Using a pair of zero day vulnerabilities, a team of security researchers from U.K.-based MWR Labs hacked into a Samsung Galaxy S3 phone running Android 4.0.4 by beaming an exploit via NFC (Near Field Communications).
The team -- Tyrone Erasmus, Jacques Louw, Jon Butler and Nils (yes, that Nils) -- carted off a $30,000 cash prize as part of the EuSecWest mobile Pwn2Own hacker contest.
Over half of Android devices are vulnerable to known security flaws that can be exploited by malicious applications to gain complete access to the operating system and the data stored on it, according to a report from mobile security firm Duo Security.
This conclusion is based on scans performed during the last couple of months with X-Ray, a free Android vulnerability assessment tool developed by Duo Security. X-Ray scans devices for known privilege escalation vulnerabilities that exist in various versions of the mobile operating system.
Google won't be able to compete with the attention lavished on Apple for the launch of the sixth-generation iPhone, but it did announce the notable milestone late tonight of half a billion device activations.
"Today is a big day for Android... 500 million devices activated globally, and over 1.3 million added every single day," said Hugo Bara, Android's director of product management, in a Google+ post. It's not clear how many devices are replacing older ones, though.
There's been a lot of news lately on how Android mobile devices are malware's new favorite victims. While Google has been working to beef up security for its mobile OS, wireless carriers are also pitching in.
Verizon announced the launch of its McAfee "Mobile Security" app for Android today, which aims to help subscribers protect stored data on their smartphones. More specifically the paid version of the app lets users remotely locate, alarm, lock, and wipe data from their device.
The online world is under siege. Computers, laptops, and mobile devices are increasingly being attacked by worms, viruses, botnets, Trojans, spam, and more.
According to a new report by McAfee (PDF), Malware is multiplying at a faster pace now than any other time in the last four years. There has been a 1.5 million increase in malware over last quarter, along with growth of newer threats, including "ransomware" attacks, thumb drive corrupters, and botnets.
Reports have emerged from China of an ingenious new backdoor Android malware attack that has infected hundreds of thousands of subscribers and can prove difficult to de-install without technical support.
Dubbed Trojan!SMSZombie.A - 'SMSZombie' for short - by one of the companies reporting on it, the malware is said to have spread through the largest Chinese Android marketplace, GFan, piggybacking itself as a back door on the back of porn-themed wallpaper apps.
Late last week, I wrote about some eye-raising statements made by a British Telecom (BT) security expert at the NetEvents Americas. Now, BT has backpedaled on the claims. To refresh your memory, here's what Jill Knesek, head of the global security practice at BT, said:
We analyzed more than 1,000 Android applications and found a third compromised with some form of active or dormant malware. Almost every device is compromised with some kind of malware, although often it's not clear if that code is active or what it is doing.
In an analysis published Monday, security researcher Jon Oberheide said Android version 4.1, aka Jelly Bean, is the first version of the Google-developed OS to properly implement a protection known as address space layout randomization. ASLR, as it's more often referred to, randomizes the memory locations for the library, stack, heap, and most other OS data structures. As a result, hackers who exploit memory corruption bugs that inevitably crop up in complex pieces of code are unable to know in advance where their malicious payloads will be loaded.
Phandroid has revealed that its Android Forums website was hacked this week using a known exploit. The data that was accessed includes usernames, e-mail addresses, hashed passwords, registration IP addresses, and other less-critical forum-related information. At the time of writing, the forum listed 1,034,235 members.
If you are one of them, you should change your password: go to your UserCP or use the Forgot your password? function. Furthermore, if you use the same e-mail address and password combination elsewhere, you should change it there as well.
Security company Trusteer is warning about an Android Trojan that is being distributed by criminals to beat the SMS smartphone authentication systems employed by European banks to verify money transfers.
Man-in-the middle (MitM) attacks on 2FA technology via mobiles started around a year ago based on the simple observation that the apparent strength of SMS verification is also its weakness if hackers are able to compromise the handset itself.
