security

166 'security' stories June 2011 - March 2017

See All Stories

CIA has hacking unit devoted to Android malware & turning Samsung TVs into covert microphones – Wikileaks

Ben Lovejoy Mar 7 2017 - 7:10 am PT

Wikileaks claims that the U.S. Central Intelligence Agency has a specialized unit within its Center for Cyber Intelligence that is devoted to developing and obtaining zero-day exploits for Android devices, in addition to one targeting Apple’s iOS. A zero-day exploit is one unknown to Google or security researchers, so cannot be protected against.

A similar unit targets Google’s Android which is used to run the majority of the world’s smart phones (~85%) including Samsung, HTC and Sony. 1.15 billion Android powered phones were sold last year. “Year Zero” shows that as of 2016 the CIA had 24 “weaponized” Android “zero days” which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.

The CIA is also said to have teams working on attacking Windows and Samsung TVs, ‘which are turned into covert microphones.’

Wikileaks further claims that the CIA recently ‘lost control’ of the majority of the malware it uses to attack devices …

Expand
Expanding
Close

security

Cloudflare security breach exposes data from Uber, Fitbit, OKCupid among 3,400 websites; password changes recommended

Ben Lovejoy Feb 24 2017 - 4:24 am PT

User data from 3,400 websites has been leaked and cached by search engines as a result of a bug in Cloudflare, a content delivery network. Sites affected over the course of several months include major ones like Uber, Fitbit and dating site OKCupid. 1Password also uses Cloudflare, but says that end-to-end encryption means that no customer data was exposed.

ArsTechnica reports that the leaks were spotted by Google security researcher Tavis Ormandy.

We observed encryption keys, cookies, passwords, chunks of POST data and even HTTPS requests for other major cloudflare-hosted sites from other users. Once we understood what we were seeing and the implications, we immediately stopped and contacted cloudflare security.

Cloudflare has admitted that the breach occurred, but Ormandy and other security researchers believe the company is underplaying the severity of the incident …

Expand
Expanding
Close

Google details how its ‘Verify Apps’ feature has identified over 25k potentially dangerous apps

Ben Schoon Jan 18 2017 - 3:12 pm PT

Security is always an important discussion on Android. If you stick to the Play Store, odds are you won’t run into issues, but some apps aren’t available through Google’s official portal. Rather, they have to be sideloaded as APKs, and that’s where holes open up.

Expand
Expanding
Close

Camera-related security flaw on Google Pixel could ‘facilitate tracking,’ fix already implemented

Abner Li Dec 30 2016 - 2:20 pm PT

Google is a very security-focused company from the web to even third-party platforms. On Android, this results in monthly security patches, user controlled permissions, various Play Store protections, and more. However, flaws still slip through as evident by a camera-related one on the Pixel and Pixel XL that could ‘facilitate tracking.’

Expand
Expanding
Close

Security vulnerabilities in AirDroid allow access to private data and sending of malicious files [Video]

Ben Schoon Dec 1 2016 - 9:51 pm PT

AirDroid has been a popular service on Android for years, allowing users to easily and wirelessly access the files on their smartphone from a PC, mirror notifications, and send/receive text messages. However, security company Zimperium has been tracking some major security vulnerabilities in the app for a few months now, and they’re still not fixed…

Expand
Expanding
Close

Some budget Android phones in the US reportedly affected by ‘backdoor’ which sent personal data to China

Ben Schoon Nov 15 2016 - 6:54 pm PT

There are a lot of fantastic budget smartphones on the market today, but there are always concerns with smartphones that are super cheap. One of those is security, an increasingly important part of any smartphone. Now security firm Kryptowire has uncovered an alleged backdoor hidden within some budget Android smartphones.

Expand
Expanding
Close

Android is as secure as iOS on the iPhone, says Google’s director of security

Edoardo Maggio Nov 2 2016 - 6:34 am PT

One of the stigmas Android has long had to live with is its alleged lack of security. Despite patches deployed directly by Google every month, the slowness of intermediaries such as carriers and OEMs has put the whole platform in a position of uncertainty, especially when compared with the more vertically integrated iOS.

Of course, however, Android’s director of security Adrian Ludwig disagrees…

Expand
Expanding
Close

Third-party developers can now add Safe Browsing protections to Android apps

Abner Li Sep 15 2016 - 10:19 am PT

First available on the web, Google has been expanding its Safe Browsing protections that warn users of nefarious sites to Android. Third-party developers will now have the ability to add the same URL checking to their Android apps with the new Safe Browsing API.

Expand
Expanding
Close

Google disabling third-party OAuth app logins from web-views over the next year

Abner Li Aug 22 2016 - 5:12 pm PT

Using a login party like Google, Twitter, or Facebook is much more convenient than remembering a username and password for individual services. To improve security for this type of sign-in, Google is deprecating third-party app logins from web-views in favor of the native browser.

Expand
Expanding
Close

Safe Browsing extended to web Gmail, Android app now warns of unauthenticated senders

Abner Li Aug 10 2016 - 11:20 am PT

Rolled out earlier this year on the web, Gmail for Android will now warn users when they receive a message from an unauthenticated sender. Today’s other security update extends Safe Browsing protections to links from phishing and malware sites found in emails.

Expand
Expanding
Close

Google Account sign-in notifications are now sent directly to your Android device

Abner Li Aug 1 2016 - 9:31 am PT

With the way security currently works, Google alerts users of new sign-ins to their account via email. The measure is a means of keeping users secure by informing them of what’s happening with their accounts in real-time. Starting today, users will be alerted of new sign-ins through notifications sent directly to their Android device.

Expand
Expanding
Close

Google’s latest experiment aims to protect against encryption-breaking quantum computers

Abner Li Jul 7 2016 - 10:10 am PT

While quantum computing is still in its infancy, it has the possibility of solving problems — like secure digital communications — dramatically faster than current technology. In order to begin securing against future quantum computers, Google is experimenting with post-quantum cryptography connections to its websites.

Expand
Expanding
Close

oneplus 3

PSA: Checking for software updates on your OnePlus 3 can expose your IMEI on open networks

Ben Schoon Jul 5 2016 - 5:28 pm PT

With major updates for the OnePlus 3 on the horizon there’s no doubt many users are constantly checking for that update to hit their devices. While that’s usually completely fine, a flaw in OnePlus’ system could turn this average task into something a bit more dangerous.

Expand
Expanding
Close

PSA: Gmail is down for some users, Google is investigating

Jordan Kahn Jun 9 2016 - 12:23 pm PT

Gmail is experiencing downtime this afternoon as some users are having issues with receiving messages and accessing their account. Google confirmed the issue on its apps status page and said it was investigating reports as of 1:56PM EST.

The company provided a later update at 2:46PM EST today noting that it’s continuing to investigate and confirming it’s discovered that “some messages sent to consumer Gmail accounts are being rejected due to authentication enforcement.”

Google plans to provide another update by 3:46PM EST with more details on when it expects to resolve the issues.

We’ll keep you posted here with further updates and let us know in the comments below if you’re still having problems with your account.

Father’s Day Gift Guide Hub: One Place with all the best deals

Sponsored Post Jun 8 2016 - 1:00 pm PT

Canary-Home-Hero

There are a ton of deals on tech and more right now in the lead up to Father’s Day. Together with 9to5Toys & Canary, we’re keeping track of all the best deals and we’ve collected all the handy links in the hub below.

Bookmark this page and keep checking back for more as we add the latest from 9to5Toys ahead of Father’s Day on June 19.

Expand
Expanding
Close

Android N introduces new security measures to prevent future Stagefright vulnerabilities

Abner Li May 5 2016 - 2:04 pm PT

Last year’s particularly virulent Stragefright bug allowed attackers to perform a number of actions on an infected device through remote code execution. While Google has addressed those issues with monthly security patches, Android N will play a larger role in making sure a similar issue does not happen again.

Expand
Expanding
Close

Researchers show how malicious apps could control Samsung SmartThings locks, lights & more [Video]

Ben Lovejoy May 2 2016 - 4:48 am PT

Update: Samsung has issued a statement to us, which just expands on its earlier response. You can read it below the video.

Computer science researchers from the University of Michigan have shown how malicious apps could take control of Internet of Things devices in Samsung’s SmartThings platform – including the ability of an attacker to unlock a front door to gain physical access to a home.

The main weakness identified is that way that the SmartThings platform grants apps more privileges than needed to perform their stated functions, reports The Verge.

The researchers demonstrated this finding with a proof of concept app promising to monitor battery life on various devices. If the user agreed to let the malicious — but seemingly innocuous — app access their smart lock, the researchers could then not only monitor its battery, but perform the lock’s other functions, including unlocking the door. The researchers found 42 percent of 499 analyzed SmartApps are currently over-privileged in a similar way …

Expand
Expanding
Close

Google’s second annual Android security report reveals 6 billion apps checked for malware and PHAs every day

Cam Bunton Apr 19 2016 - 9:06 am PT

Android is widely considered by many to be the least secure of all mobile operating systems, but in recent years, Google has made serious efforts to change that perception. In its second annual security report, the company has revealed some mind-boggling numbers.

Expand
Expanding
Close

Linux kernel root vulnerability affects many Android devices, Google working on mid-cycle patch

Abner Li Mar 22 2016 - 3:05 pm PT

Android usually maintains a monthly security patch schedule, but Google has released an out-of-cycle fix for a serious vulnerability that affects a majority of devices. The company is working on a security update for Nexus devices and has released the patch for other OEMs to implement.

Expand
Expanding
Close

ProtonMail brings end-to-end encrypted email to Android

Greg Barbosa Mar 17 2016 - 7:28 am PT

ProtonMail has announced the official launch of their mobile apps for iOS and Android today. ProtonMail brings seamless PGP end-to-end encryption to emailing, making it significantly more secure for those looking for an extra layer of privacy.

Expand
Expanding
Close

New ‘Mazar’ Android malware spreads via SMS, tricks users into granting a malicious app full permissions

Abner Li Feb 16 2016 - 4:46 pm PT

Danish security firm Heimdal has detected a nasty piece of malware that spreads via SMS and tricks users into downloading a malicious app. The text message containing the download link has already been sent to 100,000 phones in Denmark, though common sense security practices should keep users safe.

Expand
Expanding
Close

Gmail will warn users before sending & receiving emails from insecure addresses

Abner Li Feb 9 2016 - 10:10 am PT

Google and the rest of the tech industry take security very seriously. As part of this year’s Safer Internet Day, Google is offering users 2GB of Drive storage if they perform a security check on their account. In another security minded update, Gmail will now flag emails sent to and received from non-encrypted sources.

Expand
Expanding
Close

Google expands Safe Browsing to protect against fake download/play buttons

Abner Li Feb 3 2016 - 1:20 pm PT

Over the years, Google has expanded what its Safe Browsing feature protects against. Last December, Safe Browsing was fully rolled out to Android users as part of an update to Chrome and Google Play services. Today, they are expanding it to protect against deceptive download buttons increasingly found around the web.

Expand
Expanding
Close

Google’s VirusTotal service now scans for tampered computer firmware

Abner Li Jan 28 2016 - 12:51 pm PT

Google bought VirusTotal, an online virus and URL scanner, back in 2012 and it continues to run as an independent company even today. Their website and Mac app offers a very useful utility that lets users upload files to see whether they are ridden with viruses. They recently added the ability to scan a computer’s firmware for suspicious malware.

Expand
Expanding
Close