Android Police

Articles Tagged:

vulnerability

37

LastPass' 2FA Authenticator app found to be partially insecure, fix incoming

LastPass' 2FA Authenticator app found to be partially insecure, fix incoming

A few days back it was revealed by a security researcher in a post on Medium that the LastPass Authenticator app for 2FA key generation wasn't entirely secure. Access to the keys was ostensibly secured by a PIN/fingerprint, but a workaround was found that allows anyone with the ability to launch an activity on the device, including other installed applications, to access those codes. LastPass has fixed this problem in an update today.

Read More
59

'Janus' vulnerability allows attackers to modify APKs without changing signature, APKMirror already protected

'Janus' vulnerability allows attackers to modify APKs without changing signature, APKMirror already protected

Since the first release, Android has required developers to sign their applications. When you update an app, Android will compare the update's signature to the existing version. If they match, the app update will install. This way, developers don't have to worry about modified APKs causing problems, and users are kept secure.

Read More
8

BlueBorne vulnerability affected Google Home and Amazon Echos, but both have been patched

BlueBorne vulnerability affected Google Home and Amazon Echos, but both have been patched

Vulnerabilities. There's a new flavor of the week every few days and in this highly connected world, it's tough to keep up, whether it's for users who don't know which of their devices are vulnerable and have/haven't been patched or for companies who are scrambling to fix one bug only to see the next one around the corner.

The BlueBorne vulnerability affected Bluetooth devices and could be exploited by hackers to completely take over a device with Bluetooth just turned on, without pairing with it first. Android patched it in September, but it appears that Amazon Echo and Google Home devices were left vulnerable for a while.

Read More
21

Toast overlay being used by malicious Android apps to install additional malware

Toast overlay being used by malicious Android apps to install additional malware

Recently, Google has notified developers of apps that use Accessibility features for purposes other than helping users with disabilities to cease using those APIs or otherwise unpublish their app. The impetus for this move appears to be existence of (now removed) apps in the Play Store which use Accessibility features in conjunction with a vulnerability patched as part of the September security update to install malware.

Read More
13

Samsung's new Mobile Security Rewards Program will award researchers up to $200,000 per vulnerability discovered

Samsung's new Mobile Security Rewards Program will award researchers up to $200,000 per vulnerability discovered

Many companies give out rewards for vulnerabilities found in their software, and Samsung is now joining those ranks. The Korean tech company's Mobile Security Rewards Program has just gone public, enabling security researchers to receive awards of up to $200,000 per bug found.

Read More
25

Major security vulnerability found in VLC, Kodi, and other media players, Kodi for Android already patched

Major security vulnerability found in VLC, Kodi, and other media players, Kodi for Android already patched

What's worse than a security vulnerability in a widely-used program? A security vulnerability in several widely-used programs. Researchers from Check Point Software Technologies have uncovered a flaw in a handful of media players (including VLC, Kodi, Stremio, and PopcornTime) that allows hackers to run executable code through subtitle files.

Read More
77

Broadcom WiFi vulnerability allows remote code execution, affects almost all Android devices

Broadcom WiFi vulnerability allows remote code execution, affects almost all Android devices

We of a certain age remember the days before WiFi was widespread. It sucked. Now, there's a wireless network on every corner bringing you all the wonders (and horrors) of the internet. They can also bring you something else: hacks. A researcher from Google's Project Zero security team has revealed an exploit for Broadcom WiFi chips that can allow an attacker to execute code on your device. They just have to be on the same WiFi network as you.

Read More
256

An Israeli security researcher takes a good look at Samsung's Tizen, labels it the worst code he has ever seen

An Israeli security researcher takes a good look at Samsung's Tizen, labels it the worst code he has ever seen

Android is a hulking beast as far as global user share is concerned — hell, it's the most-used operating system in the world, surpassing even Windows (in terms of internet usage). When Samsung announced that it was creating its own open-source alternative to Google's mobile OS, it was not really a surprise. We've had several upstarts over the years, like Sailfish, Firefox OS, Ubuntu Touch, and so on, but all of them have failed in some form or another. There were a few people, however, who thought Sammy could be the one to unseat Google and Android with a mobile operating system that it called Tizen.

Read More
77

The Guardian alleges that WhatsApp has a "backdoor" that could be used to spy on users [Update]

The Guardian alleges that WhatsApp has a "backdoor" that could be used to spy on users [Update]

In what I am sure was on purpose due to it being Friday the 13th, some mild form of privacy panic has hit the world due to The Guardian's article this morning about a critical backdoor in WhatsApp. It postulates that, due to how encryption keys are handled when a device goes offline and messages are not sent (for whatever reason), WhatsApp or its parent company Facebook can intercept user communications.

Read More
121

Critical vulnerability Pork Explosion revealed by jcase, cripples security on some phones

Critical vulnerability Pork Explosion revealed by jcase, cripples security on some phones

Security has been a hot topic on Android for many years, particularly as smartphones take on increasingly significant roles both at home and at work. A single device acts as your main form of communication, contains personal photos and confidential documents, and may even have access to your finances. Google and other companies have made significant investments in time and money to ensure these devices are very hard to break into. However, a vulnerability was recently discovered in some phones that compromises important security measures and opens devices up to various types of attacks. The worst part is that it was created intentionally by a manufacturing partner contracted to build the phones, and the OEMs that designed the phone had no idea.

Read More
Mastodon