and a sidebar (redesigned since the last time we took a look at the beta) now pulls out over every other part of the interface.

Page 1 of 2012345...10...Last»
Quantcast