27
Jul
agps

Over at Black Hat USA 2012, security researcher Ralf-Phillip Weinmann demonstrated a vulnerability in several Android devices that utilized A-GPS to send illicit messages to the device which could, he explained, be used to send a report of the device's location any time an A-GPS message was sent or even be used to gain complete control of the device.

In describing the attack, Weinmann pointed out that, for example, a malicious WiFi network could instruct a phone to relay all future A-GPS requests, even once the device has left the WiFi network's range.

23
Jul
image

We've all read the horror stories: a new virus is crawling through the third-party stores, aiming to steal your personal information, identity, and first born child. More often than not, this type of malicious app is made possible because of one of the various root vulnerabilities that have been discovered throughout the various versions of Android.

X-Ray is a new app that lets you see exactly how vulnerable your device is by scanning it against several of these exploits, including RageAgainstTheCage, Gingerbreak, Mempodroid, Levitator, and a few more.

09
Jul
2012-07-09_11h58_38

The Galaxy S III on Sprint has been seeing a considerable amount of update action in the short time since it's been released. Back on June 29th, the device saw a security update and now, according to Sprint's community website, a second "Google security updates" OTA software patch is headed to the device.

2012-07-09_12h20_03

The carrier hasn't offered any details on what the update fixes, beyond that today's update is Google-related, while the previous update is just a generic security update.

03
Jul
image

Xuxian Jiang, along with his research team at North Carolina State University, has cooked up a proof-of-concept "clickjack rootkit" which targets Android. The rootkit is unique not only in that it can function without a device restart, but also in that it targets Android's framework, not requiring deep modifications to the underlying firmware or kernel.

Clickjacking, for those unfamiliar, is a malicious technique typically used on the web to "trick" users into handing over control of their device or confidential information.

11
Jun
image

 

We at Android Police take our mobile security pretty seriously. It's in the job description. Entering the realm of mobile security today is yet another contender on the good side of the battle: VirusTotal has released its client for Android. Prior to this, VirusTotal was a simple website where you can upload suspicious files to be scanned by a multitude of antivirus engines. Having provided this desktop OS-oriented service for several years now, VirusTotal has brought its experience and expertise to mobile.

04
Jun
image

The Google Play Store's "Bouncer," which Google launched back in February to protect Android users from malicious apps, is a service that scans potential Play Store apps by running them in a virtual phone environment, where the app's activities are monitored for any signs of mal-intent.

Taking advantage of that test period, security researchers Charlie Miller and Jon Oberheide have evidently found ways past Bouncer (which they will be presenting at the Summercon conference in New York this week).

02
May
thumb

Who uses WhatsApp Messenger? From The look of the Play Store listing, a damn lot of people. Considering it's so popular, it's probably a pretty secure app, right? Think again.

WhatsApp actually sends all chats in plaintext, so anyone on the same Wi-Fi network can easily pull your entire conversation - including pictures and videos - straight out of the air. And now, that process is even easier than ever thanks to a new app called WhatsAppSniffer.

23
Apr
26-Android-security_thumb

While not everyone who owns an Android device roots, the Android modding community is at the very heart of everything we love about our little green buddy. Security researcher Dan Rosenberg recently gave a presentation where he elaborates on root and modding methods, as well as expounding on the security implications of modding Android phones.

Rosenberg also had quite a lot to say about how carriers influence the Android landscape.

22
Mar
image

Google Authenticator, an important security tool that enables 2-step verification for your Google account, has racked up over 250,000 downloads over its lifetime, which is no small feat for any app in the Play Store. However, a few days ago, that version (previously available here) all of a sudden became obsolete and was consequently silently deleted.

Its replacement, which can be found here, bears version 2 (2.15 to be exact) and offers the following changelog:

  1. New entry for Google Play, same great app
  2. Updated look and feel
  3. "Scan barcode" and "Manually add account" options moved to Menu > Add account.

17
Mar
image

A flurry of cloud storage apps have hit the Play Store in recent days, with COMODO Security Solutions, Bitdefender, and Genie9 all releasing official cloud solutions. Each of the new apps puts its own twist on cloud storage, offering slightly different features, so it's worth looking at each individually.

COMODO Cloud

Comodo Security Solutions, a respected purveyor of desktop (and Android) security solutions, released COMODO Cloud to the Play Store just a couple of days ago, bringing a practical, thoughtful solution to those seeking an easy cloud syncing option.

Page 8 of 16«First...678910...Last»