Google announced on Wednesday that it has fundamentally changed its reCAPTCHA security feature by removing CAPTCHAs entirely and adding a one-step solution for users to prove they aren’t robots. Instead of typing a few warped words, the new version of reCAPTCHA simply has a box labeled “I’m not a robot” that users can hover over.
Expand
Expanding
Close
Sony’s Backup & Restore Android application that comes pre-installed on its Xperia Z3 smartphone appears to have been compromised. A Google Play entry has been added for the app listing “Nirav Patel Kanudo” as its publisher, along with the software’s description claiming that it’s managed by the “HeArT HaCkEr Group.”
Today, Google announced some new security features for its subscribers that should make it easier to manage the equipment linked to your account. While some people may have already had access to these options, Mountain View has now made them available to its entire user base. The gist of the search company’s new dashboard is a quick way to review and control the gear tied to your profile. This will let you quickly revoke a device’s access if you happen to lose your phone, laptop or tablet.
The Wall Street Journal reports that WhatsApp has been updated with end-to-end encryption for messages sent and received between Android smartphones and tablets. The cross-platform messaging service claims it will be unable to help decrypt messages for law enforcement, a noteworthy move given increasing concerns about government surveillance and tracking over the past few years.
Expand
Expanding
Close
HP’s annual two-day Mobile Pwn2Own competition came to a close this afternoon, with a group of veteran security researchers and other competitors able to compromise several flagship smartphones across the top-three mobile operating systems: Android, iOS and Windows Phone. The devices that were exploited include the Samsung Galaxy S5, Nexus 5, iPhone 5s, Amazon Fire Phone and Nokia Lumia 1520.
Expand
Expanding
Close
Last week, multiple security reports hit the web claiming that Samsung’s Find My Mobile service had a flaw that left users vulnerable to remote attacks by hackers. Today, Samsung has addressed the claims, saying that the issue was already addressed in an update on October 13th, which pre-dates most of the claims associated with this exploit.
Google has outlined several of the new security enhancements that have been added to Android Lollipop, the latest version of its mobile operating system, such as encryption enabled by default and a new lock screen that is more convenient and powerful to use than ever before. Read ahead for a closer look at some of the new security features.
Expand
Expanding
Close
Remote device management is often billed as a security feature, but Samsung’s Find My Mobile service could be doing more harm than help. Security researchers have found an exploit in the platform that lets outsiders remotely lock, ring or wipe your Samsung phone. The issue is that Find My Mobile doesn’t validate the security code information it receives and all an attacker needs to do is overwhelm the device with traffic to gain access to someone’s handset.
AT&T is currently apologizing to customers for a security breach caused by one of its employees who illegally accessed personal information for a small number the carrier’s subscribers. Some of the compromised information includes social security and driver’s license numbers of the affected customers. AT&T says the incident took place this past August and further discussed the matter in a letter to the Vermont attorney general.
Google said today that the upcoming Android L release would enable data encryption by default when users set up a new device. Previous versions of Android included the security measure as an option, but many users did not choose to activate it. Now the feature will automatically be turned on, meaning no data on the phone will be accessible without the owner’s password.
Essentially this will prevent anyone—including police—from reading stored text messages, viewing photos from the phone’s library, or checking the call history (among other things) even if allowed to do so by a court order. Apple rolled out a similar feature to its iPhone users with an update yesterday.
As reported by the Washington Post:
Expand
Expanding
Close
Today, Google, Dropbox and the Open Technology Fund announced Simple Secure, a new non-profit organization focused on making open source security tools easier to use. The group recognizes that several effective consumer-focused security options currently exist, however it also points out that these platforms have poor adoption rates because they’re too confusing for people to use. Stating that security measures like two-factor authentication are often avoided and viewed as a hassle.
Google has publicly stated that its “mission is to organize the world’s information and make it universally accessible and useful.” So it’s no surprise that the company applies this mantra to its own products and services. In an effort to tidy things up, the search giant has introduced a new security section to its user account settings.
Google says it has been testing changes to its search algorithms that will give secure, encrypted websites — as shown by HTTPS in their URL — ranking preference over those that do not. Google as a company prioritizes security, and as more and more webmasters are adopting HTTPS, the company hopes that this change will push more webmasters to do the same.
Google today announced a new initiative it is calling “Project Zero,” a broad attempt at reducing the number of internet users that are harmed every day by a variety of different types of targeted attacks. Google believes that everyone should be able to use the internet without constant worry that attackers might use software vulnerabilities nefariously, and due to that, the Mountain View corporation has assembled a team of experienced security researchers to help improve security across the internet.
If you’re flying (back) to the U.S. from overseas, make sure that all your electronic devices have enough juice left to power-up when you reach airport security, otherwise you won’t be allowed to take them on board due to a new TSA requirement.
The Transportation Security Administration said yesterday that it was requiring certain overseas airports flying directly to U.S. airports to increase security checks on electronic items in response to concerns about new al-Qaida attempts to use them as disguise for bombs.
While the focus appears to be on smartphones, it’s also possible that passengers will be required to power-up tablets and laptops also. Devices that won’t power-up will not be allowed on board, and passengers carrying these devices may be subject to additional screening.
The TSA has not revealed which airports are subject to the new requirements, but London’s Heathrow is known to be one of them.
Last month, Apple quietly unveiled a new feature in iOS 8 that automatically scrambles an iOS device’s MAC address when it is searching for Wi-Fi networks. It made this move as a security precaution, as some marketing and analytics companies use the unique identifier to collect users’ location history to help clients “improve store layouts, determine timing for promotions and sales, measure the effects of advertising, and set staffing levels and store hours.”
If you have an Android smartphone, however, the Electronic Frontier Foundation claims there remains a high risk that your device is broadcasting your location history to anyone within Wi-Fi range of you. “Wi-Fi devices that are not actively connected to a network can send out messages that contain the names of networks they’ve joined in the past in an effort to speed up the connection process,” the EFF writes.
At Google I/O today, Sundar Pichai specifically discussed security innovations happening on Android as it builds an open platform that innovates quickly. Pichai used this as an example to jab at Apple’s iOS 8 for only now introducing alternative keyboard and widgets as Android has had the features for years. Pichai said that “less than half a percent of users” ever experience any issue with malware on Android. He also noted that 93% of Android users are on the latest version of Google Play Services which updates every six weeks. Pichai also announced features coming to Android “L” including a kill switch and universal privacy controls.
Expand
Expanding
Close
Researchers at the University of Massachusetts Lowell have demonstrated an interesting (and slightly scary) technique for using Google Glass to detect phone PINs with 83 percent accuracy from across a room – even when the screen wasn’t visible.
The technique used applies an image-recognition algorithm that doesn’t need direct sight of the screen. Instead, it uses a reference image of the target device to detect the angle at which it’s being held, then tracks the shadows from finger taps to detect which on-screen keys are being pressed …
Expand
Expanding
Close
According to a report from PC World, both Google and Microsoft are planning to announce plans to add a smartphone kill switch to their mobile software in an effort to combat device theft. The feature would allow users with stolen devices to report their device as missing and disable it from being used without specific credentials in an incident of theft. This feature has already proven to deter theft of iPhones as iOS recently introduced a similar functionality.
The news comes after The New York Times released data from the city’s police pointing to a 19 percent decline in iPhone thefts in 2014 compared to the same period in 2013 which considers Apple’s Activation Lock feature introduced to the public last fall with iOS 7. The report from PC World notes that thefts of Samsung devices have risen by more than 40 percent.
Bring your own device (BYOD) is more common than ever in the working world and of course Google is looking to capitalize on this opportunity. Today, the company announced four new features for its Google Apps Mobile Management for Android service. First up to bat is inactive account wipe, which clears an inactive user account from a device after a predetermined number of days. An ideal scenario for this feature is a misplaced or stolen smartphone or tablet loaded with sensitive information. Google’s second new feature for people taking their devices into the corporate world is the addition of Extensible Authentication Protocol (EAP). This will let your company’s admins distribute CA-based certificates for EAP networks.
An experimental feature in Chrome that is set to prevent phishing attacks, may be backfiring, according to security firm PhishMe. Google is in the process of testing an “Origin Chip” that hides the view of a website’s full URL. This new setup instead displays the domain name of the site being visited, along with a search bar available for fast access. The idea is that only displaying a site’s domain name is far less distracting than a lengthy URL.
Samsung’s Galaxy S5 might be dust and water resistant, but the company’s flagship smartphone is now ready to take on the roughest of terrains — the office. Today, the South Korean electronics manufacturer announced a new version of its Knox security software that lets GS5 owners use their phone at their job. Rebranded as Knox Workspace, this updated platform features two new cloud-based services Knox EMM and Knox Marketplace. The former gives your employer’s IT department remote access to your device, while the latter is the software’s dedicated app store.
Google may be publicly denouncing some of the NSA’s recent tactics, but the search giant might be closer to the agency than it has led people to believe. A chain of emails between Google execs and former NSA director Keith Alexander suggests that the company may have downplayed how closely the two have worked together in the past.
Google is currently developing a process that will make it easier for Gmail users to encrypt their emails, according to Venture Beat’s unnamed sources. For over 20 years, Pretty Good Privacy (PGP) has been an encryption standard, but the platform hasn’t always been the most user-friendly. This, along with growing concerns over unwanted internet surveillance has prompted Google to task its engineers with making PGP easier to use.
