In-brief: IBM researchers say they discovered a flaw in an SDK from the cloud storage firm Dropbox that could result in Android users accidentally sending their data to a Dropbox account controlled by a malicious actor.
mobile software management
Doctorow: Fearing an Internet of Things That Do As They’re Told
In-brief: In an essay for O’Reilly Radar, Cory Doctorow argues that remote management features that allow carriers to disable mobile phones are a mistake – taking technology owners’ autonomy and control over their data away in the name of preventing muggings and other crimes.
Malicious or Obnoxious? Chinese Mobile Vendor CoolPad Uses Secret Backdoors
CoolPad, an up-and-coming Chinese mobile phone maker, is shipping high-end, Android smart phones with so-called “back door” access built into the phone’s software. That, according to research by the firm Palo Alto Networks. Palo Alto researchers Claud Xiao and Ryan Olson released a report identifying the suspicious remote access software, which they dubbed “CoolReaper” on Wednesday. According to the report, the so-called “backdoor” program was shipped with stock operating systems (or ROMs) used by Coolpad’s “high end” phones in China and Taiwan. The software, which appears to have been created and managed by Coolpad, runs on top of the Android operating system and allows the company to remotely manage the phone independent of the wishes of its owner: pushing applications to the device without the user’s consent or notification, wiping data and applications, sending over-the-air (or OTA) updates to the phone, transmitting device data and sending arbitrary phone calls and SMS […]
BitDefender Finds Phone to Smart Watch Communications easy to Snoop
Researchers from the security firm BitDefender have found that it is possible to snoop on wireless communications sent between smart watches and Android devices to which they are paired. The researchers, led by Liviu Arsene, captured and analyzed raw traffic between the Nexus 4 Android device running Android L Developer Preview and the Samsung Gear Live smart watch. The traffic was captured on the Android device before it was transmitted to the associated smart watch using a baseband co-processor that it standard on most Android devices. According to BitDefender, the wireless traffic is secured using a six digit PIN code. That leaves the device vulnerable to computer-enabled “brute force” attacks that can try the million possible six digit codes in short order. BitDefender noted that the problem exposed wasn’t limited to smart watches. Using baseband co-processors on Android devices to handle encryption is “not a fool-proof security mechanism,” Arsene wrote. Attackers might also be […]
Samsung Expanding Mobile Management To Court Enterprise
Editor’s Note: this story was updated to note that Centrify is now known as Delinea. PFR Sept. 18, 2022 Apple stole the show this week, unveiling its new, larger iPhones and a smart watch that everyone is just calling iWatch, whether that’s the product’s name or not. But the rush of new products from Cupertino doesn’t change the fact that, behind the scenes, the battle for the hearts and minds of business users (aka “enterprises”) rages on between Apple, Google, Microsoft and Blackberry. iPhone 6 or no, the outcome of that battle is anything but clear. Case in point: Samsung will roll out new features this week for its KNOX-powered Android phones and tablets that are designed to appeal to security and privacy conscious business users. The new KNOX solution offerings, which will become public on Thursday, promise enterprises and government organizations the tools to simplify the implementation of BYOD (or Bring Your Own Device) programs. In […]
