facebook

Visit Facebook page!

follow on facebook to get instant news and updates.

Friday, 1 August 2014

Android Fake ID bug allows hackers to take over people’s phones

Android Logo
A new Android vulnerability has been discovered. The bug, called Fake ID, allows attackers to steal data and essentially take over a phone.
The security hole, which allows malware to impersonate apps, is said to have the capability to steal sensitive information such as credit card numbers. Fake ID also allows hackers to take control of a device through changes in its settings.
The vulnerability, which was discovered by researchers from Bluebox Labs, is more effective than most bugs because the malware does not need the permission of users to take control of a device. 
"The vulnerability allows malicious applications to impersonate specially recognized trusted applications without any user notification. This can result in a wide spectrum of consequences. For example, the vulnerability can be used by malware to escape the normal application sandbox and take one or more malicious actions: insert a Trojan horse into an application by impersonating Adobe systems; gain access to NFC financial and payment data by impersonating Google Wallet; or take full management control of the entire device by impersonating 3LM," Jeff Forristal, Bluebox's Chief Technology Officer, said in a blog post.
Fake ID works by exploiting Android's method of handling identity certificates, which verifies that an app is what it appears to be. Identity certificates are issued through certificate authorities such as Verisign. This means that a web browser would trust any certificate issued by Verisign. According to Bluebox, the security hole allows hackers to create their own identity certificates then forge a claim it was issued through a certificate authority. After that, attackers can sign an application with the malicious identity certificate and the forged certificate authority claim. 
The vulnerability affects all Android phones. Forristal said that Fake ID dates back to the launch of Android 2.1 in January 2010 and can be used on all Android devices that do not have the patch for Google bug 13678484. Google was alerted to the bug and released a patch last April. However, all devices that are running on anything older than Android 4.4 Kitkat are still vulnerable to malicious apps that insert Trojan horse code into other apps. This could lead to malicious apps accessing data and executing actions on other apps. 
Google has already sent out a generic code fix for Fake ID. Currently, phone manufacturers and carriers are working on a firmware update that will be sent out to users.
Posted by at No comments:

Even a kid can hack your Google account with your Android phone

Anyone can easily reset your Google password using your Android phone, highlighting a massive security loophole that's been around a while and still hasn't been fixed...
You may think your Android phone is safe in your children's hands (unless the butter-fingered tykes are prone to dropping things on concrete floors), but a Samsung Galaxy S3 user just told of how his son reset his Google account password when playing with his smartphone.
Image: Flickr/Carissa Rogers
The story, posted on Reddit, revealed how the man’s son managed to change his password while making an app purchase on the Android phone.
When the app purchase password confirmation popped up, the boy wasn't deterred. He clicked on the question mark next to the password box, and then he tapped the forgot password link, followed by ‘I don’t know’.
He was then given the option to send the password reset link to the very same Android phone, which allowed the wee tyke to enter a brand new password.
We tried this on our phone and were able to follow the steps above, although we were asked for a verification code to be sent to the phone via SMS. Seconds later it arrived and we entered it on the browser page, enabling us to reset the password for our entire Google account, on our Android device (LG G3).
Alternatively, you can ask for the verification code to be sent via an automated phone call – which goes through to the mobile phone you’re using or the one registered to your Google account (more than likely, the same phone number).
Although this seems pretty obvious, it is a big concern because it means that anyone who has your phone can basically change your master Google password and get into all of your account info - including personal data, emails, calendars and whatever other secrets you store away in there.
Karcirate, whose son managed to hack his Google account, wrote on Reddit: “[Google] allowed someone with absolutely no knowledge about my Google account, and access only to my phone, to reset a new password for my entire Google account.”
Of course, you can secure your device by ensuring you have a lock code, password or even face recognition set up on your device so only you can use it, but it’s certainly not that straightforward if you allow your children to use your phone.
That's why we recommend using some kind of guest mode, which block the little buggers from getting online while messing with your mobile. And Google has responded by pointing out that its services are intended to be used without supervision. Frankly, if you just hand your mobile to your kids and let them do what they like, you're pretty much asking for trouble...
And of course, if you're unfortunate enough to lose your Android phone, make sure you turn on Google's 2-step verification and update your mobile phone details immediately via your home computer.
Posted by at No comments:

Rumor: Apple may launch iPhone 6 on Tuesday, October 14


Best iPhone 6 concept
It has been widely speculated that Apple will launch the highly anticipated iPhone 6 is September.
MacRumors now claims that according to their source who cited an internal Apple Retail Store meeting, Apple won’t launch the next generation iPhone in September, but will launch the new iPhones in October this year.
The report claims that according to their source, Apple could launch iPhone 6 on a Tuesday, October 14th. The source also claimed that October would be an extremely busy month for Apple.
The launch of the new iPhones on a Tuesday would be a major change in Apple’s rollout plans, as it has historically launched new iPhone models on a Friday. Last year, Apple launched the iPhone 5s and iPhone 5c on Friday, September 20th. It also launched the iPhone 5 in 2012 on Friday, September 21st.
The report also claims that Apple will unveil iPhone 6 on a Tuesday, September 16, almost a month before it goes on sale. This would also be a major shift in strategy, as Apple has kept a gap of approximately 9-10 days between the unveiling of the new iPhone, and its launch. The report notes Apple may launch the new iPhones on a Tuesday due to high demand and “ample supply due to a large production effort”.
MacRumors had earlier reported that according to their sources Apple was planning to announce iPhone 6 in early September, followed by the launch later in the month.
It is not clear if Apple will launch both the 4.7-inch and 5.5-inch iPhone 6 in October. Recent rumors have indicated that the launch of the larger 5.5-inch iPhone 6 may be delayed to the end of the this year or early next year.
An October launch does not make sense as it would have an adverse impact on Apple’s Q3 and Q4 financial results, which have traditionally got a boost thanks to the launch of the new iPhones. The launch of the new iPhones in October would mean that Apple would end up selling fewer iPhones in Q3 and potentially even Q4, though strong demand for the larger iPhone models could compensate for the late launch in Q4.
iPhone 6 is also expected to include Apple’s new A8 processor, Touch ID fingerprint sensor, and an improved 8-megapixel camera.
What do you think about the possibility of the iPhone 6 launch in October?
[via MacRumors]
Posted by at No comments:

Android market share reaches an all-time high of 85%; iPhone falls to 11.9%


ios-7-vs-android
Google’s Android is absolutely killing it when it comes to smartphone market share. Latest numbers from Strategy Analytics for the second quarter of 2014 show that Android’s market share reached an all-time high of 85 percent.
Apple’s marketshare fell from 13.4 percent last year to 11.9 percent this year, despite seeing an increase in absolute iPhone shipment numbers. Microsoft’s marketshare went from 3.8 percent to 2.7 percent over the past year, while BlackBerry fell from 2.4 percent to a measly 0.6 percent.
What we’ll be looking out for in the next few quarters is how big of an impact does the larger iPhone 6 launch have on these numbers.
[via WSJ]
Posted by at No comments:

Typo 2 keyboard case can be pre-ordered for $99 and starts shipping in September

Typo 2 keyboard case
At the end of 2013, a keyboard case called the Typo was unveiled as the “perfect” accessory for your iPhone 5/5s. Immediately after the unveiling, Typo came under fire from its obvious design inspiration, BlackBerry, and so some changes needed to be made for the inexorable sequel. And here we are.
Typo 2 keyboard case
The Typo 2 keyboard case features Typo smart typing (which still seems like an odd name to go with), and so the keyboard will give you auto-capitalization when you need it, among other things. It’s also fitted with a battery indicator this time around, and you’ll be able to type in the dark easier than ever before thanks to a backlit keyboard.
image Typo 2five
Here’s the inspiration behind the Typo 2 keyboard case, right from the Typo website:
Typo 2 was born out of a desire for efficiency. For several years, many of our friends and colleagues carried two phones: one for typing and correspondence and an iPhone for virtually everything else. One night, we were out to dinner and both had our phones on the table. Two people, four phones!
image Typo 2
The Typo 2 keyboard can be pre-ordered through the source link below, and it will cost you $99 to do so. The keyboard case will start shipping in mid-September, based on the website. At least that may miss the rumored launch date of the iPhone 6, now!
[via Typo]
Posted by at No comments:
Subscribe to: Posts (Atom)