Samsung may have removed the iris scanner from its recent flagship devices like the Galaxy S10 and Note10, but it hasn't forgotten about it on earlier hardware. According to some Galaxy S9 and Note9 users in the Android 10 One UI 2.0 beta program, the company has updated the iris scanner in those phones to be compatible with Google's new Biometric API, a one-stop-shop for in-app user authentication. Read More
A new security vulnerability has been discovered inside the Android camera app that potentially affects hundreds of millions of phones across the world. Discovered by a team of security researchers at Checkmarx, the exploit allows a malicious app with access to a phone's storage system to bypass Google's permission safety net and completely spy on users. Read More
Although 5G is often touted for being newer, faster, and more secure than 4G, a team of security researchers from the University of Iowa and Purdue University has flipped the last bit of that marketing message on its head by discovering almost a dozen new 5G vulnerabilities. As a result of these breaches, they were able to carry out some nasty attacks like location tracking, broadcasting of false emergency alerts, and severing the 5G connection of a phone entirely from the network. Read More
A group of security researchers has discovered an exploit that lets Bluetooth and USB accessories wreak all sorts of havoc on multiple Android smartphones. In both cases, the door of entry was the cellphone modem, or baseband, which is found inside all smartphones. Read More
Smartphone users already have several great options when it comes to password managers on Android, letting them log in to supported apps at the press of a button. Now they're being joined by ZenKey, a new service developed in collaboration with the four major US cell carriers that's looking to do away with individual passwords while claiming some robust security features of its own. Read More
Promptly on time, Google has released October's OTA files and factory images for the Pixels, as well as its general Android security bulletin for the month. At the same time, Verizon is pushing out the set of patches to Pixel users now. It's the second update to Android 9 Pie, and this time around there are no Pixel security patches — just a few functional patches including, most notably, what might finally be a fix for the 2016 Pixel fast charging bug. Read More
The Wi-Fi Alliance has announced additional measures to secure wireless devices, following revelations last year about an oversight in the WPA2 specification which left devices vulnerable. Read More
A year ago today Google announced Android Security Rewards, an expansion of its Vulnerability Rewards Program. Find a vulnerability, tell Google about it, help them fix the issue, and take home money. That's the concept, and it's a common one in the tech industry.
Google handed out over half a million bucks to 82 individuals over the past year. This averaged out to $2,200 per reward. Researchers averaged higher payouts, at $6,700. One, @heisecode, received $75,750 for 26 vulnerability reports. 15 researchers received $10,000 or more. Read More
While going hands-on with the Nexus 5X and 6P a bit earlier, I noticed something interesting in the "about" screen of both devices: a new field. It's called "Android security patch level," and what it appears to do is display the date of your phone's most recent security patch.
We know Google has been taking significant flack for Android security updates post-Stagefright, so it seems this feature may be in response to those criticisms. I didn't learn anything else about it, but it was definitely on the 5X and 6P units I used, and speaking to a Google rep, they suggested this feature would ship on the devices. Read More