Bluebox Reveals Android Security Hole,which may affect 99% of Devices

Researchers at Bluebox Security have revealed a disturbing flaw in Android's security model, which the group claims may affect up to 99 percent of Android devices in existence. According to Bluebox, this vulnerability has existed since Android 1.6 (Donut), which gives malicious app developers the ability to modify the code of a legitimate APK, all without breaking its cryptographic signature -- thereby allowing the installation to go unnoticed. To pull off the exploit, a rotten app developer would first need to trick an unknowing user into installing the malicious update, but hackers could theoretically gain full control of a user's phone if the "update" posed as a system file from the manufacturer.

Bluebox claims that it notified Google of the exploit in February. According to CIO, Bluebox CTO Jeff Forristal has named the Galaxy S 4 as the only device that's currently immune to the exploit -- which suggests that a security patch may already exist. Forristal further claims that Google is working on an update for its Nexus devices. In response to our inquiry, Google told us that it currently has no comment. We certainly hope that device manufacturers do the responsible thing and distribute timely security patches to resolve this issue. Absent that, you can protect yourself by installing updates through the Play Store and Android's built-in system update utility.

Posted by Admin on 09:25 in news

Yahoo to shutdown a dozen services by September

As the latest of many changes that have been made to Yahoo! under CEO Marissa Mayer’s reign, the company announced via Tumblr that it will be shutting down a dozen services over the new few months, with the last one going down on September 28. This move in part removes services that have received little attention in modern times – some of them perhaps being unknown to most of Internet users – while others are more known. Regardless, the purpose is to do away with the old and draw the company’s users towards a more cohesive, modern Yahoo!.

In every instance, the removed services are replaced with Yahoo!’s current services, leaving users with alternatives that they may or many not be happy with. The first three on the list were slashed today: Yahoo! Axis, Yahoo! Browser Plus, and Citizen Sport. Those who use the Axis plugin will find that it stopped working today, while those using the apps will continue to have access, but they won’t be updated. Citizen Sports users are being directed to Yahoo! Sport, while Browser Plus users are encouraged to check out the company’s developer page for new options.

Yahoo! WebPlayer will go down on June 30, with the player no longer loading. Users are encouraged to remove its code from their websites. The day after that, both FoxyTunes and RSS Alerts will be slashed, with the former being replaced with Yahoo! Music and the latter with Yahoo! Alerts via a Keyword News subscriptions.

Perhaps the most notable service to be taken down is AltaVista, with users being pushed towards Yahoo! Search instead. On the same day – July 8 – Yahoo! Neighbors Beta will also be removed, and users are encouraged to replace it with Yahoo!’s Local Search instead. The last two services to be removed in July are Stars India, replaced with India OMG!, and Downloads Beta, which will switch to only supporting Yahoo! product downloads.

Nothing will be removed in August, oddly enough, with the final two being taken down by the end of September: Yahoo!’s Local API, as well as its online documentation from the developer’s portal, and Term Extraction API, with direct access being replaced with access via YQL. Developers are encouraged to migrate away from this before September 28.

Posted by Admin on 05:51 in news

Most Android threats would be blocked if phones ran latest Android version, report says

Over three quarters of Android threats are malicious apps that send SMS messages to premium rate numbers and could be mitigated by a protection feature present in Android 4.2, according to researchers from networking vendor Juniper Networks.

However, because manufacturers and carriers fail to update Android end user devices in a timely fashion, only 4 percent of devices currently run Android 4.2, even though this version was released more than six months ago.

From March 2012 to March 2013 the number of mobile threats grew by 614 percent to reach a total of 276,259 malicious samples, researchers from Juniper Networks’ Mobile Threat Center (MTC) said in a report released Wednesday. Of those malicious applications, 92 percent target the Android operating system, they said.

The surge of Android malware in the past two years is consistent with the findings of other security vendors that track mobile threats. This growth is primarily driven by Android’s “commanding share” of the global smartphone market, the Juniper researchers said.

The majority of Android malware, 77 percent, are apps that earn money for their creators by either requiring users to send SMS messages to premium rate numbers or by surreptitiously sending such messages on their own. These threats usually masquerade as legitimate applications or come bundled in pirated apps.

The Juniper researchers estimate that every successful attack using such an app can bring an immediate profit of $10 for the attacker on average.

What Android 4.2 provides

Android 4.2 introduced a feature that detects attempts to send SMS messages to special rate numbers, also known as short codes, and prompts users for confirmation. Unfortunately, due to the Android market fragmentation, only 4 percent of Android devices are currently running Android 4.2.x.

This estimation is based on data collected from Google Playover a 14-day period ending on May 1, 2013, the Juniper researchers said. Based on the same data, the most common versions of Android found on devices are Android 2.3.3 to 2.3.7, also known as “Gingerbread,” with a 36.4 percent coverage and Android 4.0.3 and 4.0.4, also known as “Ice Cream Sandwich,” with 25.5 percent.

The lack of regular updates for Android devices contributes to the growth of Android malware, because the latest protections added by Google to the operating systems reach users too late or never, the researchers said.

Spyware

The second most common type of Android threats are spyware applications that capture and transfer sensitive user data to attackers. These account for 19 percent of all malicious samples collected by Juniper’s MTC.

Some information-stealing Android Trojan apps discovered during the past year and distributed through drive-by downloads or phishing emails could also pose a threat to enterprise environments, the Juniper researchers said.

Data collected from enterprise mobile devices running Juniper’s Junos Pulse endpoint collaboration and security software showed at least one infection on 3.1 percent of such devices.

While that figure is not large enough to raise a significant alarm, it is proof that the threat of mobile malware to corporate devices is not only theoretical, the Juniper researchers said. “We expect the presence of mobile malware in the enterprise to grow exponentially in the coming years.”

Posted by Admin on 05:25 in news

Sony Xperia M 'coming soon' in India

Sony's latest mid-range NFC enabled smartphone, Xperia M, has been listed at online retailer Infibeam as 'coming soon'. The listing does not reveal the India pricing of the smartphone as well.

To recall, Sony had announced the Xperia M earlier this month. The smartphone runs Android 4.1 Jelly Bean and is powered by a 1GHz dual-core Krait processor. Dual-SIM version of the smartphone will also be available.

The smartphone sports a 4-inch FWVGA (854x480 pixel) TFT display, that is powered by Adreno 305 graphics, and features 1GB of RAM. There's 4GB of built-in storage along with a microSD slot for additional storage.

The smartphone also features a 5MP camera that boasts of an Exmor RS sensor, and 720p HD video recording. A front-facing 0.3MP camera is also available. Connectivity options include dual-band Wi-Fi, 3G HSPA, Bluetooth 4.0, NFC and FM radio.

Posted by Admin on 05:00 in news