Android Police

Security

...

Google finds flaw in Bluetooth Titan Security Keys, will provide free replacements

Google released the Titan Security Key last year, as part of the company's growing focus on two-factor authentication. The kit comes with a USB Type-A key and a battery-powered Bluetooth/NFC key, and both could be configured as 2FA methods with Google accounts. The last thing you want in your security key is a security flaw, but that's just what has been discovered.

Read More
...

WhatsApp vulnerability exposed civil rights promoters to hacking attempts

WhatsApp is scrambling to determine the impact of a now-patched vulnerability in its iPhone and Android apps that allowed hackers to inject spyware into users' devices. The security hole is at the center of at least one known recent hacking attempt against a lawyer representing a group suing the surveillance software vendor that made the spyware.

Read More
...

Android Q will bring mandatory disk encryption to even low-end devices with Adiantum's help

Google's tug of war with hackers is never ending and we're stuck right in the middle of it. Given that Android is such a big target with billions of active devices out in the world, the company has to keep on the offensive. And with the latest security improvements in Android Q, more people than ever before will be able to stay safe.

Read More
...

[Update: More details] Project Mainline offers Android Q modular security updates

The Google I/O 2019 keynote was, as usual, chock full of cool announcements, and among them was mention of a lofty new goal: Project Mainline. The idea picks up where Treble left off, furthering Android's modularization and making it easier for updates to change core OS components — mitigating the effect of the big, bad Fragmentation monster.

Read More
...

Apps can now use WhatsApp for verification codes with Facebook Account Kit

Some apps and websites allow you to log in using just an email address or phone number thanks to Facebook's Account Kit SDK. Until now, two-factor codes for mobile logins were sent via SMS only, but an update is adding WhatsApp verification.

Read More
...

New 'inception bar' phishing method spoofs Chrome's address bar when you scroll

A new type of potential phishing attack has been discovered by developer James Fisher. Called the "inception bar" by its creator. The attack allows for a site to spoof a URL in the mobile version of Chrome when scrolling, subsequently locking them into a false UI. In fact, the site detailing this newly-discovered flaw makes use of it, appearing to show an HSBC URL.

Read More
...

HMD Global investigating easily-fooled Nokia 9 fingerprint sensors

Owners of the Nokia 9 PureView have had a rough go with the in-display fingerprint sensor they've bought their phones — our Ryan Whitwam was not impressed with the fussing around and finger-jambing he had to do in order to achieve authentication. A software update last week was supposed to loosen up and get the sensor working as it should. But manufacturer HMD Global is now investigating a complaint saying that the phone is too loose, producing false positives from unknown fingers and even a packet of gum.

Read More
...

See who's at the door with a Nest Hello for $166 ($63 off) with coupon

When I think of "smart home," one of the first brands that comes to mind is Nest. Renowned for its smart thermostat, the Google-owned company has ventured out into other product categories. Some haven't done so well, but one of the better ones is the Nest Hello, a doorbell camera. And right now, you can get one for yourself over on Rakuten for $165.74 with a coupon code, down from the usual $229 we see elsewhere.

Read More
...

New Wi-Fi WPA3 security could be just as vulnerable to password hacks as WPA2

The vast majority of people out there don't know much about network security, if at all, but thankfully there are talented groups and individuals out there who are on constant lookout for flaws and vulnerabilities. Each security protocol we've seen has had some kind of issue (sometimes crippling), but the still-young Wi-Fi Protected Access protocol version 3, aka WPA3, remains vulnerable to attack, thanks to some pretty serious design flaws.

Read More
...

Google beta testing Android phones as a new Bluetooth-based two-step verification key

The success of two-step verification processes is prone to two factors: security and convenience. Maybe you, the average person, want to keep all your personal data online safe and sound, but buying a $50 dongle that serves no other purpose than to be a key to a very specific lock doesn't make sense for you. Google has you covered now as it is beta testing a way for your Android phone to be that key to all of your Google account information on your desktop or laptop.

Read More