Slatedroid info

Everything about android tablet pc [slatedroid]

Samsung prepping security update for SwiftKey keyboard vulnerability

Posted by wicked June - 18 - 2015 - Thursday Comments Off

Samsung_Galaxy_S6_Edge_Right_Edge_Slanted_01_TAEarlier today, a massive security exploit involving Samsung’s default SwiftKey keyboard spread across the internet like wildfire showing the dangers of manufacturers pre-loading third-party software on their phones. The vulnerability was pretty obscure and wouldn’t affect everyone with a Samsung device, but it was still a fairly serious exploit Fortunately, Samsung has issued a relatively quick response about the whole situation.

Samsung has stated that they’re working on a fix, and it will be deployed through a security policy update via Knox. The vulnerability was based in how language packs for Samsung’s SwiftKey-backed keyboard were updated, and doesn’t affect the normal version of SwiftKey that you may have downloaded through the Play Store. 

If you have a Galaxy S6, Galaxy S5, Galaxy S4, or Galaxy S4 Mini on any of the four major US carriers, you can expect Knox to patch things up in the near future.

source: Android Central

Come comment on this article: Samsung prepping security update for SwiftKey keyboard vulnerability

Third-party app exploit reveals remote code attack vector on Samsung smartphones

Posted by wicked June - 17 - 2015 - Wednesday Comments Off

Samsung_Galaxy_S6_Edge_Right_Edge_Slanted_01_TA

Some recent security work on new Samsung smartphones will likely increase the pressure on manufacturers and carriers to dispense with preloading third-party apps. According to security researchers, they were able to figure out a way to deliver a payload capable of executing remote code via the Swift keyboard app that comes pre-installed on new Samsung devices. The vulnerability gives an attacker the ability to run code as a system user, one step shy of being root, and can be launched without input from the device’s user. 

The researchers determined that Samsung, and likely other manufacturers, are running third-party apps like keyboards from a privileged context. To make this happen, apps are getting signed with manufacturer’s private signing keys. This opens the path to upstream attacks that can be triggered by events like a device reboot or an application update – any event that cause the app to go out on the Internet looking for a new file. The researchers note that attacks could be constructed using rogue Wi-Fi access points, via local area networks, or even something like DNS hijacking.

As many smartphone buyers are aware, many of the apps that end up installed on a device, including third-party apps, cannot be uninstalled and in some cases, they cannot even be disabled. Such is the case with the Swift keyboard, although they are not alone in that position and obviously, Swift did not make that decision. Sadly, the researchers can only suggest avoiding insecure Wi-Fi networks to reduce risks and to possibly use a different mobile device. More help could be forthcoming if users start contacting their carriers for information on patches or updates to address the security weakness that has been identified.

source: NowSecure

Come comment on this article: Third-party app exploit reveals remote code attack vector on Samsung smartphones

Google paying out cash bounties for identifying and solving Android vulnerabilities

Posted by wicked June - 16 - 2015 - Tuesday Comments Off

Android SecurityGoogle takes security very seriously, and now that’s more true than ever. The company has offered bounties for anyone that could find or solve vulnerabilities in Chrome and their websites with their Security Rewards program, and today they’re extending that to cover Android, too.

Just how it works with other apps and services, if you find or fix a vulnerability in Android Google will pay out a bounty depending on how severe the bug or vulnerability is. Identifying a bug nets you anywhere from $500 to $2000 based on how severe the issue is. Providing test cases or patches for those bugs drastically increases the payout, topping out at around $8k for very critical vulnerabilities. If you can find a functional exploit via a third-party app installed on a device, Google will shell out upwards of $20k. Those are some pretty high rewards if you think you can slip through Android’s current state of security.

The only conditions to these bounties are that it must apply to the Nexus 6 or Nexus 9 AOSP or OEM code. They’ll also only be rewarding the first instance of a bug being disclosed. There are a handful of other rules and exceptions to read up on if you’re interested in taking a crack at snagging one of these bounties.

source: Android Security Rewards

 

Come comment on this article: Google paying out cash bounties for identifying and solving Android vulnerabilities

Google will pay up to $8000 to researchers disclosing Android vulnerabilities

Posted by wicked June - 16 - 2015 - Tuesday Comments Off

android-malware

Google is extending its bug bounty program to cover vulnerabilities found on Android devices sold through its store.

The new Android Security Rewards program covers vulnerabilities found on current Nexus phones and tablets that are available in the Google Store (formerly, the hardware section of Play Store). Currently that means the Nexus 6 and the Nexus 9. The program supplements Google’s other bug bounty schemes, such as the Patch Rewards program, which launched in 2013 and includes AOSP and many other projects.

“Eligible bugs include those in AOSP code, OEM code (libraries and drivers), the kernel, and the TrustZone OS and modules. Vulnerabilities in other non-Android code, such as the code that runs in chipset firmware, may be eligible if they impact the security of the Android OS.”

Google will only reward the first reporter of a specific bug, with bounties varying based on the severity of the issue, and whether or not the reporter offered a test case and/or a fix for the vulnerability.

google android bug bounty

For verified exploits that can lead to the kernel or boot being compromised, Google is willing to raise the bounty by up to an extra $30,000. The company will match any bounty that reporters opt to donate to a charity of their choosing.

Google launched its first bug bounty program in 2010, and since then, it paid $4 million to researchers, with $1.5 million in 2014 alone.

Installed on four out of every five smartphones in the world, Android has become the primary target of mobile malware developers, though the security measures implemented by Google ensure that only a very small number of malware-ridden apps compromise user devices. But it’s not just malware that Google worries about – a recent report revealed that the NSA was very interested in using the Play Store to surreptitiously deliver spyware on target devices, though it’s not clear what came of that program.

Unfortunately, Google’s efforts alone are not enough to ensure that bugs are exterminated in a timely fashion. Carriers and OEMs have the power – and responsibility – to deliver security patches for most devices, but time and again, they proved uninterested in doing the right thing for the customer.

LastPass urges users to update their master passwords following recent security breach

Posted by wicked June - 15 - 2015 - Monday Comments Off

lastpass password manager

The folks over at LastPass claim that last Friday, they noticed and blocked some suspicious activity taking place on its network. While the team has no evidence that encrypted users data was taken and that no user accounts were accessed, investigations have shown that account email addresses, password reminders, server per user salts, and authentication hashes have been compromised. Because of this, the company is taking some extra precautions to ensure all is right with everyone’s data, so they’re now requiring all users who are logging in from a new device or IP address to verify their account by email.

All users of the service are also urged to update their master password as soon as possible, especially those who have a weak password or reuse their master password on any other website. If you update your master password and still feel a little uneasy about the hack, you can always sign up for multifactor authentication for a bit of added protection.

Although security breaches and “suspicious activity” can be nerve-racking, password managers can prove very useful most of the time. It may not be the most secure way to store your long list of complicated passwords, but some would argue that the added convenience is worth the risk. Do you use a password manager? Why or why not? Be sure to let us know your thoughts in the comments below.

Researchers able to access private data on smartwatches

Posted by wicked June - 11 - 2015 - Thursday Comments Off

LG_G_Watch_Cube_Watch_Face_TA

Over the years owners of smartphones have learned the hard way that they need to keep their devices secured against attempts to get private information off of the devices. The worry is not so much that someone will intercept data on the fly, but that a misplaced device could fall into the wrong hands that have plenty of time to try to break through security to access private data. Researchers from the University of New Haven have started work on examining how secure a new crop of devices – smartwatches – may be and the results are not promising.

In testing that was conducted on an LG G Watch and a Samsung Gear 2 Neo, the researchers found they could access several pieces of personal information. On both devices they found they could access both the user’s email address and contacts. On the LG G Watch, powered by Android Wear, they were also able to access the calendar and pedometer data. For the Samsung Gear 2 Neo, powered by the company’s Tizen operating system, the researchers were also able to grab health information and messages. A contributing factor to their success in pulling this data off the devices was the fact that it was not encrypted.

Even with encryption, there may still be limits to how secure the devices may be. In their testing, the researchers not only poked around the file systems on the devices, but they were also able to utilize the Android-powered smartphones the smartwatches were linked to.

The research being conducted will be presented at a digital forensics conference in August. We can expect more attention to issues of data privacy to be brought up as more devices are made “smart” devices. As the researchers note, mere encryption is only a first step as it needs to be implemented properly. They also note that privacy measures need to take into account how our information is increasingly flowing between devices as we enjoy the benefits of a more connected world.

source: CNET

Come comment on this article: Researchers able to access private data on smartwatches

Gmail app gets Oauth support for Yahoo! and Microsoft mail accounts

Posted by wicked June - 10 - 2015 - Wednesday Comments Off

Gmail-bannerGoogle’s Gmail app for Android has gotten some extra new security features that will be very important for those of you using a Yahoo! or Microsoft account. The new update brings Oauth support for both accounts, bringing the security of using those email addresses closer to what you’ll typically experience with Gmail.

Oauth allows users to take advantage of two-step authentication and Google’s account recovery process, both of which are staple security features in 2015. If you use either a Yahoo! or Microsoft mail account in your Gmail app, keep an eye out for this update over the next few days.

source: Gmail (Google+)

Come comment on this article: Gmail app gets Oauth support for Yahoo! and Microsoft mail accounts

ZTE and AVG teaming up to provide AVG AntiVirus Pro on all new ZTE phones

Posted by wicked June - 10 - 2015 - Wednesday Comments Off

ZTE_logo_2015Smartphone manufacturer ZTE and antivirus company AVG have announced a new partnership that will ship AVG’s AntiVirus Pro software on all new ZTE phones going forward. The antivirus app will offer its full feature set for 60 days, after which users can pay for an annual subscription or continue using the free version of the software.

Antivirus on Android phones is a tricky topic, especially since there’s not much overwhelming evidence that anyone actually needs it. Google does a pretty good job of keeping malicious apps out of the Play Store, so your only risk would be from downloading apps from an outside source. I can’t imagine that happens too often for most people.

Do you use any antivirus apps on your smartphone, or have you ever had any issues with malware on any of your Android devices? Let us know in the comments, and if you’re interested in reading ZTE and AVG’s press release, you can find that below.

via: Android Central

AMSTERDAM – June 9, 2015 – AVG® TechnologiesN.V. (NYSE: AVG), the online security company™ for more than 200 million monthly active users, announced today a new global partnership with leading telecommunications equipment, networks and mobile devices company, ZTE, to become a provider of mobile security across its range of devices. From May 2015, ZTE smartphones and tablets come pre-installed with AVG’s flagship AVG AntiVirus PRO for Android™ app, giving ZTE customers the peace of mind that they have protection on their mobile devices.

“For many of us, our smartphones have become the primary device that we spend most time with, but ensuring mobile security can sometimes be an afterthought,” said Ms. Wang Xuemei, Business Manager at ZTE. “Our customers will be able to rely on our partnership with AVG to help take the worry out of connecting to their favorite websites, apps and using online services through their ZTE smartphones and tablets. We are committed to mobile security and strive to provide the best mobile experience possible to all of our users.”

Under the terms of the partnership, ZTE customers will receive a free, 60-day trial of the AVG AntiVirus PRO for Android™ app. After the trial, they can either choose to keep the enhanced features by purchasing the annual subscription or retain AVG AntiVirus FREE for Android™, which still ensures their smartphone or tablet will have core protection.

“There’s huge momentum in the adoption of mobile services in key emerging markets. The flipside of this growth is that it attracts attention – for example, we recently identified a new vulnerability in a popular app that could easily be exploited by hackers to become malicious,” said David Ferguson, Senior Vice President, Revenue & Business Operations, AVG Technologies. “As we focus on helping to secure people, devices, and data across the globe, this partnership will ensure that new and existing mobile users have peace of mind by being protected from the outset, whether simply enjoying their favorite games or using useful online tools for banking or shopping.”

June 9, 2015

Come comment on this article: ZTE and AVG teaming up to provide AVG AntiVirus Pro on all new ZTE phones

Plex’s Media Server software now uses SSL certificates, offers secure connection

Posted by wicked June - 8 - 2015 - Monday Comments Off

Plex Media Server Secure Connection

Phones, tablets, televisions, computers, gaming consoles and streaming players; it seems that Plex is available almost any content playing device you can think of. With this being the age of criminal gangs of hackers, the NSA and seemingly every other country attempting to get their hands on your data, is it too paranoid to want Plex to be more secure?

Plex doesn’t seem to think so, as the company has just updated its apps for Android, Plex Home Theater, web app, Windows and the Roku (Preview app) to begin using secure connections. Plex has started giving out SSL security certificates if you are using the Plex Media Server software. To check if your Plex connection is secure, log in on the web and you should see the green lock in the address bar, along with Plex.Inc. also in green. It’s important to note that you should be running the latest Plex release: v0.9.12.3.

The update should reach gaming consoles and Smart TV’s soon, and if you own an iOS device, don’t fret, a major release on the horizon that includes full support for secure connections.

Source: Plex

Come comment on this article: Plex’s Media Server software now uses SSL certificates, offers secure connection

AC_Home_US (1)

Being able to control your privacy and security is becoming increasingly important, especially with all of the sensitive information constantly being traded around the web. That’s why today Google is rolling out two big improvements to its privacy and security tools that will help users better manage the information most important to them.

Google’s new My Account tool acts as a central hub for controlling your personal data and information, giving you access to settings that will help you safeguard your data, keep your privacy protected, and give you more control over what info is used to make Google services work better for you. Here are a few more important features My Account provides:

  • Manage the information that can be used from Search, Maps, YouTube and other products to enhance your experience on Google. For example, you can turn on and off settings such as Web and App Activity, which gets you more relevant, faster search results, or Location History, which enables Google Maps and Now to give you tips for a faster commute back home.
  • Use the Ads Settings tool to control ads based on your interests and the searches you’ve done.
  • Control which apps and sites are connected to your account.

If you’d like to check out your My Account page, head on over to myaccount.google.com.

Additionally, Google is rolling out an informative website that will help answer common security questions that many users have been asking. By heading to privacy.google.com, users will hopefully get a better idea as to how their data affects their experience on Google, what types of data Google collects, and much more.

It seems like Google has been particularly focused on user security as of late, especially following the recent announcement that granular app permissions control is coming to Android M.

ePad 7 Android 4.0 ICS
$162 $100 FREE SHIPPING 

10" Android 4.2 1.2GHz Tablet PC

7