This week the latest batch of over-the-air security updates started rolling out to Nexus devices, most going under version LMY48M. Google also posted the goods online in the form of factory images. The company then went on to provide a list of the security fixes.
Eight make the list, with one having actually been exploited in the wild. Though whether this was used maliciously or just someone rooting their own device is unclear. None of the vulnerabilities are newly disclosed. Read More
Over a year ago there was a lot of concern about this piece of malware that had not only a flashy, user-friendly interface, but also the ability to monitor audio and video on Android devices. Even worse, it was able to slip past the automated checking used by Google at the time. Technically, it was really a software toolkit to make it easier to package malware APKs and then do malicious things with them.
At long last, Morgan Culbertson was arrested last month after being charged with creating the software. Tuesday, Culbertson pleaded guilty in federal court, telling the judge "I committed the crime" when asked why he was entering the plea. Read More
If you're in the market for the Turing Phone, you already know who you are. This is an Android phone designed around the idea of being completely unhackable. It doesn't even have a USB port or headphone jack that could be used to manipulate the software in some fashion. Niche products like this often have the feel of vaporware, but the company has posted a release and order timeline for the Turing Phone. So they're at least trying to make it happen. Read More
Cerberus is one of the more full-featured device security apps available on Android. It has more features than Android Device Manager, and more importantly it existed years before Google's solution. The developer has occasionally offered free lifetime licenses for the app, but now users are seeing that their "lifetime" licenses are set to expire in a few days. What gives?
Wuala, an extra secure cloud storage service that we first talked about back in 2011, has announced its imminent shutdown. Originally created by Swiss researchers, Wuala was acquired by French hardware maker LaCie in 2009 as a means to take advantage of the growing interest in cloud solutions. After LaCie was acquired by Seagate, Wuala too fell under that corporate umbrella.
No explicit reasoning has been given for the shutdown, but it isn't hard to see that Wuala just hasn't taken off and may well have lost users in recent years. Not only do existing users have to move their data elsewhere, they need to do it quickly. Read More
Verizon has begun rolling out an update for the Galaxy Note Edge that should address the vulnerability in Stagefright, one of Android's media libraries, that could potentially compromise a user's device. This is the first Stagefright-related fix we're aware of Verizon rolling out.
Of course, the changelog doesn't specifically mention Stagefright... but it's really obvious that's what it's for, given the timing of the update and terseness of the document. You can probably expect a slew of Samsung Stagefright fixes (as well as other OEMs, of course) on Verizon to follow, if this is any sign. Read More
The news of the Stagefright exploit appears to have precipitated a much needed update commitment from Google and various Android OEMs. After Samsung announced its new Android security update process and Google revealed the details of a new Nexus update policy, LG is following suit and promising similar monthly security patch updates.
Although it hasn't been officially announced by the company, the news comes from a couple of reliable sources. First, speaking at the security conference Black Hat 2015, Googler Adrian Ludwig revealed that LG has made the same commitment to send the monthly security patches that it receives from Google to end users. This, supposedly, should last for three years after a handset is announced, the same as Nexus phones. Read More
Google is rolling out the Stagefright patch to Nexus devices as promised, but the bigger news alongside that announcement is a new update policy for Nexus devices. Going forward Google will release security patches for Nexus phones and tablets about once per month, which mirrors Samsung's recently announced Galaxy update program. Google is also making official the length of time you can expect to get Nexus updates. Read More
The Samsung Galaxy Note 4 is getting an OTA update today, and it takes the device from 5.0 up to 5.1.1. That means a few small tweaks to the system, but there are also some important bug fixes, including one for the Stagefright vulnerability. Read More
In a blog post published today by the researchers at Zimperium Mobile Security, the group divulged an extremely widespread security vulnerability that can be exploited with nothing more than a targeted MMS message. The hole exists in the part of the Android operating system called Stagefright, which handles the processing of certain types of multimedia.
How it works
If targeted, the hypothetical hacker needs only to send an MMS message, which in many cases doesn't even need to be read before the attacker gains access to the victim's microphone and camera. Read More