latest
One-minute hack allowed lock screen bypass on Android, current Pixels are safe
And that's why you always need to install your security patches, folks
Read update
Right on schedule, Google released its November security update for Pixel phones — and to look at the short list of user-facing changes, it would appear that this is little more than a routine release to address a few bugs, including fixes to reduce power consumption, screen flickers, and an occasional app crash. However, this update also fixes a pretty serious vulnerability that could allow a person to bypass the lockscreen of many Android phones in less than a minute without any software or special tools.
Samsung shipped millions of smartphones with a serious security flaw
At least your new Galaxy S22 is safe
Samsung tends to be vigilant about updating security on its devices, but no phone manufacturer is perfect, and sometimes the problems stay very well-hidden. One issue that shipped with some major models didn't become public until recently, and anyone who owns certain Galaxy phones could have fallen prey to the exploit and never realized it.
Your phone (and everything else) might be vulnerable to 'frag' attacks over WiFi
And your laptop, and your smart bulb, and just about anything that uses WiFi
Just days after we heard about the Qualcomm vulnerability that could let hackers listen to your calls, a security researcher has brought to light several Wi-Fi vulnerabilities, some of which even relate to the Wi-Fi standard itself. The new findings affect not just your phones, tablets, and laptops but just about any device that uses the technology that wirelessly connects to the internet.
In this modern digital world, we’re often most concerned with remote hacks and scams when it comes to device security — but physical access to a device can provide a major opportunity to a targeted attacker. That's the case with a set of (thankfully fixed) vulnerabilities found by Google's Project Zero team, which require access to a device's USB port. If you're a security buff, you might remember this from the September 2018 security patch, noted briefly as an issue that could "enable a local attacker to bypass user interaction requirements to gain access to additional permissions."
Read update
- As some of you have speculated, the issue is due to Smart Lock's on-body detection feature. The uploader of the YouTube video was unable to reproduce the flaw after turning on-body detection off. That being said, this isn't something that should be pre-enabled, so Motorola/Amazon aren't completely off the hook here.
Amazon has been running its Prime Exclusive program for some time now. Essentially, the company partners with phone manufacturers to offer noticeably lower prices on devices in exchange for preloaded Amazon apps and advertisements on the lock screen. However, it appears that these lockscreen ads have led to a security flaw on one Prime Exclusive device, the Moto G5 Plus.
If you have read one of our several reviews of Xiaomi phones, such as the Mi Note 2 and Mi 6, you'll know that the software experience just isn't good. MIUI is Xiaomi's heavily modified version of Android, complete with less-than-stellar RAM and Bluetooth management (among other issues). But the ROM has several major security problems, as found by research firm eScan.