You might have noticed a number of recent stories (like this one) claiming Google was abandoning some huge portion of Android users rather than fixing WebView security holes. It's exactly the kind of thing that makes good clickbait. Google has now issued a statement on the security issues in Android 4.3 and earlier, basically pointing out it's not feasible to update old code forever and offering tips for avoiding potential exploits. Read More
Verizon isn't making many friends when it comes to keeping private information private. Just two days after news broke that Verizon Wireless is collecting and in some cases selling web browsing info, its parent company has been given a black eye for insecure practices associated with the FiOS Internet service. Security researcher Randy Westergren discovered a way to access any FiOS user's Verizon email account by using the mobile API. Read More
Not long after British Prime Minister David Cameron did the same, President Obama said Friday that he opposes encryption methods that are inaccessible to law enforcement. Rather naively, he advocated that the technology should still exist, but with methods of access for approved entities like police and preferred spy agencies. This is his first clear issue stance on the matter, though it is not necessarily out of step with his previous actions and statements. Read More
PasswordBox is a password manager that automatically enters your credentials into various websites and apps, not unlike LastPass. Last month the company was acquired by Intel Security, which is both absorbing the service and leaving it available in its current form for the time being. The PasswordBox team has been hard at work for its new boss, and at this year's CES, Intel Security announced True Key, built on top of the technology made available by the partnership. Read More
Reddit user Ponkers posted an interesting find to /r/Android today, pointing out a significant privacy hole in Skype that essentially allows users to force an Android device to answer a call, making eavesdropping nearly effortless.
Ponkers drew a diagram below, which I feel compelled to include based on its artistic merits, but here's the gist of how the process works.
Assume you have three devices, device 1, device 2, and device 3. Read More
In a report released today, security researchers claim to have identified a vulnerability in as many as 24 Coolpad devices. The backdoor, which the researchers at Palo Alto Networks call "CoolReaper," reportedly installs adware without user consent or notification. More problematic is the fact that Coolpad built the backdoor into the operating systems themselves. The cherry on top is that Coolpad even had the nefarious app impersonate the Google Play Services framework file to avoid alerting users. Read More
Who better to learn encryption from than the people who have actively tried to build vulnerabilities into encryption? Nobody, says the GCHQ, the British NSA equivalent that has released a free Android app called Cryptoy to teach children the basics of encryption. The app, designed for tablets, focuses on four basic techniques and allows users to create encrypted messages for sharing to friends to decode. Read More
There are updates, and then there are updates. For Cerberus, version 3.0 is the latter. It gets the app ready for Android 5.0 by covering it with pretty materials. Well, as pretty as this particularly unflattering app is going to get.
Cerberus still consists mostly of menus, but now the action bar is very red, a hamburger icon sits in the top left corner, and a sidebar (redesigned since the last time we took a look at the beta) now pulls out over every other part of the interface. Read More
PasswordBox is a system that allows users to keep long and secure passwords to major services, auto-inputting the fields on desktops and mobile platforms and syncing them to a cloud-based system with a single login. It's a popular alternative to the similar LastPass system. Yesterday Intel announced that it had acquired the 44-person company for an undisclosed sum, and intends to integrate it into its Intel Security team (which includes support from McAfee) going forward. Read More