In brief: Google’s decision not to patch a security hole in versions of Android used by hundreds of millions of consumers is a bad omen for the Internet of Things and will likely push some Android users to alternative versions of the operating system.
Search Results for "Android"
Report: Android Shield Adds Invisible Encryption To Mobile Apps
Wired reports on a team from Georgia Tech that has designed software that acts as an overlay on Android smartphones’ communication applications, encrypting communications to and from those apps, while mimicking their user interface. The researchers describe the technology as a “transparent window” over apps that prevents unencrypted messages from leaving the user’s device. “The window acts as a proxy between the user and the app. But the beauty of it is that users feel like they’re interacting with the original app without much, if any, change,” says Wenke Lee, the Georgia Tech professor who led the developers. “Our goal is to make security that’s as easy as air. You just breathe and don’t even think about it.” The researchers call their prototype Mimesis Aegis, or M-Aegis, Latin for “mimicry shield.” They plan to present their research at the Usenix Security conference this week. Read more via Wired: This Android Shield Could […]
Old Apache Code at Root of Android FakeID Mess
A four year-old vulnerability in an open source component that is a critical part of Google’s Android mobile operating system could leave mobile devices that use it susceptible to attack, according to researchers at the firm Bluebox Security. The vulnerability was disclosed on Tuesday. It affects devices running Android versions 2.1 to 4.4 (“KitKat”), according to a statement released by Bluebox. According to Bluebox, the vulnerability was introduced to Android by way of the open source Apache Harmony module. It affects Android’s verification of digital signatures that are used to vouch for the identity of mobile applications, according to Jeff Forristal, Bluebox’s CTO. He will be presenting details about the FakeID vulnerability at the Black Hat Briefings security conference in Las Vegas next week.
This Week In Security: Android’s Security Woes
We’re at the end of another busy week in the security world – a week that saw everything from World Cup themed phishing attacks and, of course, more data breaches: at PF Changs, Domino’s Pizza and AT&T. Among the top stories this week were a number of warnings about attack on Google’s Android mobile device platform. FireEye and Google said they dismantled part of a mobile malware operation that stole online banking credentials from Android users via a malicious and stealthy app posing as Google Play. And a German researcher sounded alarms about Android mobile devices shipping from China that come with pre-loaded malicious software. To help make sense of all the Android badness, we invited Zach Lanier. Zach’s been a frequent guest on Security Ledger Podcast. He’s a security researcher at DUO Security and – fittingly- one of the authors of The Android Hacker’s Handbook, published by Wiley. Zach and I talked about the […]
Google: Android Wear Isn’t Ready For Health Data
I didn’t get a chance to write about Google’s (big) announcement that it was expanding its Android operating system franchise to wearable products. If you haven’t been following the news: the company unveiled a developer preview of Android Wear, software that will allow developers to outfit wearable devices that can interact with Android devices like mobile phones and tablet. The announcement is important: it shows Google continuing to grow its footprint in the wearables space beyond the (controversial) Glass technology. In fact, noted tech luminary Robert Scoble and others have wondered aloud whether Google is ready to let Glass go the way of Wave, Buzz and other skunkworks projects. The announcement of Wear and attendant deals with watch makers like Fossil and others suggests that, if nothing else, Google is ready to get out of the wearable hardware business and leave that to companies that are better suited to […]
