WhatsApp is scrambling to determine the impact of a now-patched vulnerability in its iPhone and Android apps that allowed hackers to inject spyware into users' devices. The security hole is at the center of at least one known recent hacking attempt against a lawyer representing a group suing the surveillance software vendor that made the spyware.
Many of you are visiting family for the holidays, which means you're sharing meals, telling stories, and exchanging gifts. In fact, quite a few of you may be giving phones or tablets to family members this year. If you're a regular around here, you're probably also known as the resident gadget expert, an honor that is both a compliment and a curse — you know what I'm talking about. While you might be trying to avoid impromptu tech support work, we would like to encourage taking a few minutes to do something for the greater good: Clean the trash apps from your family members' devices.
Earlier this week Amazon took some of the low-budget manufacturer BLU's phones off the retailer's digital shelves, following allegations that BLU had included spyware in its products. It seems to have been a false alarm, though, as today BLU has announced in a tweet that Amazon is back to stocking its phones. Customers looking to pick up a cheap and capable phone can again purchase them at the US' biggest online merchant.
Google is pushing out a new version of the Play Store for Android users around the world. Like most updates to this version, there really aren't any notable changes showing up already, but there are a few interesting things hidden beneath the hood. There are some new features focused on improving security for apps that are updated from unexpected sources and making its security scanner more visible to users. There's also a plan to move notification settings to their own dedicated screen.
Every once in a while, you might wake up and see everyone playing the same new smartphone game/app, much like in The Next Generation. Meitu is a bizarre Chinese photo app, that applies various filters and 'enhancements' to pictures of yourself and others. In just the past few hours, it has received massivecoverageonline. While the app is certainly fun to mess around with, several users have pointed out that the application is sending a massive amount of user details to external IP addresses.
Mobile security is a huge issue, but most consumers tend to think that at least a brand new phone is safe. That assumption may be in error, according to security research firm Kryptowire. In a new report Kryptowire documents the inclusion of software tools collectively called Adups, which allegedly shipped on phones like the Blu R1 HD and other devices sold internationally, including the US market via Amazon and Best Buy.
Last year, there was a rather widely-covered story about a piece of Android malware (rather, an Android malware control suite) called Dendroid. That malware was published for sale on a cybercrime-aligned forum known as Darkode, and it just so happens that the FBI (with assistance from agencies in other nations) just arrested the guy who wrote Dendroid as part of a larger raid on Darkode's operators.
That guy is Morgan C. Culbertson, who has a pretty solid real name, but somehow the most tragically boring and uninventive criminal alias of all time: "Android." Come on, Morgan - you could have done better.
Have you seen Mr. Robot? The show is only three episodes in, but it's already shaping up to be a surprisingly awesome hacking drama. And I don't mean "hacking" in the CSI/NCIS/Scorpion "120WPM and 60 flashing windows" kind of hacking - the protagonist and his Anonymous-style compatriots use real methods and technology, mostly relying on a combination of known vulnerabilities, social engineering, and brute force attacks to play at being cyber-vigilantes. You should check it out - USA has the first three episodes available for free on its website.
The third episode features a pretty cool segment where (extremely mild spoiler alert) the antagonist gains physical access to an Android phone in order to digitally tap it.
Over the last week there have been a rash of reports that folder with labels mentioning the Chinese search engine Baidu have been appearing on phones. The most obvious and prominent examples have been Sony's new Xperia Z3 series of phones and others running KitKat. Many users (and media outlets) jumped to the conclusion that these files were evidence of spyware, perhaps bolstered by recent and more credible reports of digital spying and hacking linked to the Chinese government.
Screenshot credit: Sony Mobile forum poster "Iggyjp"
There were some rather disturbing properties of these files; the "Baidu" folder couldn't be deleted by non-root users (or it simply kept reappearing) and sniffing network activity showed that these phones were pinging servers in China.
According to Google, less than one hundredth of a percent of apps out there are both malicious and capable of evading the built-in defenses in both Android and the Google Play Store. But if you really feel like you need a defense from that one-in-100,000 app, a trusted name in software protection has just entered the fray. Malwarebytes, makers of the popular eponymous Windows software, is now offering its services on Android.
The anti-malware app works on the familiar and relatively ancient principle of a scanner paired to an updated database of naughty apps. According to the company's press release, the app actively scans for "over 200 malware families" in real-time in both apps and general files.