Slatedroid info

Everything about android tablet pc [slatedroid]

Samsung to Partner with SRI to Make Devices with Iris Recognition

Posted by wicked March - 27 - 2015 - Friday Comments Off

One popular trope in science fiction films is the high-level security clearance requiring iris scanning. By the end of this year, not only will that feature no longer be science fiction, it will be mobile! That’s right—as if fingerprint scanning wasn’t neat enough, SRI (Stanford Research Institute) is now working with South Korean tech giant Samsung to manufacture a mobile device that will feature iris scanning technology.

The device will be a customized version of the Samsung Galaxy Tab Pro 8.4 and will feature technology that is shown to be 1,000 times more accurate than fingerprint scanning technology. You can expect to see it at ISC West 2015, followed by a worldwide release.

What do you think? Is IOM (Iris On the Move) technology the future, or just another gimmick? Leave a comment below and let us into your mind!

Source: SRI

Via: Android Central

Come comment on this article: Samsung to Partner with SRI to Make Devices with Iris Recognition

Users reporting new “On Body Detection” lock mode in Android

Posted by wicked March - 22 - 2015 - Sunday Comments Off

on_body_detection_01

Based on reports starting to be made by users, Google is either testing or slowly rolling out a new lock mode for Android devices designed to detect when a device is physically in a user’s possession. The lock mode, called “On Body Detection” uses a device’s sensors to detect whether a device is being held in a person’s hand or is in their pocket and will keep the device unlocked. If the device is set on a table or something similar, the device will lock, requiring a user to employ their normal unlock method.

The new method appears to have been designed to help thwart thieves in case a user accidentally forgets their device somewhere. One thing users have determined is that the on body detection feature will not lock a device if the device is handed to someone else, so it is not tied to a specific user – only movement typically of being on a person’s body or in their hand.

Google has not announced anything about the mode, but it appears to be included in the most recent recent Play Services update. Thus far, only users with devices running at least Android 5.0 or higher have the new mode available, so it looks like it may be a Lollipop-only mode.

on_body_detection_02
on_body_detection

source: Android Police

Come comment on this article: Users reporting new “On Body Detection” lock mode in Android

New Lollipop “on-body” mode keeps your phone unlocked as long as you’re carrying it

Posted by wicked March - 21 - 2015 - Saturday Comments Off

on-body detection 1

Google is rolling out a new smart lock mode based on detecting whether you’re holding or carrying your device in the pocket.

The new feature is only available to Lollipop users, though you don’t have to be on a stock ROM in order to get it. However, activating it does seem to require the latest Google Play Services version, 7.0.97.

Here’s how it works. The “On-body detection” feature can be turned on from the Smart Lock section of Security settings. Once switched on, the device will stay unlocked as long as it detects that it’s being held or carried in a pocket, handbag, or the like. When the phone is set down (movement is no longer the detected) it locks up, so the next time you pick it up you’ll need to enter your PIN, password, or pattern.

On-body detection will bring down the number of times you have to unlock your device in a day, especially if you’re on the move a lot. If you’re like me, sitting at a desk all day, the effect will be less visible, but you may still find it useful.

Obviously, the phone can’t tell (yet…) whether it’s you or someone else carrying the phone. If someone steals your device from your pocket or purse, they will be able to sneak through it without any restrictions. So if you want the very best protection, it’s better to keep this feature off. However, the thief won’t be able to disable the lock screen, and the moment the phone stops moving it will lock up. Plus, most phones are stolen when they are left unattended anyway.

I’ve tested the feature on a Nexus 5 running 5.0.1, and it works as it’s supposed to. Personally, I will activate on-body detection on my devices from now on – the convenience it adds trumps the small security risk it opens.

Given that the feature is not present on all Lollipop devices, on-body detection appears to be activated on a per-user basis. Note: if you’re not on the latest Play Services version, you might see a different entry in Smart Lock, called “Trusted behavior (experimental).” This appears to be the old name of On-body detection; as soon as you get the update Play Services, it should switch to the new name.

Let us know if you’ve got the feature and if you’re going to set it on.

Google no longer requiring OEMs to encrypt Lollipop-running devices by default (updated)

Posted by wicked March - 3 - 2015 - Tuesday Comments Off

Lollipop statue Android Google logo close

Update: In a statement issued to Engadget, Google explained that they did in fact drop the requirement for default encryption because of “performance issues”. You can read Google’s full statement after the original post.

Original post: Back when Google introduced Android 5.0 Lollipop, it made headlines for seemingly all the right reasons. Among the huge visual overhaul and the switch to the new ART runtime, Google announced that new devices running Lollipop would need to be encrypted by default. It seemed as though everyone was singing Google’s praises as this meant in the future, Android as a whole would be, essentially, much more secure. But Google seems to be changing their minds on this whole matter, as the company is now not requiring OEMs to encrypt devices by default.

Encryption by default isn’t dead in the water, though. Google has plans to relaunch this feature in a future update to the OS. According to the Android 5.0 Compatibility Definition, the rules have changed from being required to encrypt by default, to just being very strongly recommended.

9.9. Full-Disk Encryption:

If the device implementation has a lock screen, the device MUST support full-disk encryption of the application private data, (/datapartition) as well as the SD card partition if it is a permanent, non-removable part of the device [Resources, 107]. For devices supporting full-disk encryption, the full-disk encryption SHOULD be enabled all the time after the user has completed the out-of-box experience. While this requirement is stated as SHOULD for this version of the Android platform, it is very strongly RECOMMENDED as we expect this to change to MUST in the future versions of Android.

This wasn’t the case with Google’s initial release of the update, though. The Nexus 6 and Nexus 9 devices both had encryption turned on by default when the launched. Alternatively, the demo models of the Samsung Galaxy S6 and HTC One M9 handsets at MWC didn’t have encryption turned on, and neither does Motorola’s Moto E (2nd Gen.) handset.

So, what changed? Perhaps we need to look back to November, when a few folks decided to run benchmarks on Google’s Nexus 6. It turns out, having a device with encryption turned on by default causes significant performance issues compared to one without it turned on. We obviously have a problem on our hands, and perhaps Google released this feature too early.

Ars Technica guesses that Google isn’t enabling encryption by default anymore in order to give OEMs ample time to plan for the change. The problems caused by performance can obviously be countered by updated processors, faster flash memory, and more.

No matter the reasoning, there’s no need to worry. If you’re planning on getting a new device running Lollipop in the near future, you can still turn encryption on manually. We’ll be sure to let you know when Google reverts back to its original default encryption methods.


From Google: In September, we announced that all new Android Lollipop devices would be encrypted by default. Due to performance issues on some Android partner devices we are not yet at encryption by default on every new Lollipop device. That said, our new Nexus devices are encrypted by default and Android users (Jelly Bean and above) have the option to encrypt the data on their devices in Settings —> Security — >Encryption. We remain firmly committed to encryption because it helps keep users safe and secure on the web.

Googles takes step back from default encryption on new Android Lollipop devices

Posted by wicked March - 3 - 2015 - Tuesday Comments Off

Samsung-Galaxy-S5-Note-4-Android-5.0-Lollipop-b

Last fall in the lead up to the release of Android Lollipop, Google let it out that they were planning to enable encryption of storage by default on new devices. This was going to be a change from previous versions of the Android operating system which had the capability of encrypting storage space, but left it up to the user to enable the encryption. As several new devices are starting to finally come to market loaded with Android Lollipop out of the box, Google has apparently decided not to make encryption the default, at least not for their partners manufacturing mobile devices.

When Google first announced plans to make encryption the default, they said it would only apply to new devices. Older devices that were upgraded to Lollipop would not be forced to enable encryption by default as part of the upgrade process. This was apparently done in consideration of potential hardware limitations for devices not designed with encryption in mind.

During the last few months of 2014 and in to 2015, this position appeared to hold. Only the Nexus 6 and Nexus 9 were released to market and they did indeed have encryption turned on by default. Meanwhile, the small number of devices that received the Lollipop update left the decision about encryption up to the user, but it was off by default.

However, the recently released Motorola Moto E (2015) does not have encryption turned on out of the box and sources at MWC 2015 who have gotten their hands on the Samsung Galaxy S6 demo units say encryption is not turned on for those devices either.

Google has not issued any statement about why their position regarding default encryption changed or is at least being delayed. It could be the performance hit is still a concern, even on new hardware, especially after Google’s own Nexus 6 performance was hurt by encryption. It seems hard to imagine a device like the Galaxy S6 would suffer a noticeable performance hit from disk encryption.

For the present time at least, Google’s guidelines for OEMs only indicates that disk encryption should be turned on by default and Google strongly recommends this. However, it is not mandated.

source: Ars Technica

Come comment on this article: Googles takes step back from default encryption on new Android Lollipop devices

Silent Circle reveals new Blackphone 2, forthcoming Blackphone+ tablet

Posted by wicked March - 2 - 2015 - Monday Comments Off

blackphone_2_blackphone_plus

In the days leading up to MWC 2015 Silent Circle announced they had bought out Geeksphone, their partner in development of the original Blackphone and their own operating system, PrivatOS. The company has now revealed their plans to provide a complete Enterprise Privacy Platform consisting of hardware devices like a new Blackphone 2 smartphone and Blackphone+ tablet, improvements to their PrivatOS operating system, and apps designed to enhance privacy for end users.

The most visible piece of the security pie for Silent Circle is the Blackphone 2, a successor to the Blackphone, which is scheduled to be released in the second half of 2015. The new smartphone will come with a larger 5.5-inch display running at full 1080p resolution, an octa-core processor, 3 GB of RAM and 32 GB of internal storage. The company also plans to release the Blackphone+, a privacy focused tablet. No details about hardware specs for the Blackphone+ have been announced.

Running on their devices Silent Circle is updating their PrivatOS solution to version 1.1. The big change is the inclusion of Spaces which is described as “an OS-level virtualization and management solution” that will basically enable users to setup business and personal accounts on the same device while maintaining the appropriate level of security.

Some of the apps being released include an encrypted communication platform that includes phone, text messaging and contacts management called Silent Suite. A Silent Meeting app will be available that provides a secure conference calling system and a curated app store specifically for Blackphone devices called Silent Store.

You can check out the full press release below the short teaser video for the Blackphone+. Keep checking TalkAndroid for more coverage of MWC 2015.

Click here to view the embedded video.

BARCELONA, SPAIN, March 2nd 2015 – Silent Circle today unveiled the world’s first enterprise privacy platform, a unique combination of devices, software and services, based upon and built from a fundamentally different mobile architecture – ZRTP. It includes the launch of the Blackphone 2 and the world’s first privacy focused tablet, Blackphone+.

“Enterprise privacy is similar to individual privacy. The same technologies can protect both,” Phil Zimmermann, Silent Circle co-founder said. “My own work in developing privacy technology has always been motivated by my interest in individual privacy as a human right. The recent Sony experience shows that enterprises too have a responsibility to up their game to protect the privacy of their own people and their partners.”

Bill Conner, President and CEO of Silent Circle, said, “Today we unveiled the vision to drive the second stage of growth for Silent Circle. Enterprises have been underserved when it comes to privacy. Traditional approaches to security have failed them. We’re here to fix that. We have to understand that to achieve real privacy now requires security plus policy. That new equation is driving everything we do in building the world’s first enterprise privacy platform.”

Reflecting the ways we all work have now evolved – with a growing number of employees now using personal devices to connect to their enterprise networks – the company has created a platform of devices, software and services that recognize traditional approaches to security are no longer enough.

The newly unveiled Silent Circle Enterprise Privacy Platform includes:

Blackphone:

The first generation Blackphone was designed to be a secure starting point for your personal communications. Since it was launched 12 months ago at Mobile Congress 2014, the device has seen huge global demand, it was also recently named one of Time Magazine’s best 25 inventions of 2014.

Blackphone 2:

Arriving in the second half of 2015, Silent Circle announced the launch of Blackphone 2 which has been built to offer enterprises privacy without compromise. It integrates seamlessly with existing MDM systems like Citrix and also adds a faster processor, more RAM, a longer lasting battery, and a larger display. It offers the privacy and security that you can only get from Blackphone with the next-generation hardware performance that smartphone users demand.

Blackphone+

Arriving later in 2015, Blackphone+, the world’s first privacy focused tablet, will provide next generation technology built to offer privacy for today’s mobile workforce.

PrivatOS

PrivatOS is an Android-based operating system that was created by Silent Circle to address modern privacy concerns. There is no software, no hooks to carriers, and no leaky data. It puts privacy in the hands of the user, without any sacrifice to your productivity.

PrivatOS 1.1 is the first major upgrade to the company’s OS. It introduces Spaces, an OS-level virtualization and management solution that enable devices to be used for all aspects of mobile life without compromising choice, privacy or ease-of-use. Geared specifically for the enterprise, it keeps enterprise and personal apps. Silent Circle are also introducing the capability that permits IT administrators to lock and wipe enterprise managed ‘Spaces’ when necessary, in addition to announcing MDM partnerships with Citrix, Soti and Good to pave the way for its increasing roll out within businesses worldwide.

Silent Suite

Silent Suite is the Silent Circle’s core set of applications that enable private, encrypted communication. It offers peer-to-peer key negotiation and management. Silent Suite sets the standard for enterprise privacy and is available on PrivatOS, iOS and Android. It includes:

  • Silent Phone: Allowing users to make private voice and video calls in HD clarity over a peer to-peer encrypted VoIP service
  • Silent Text: An unlimited encrypted texts services with the capability to transfer files. Includes burn functionality to destroy selected messages automatically
  • Silent Contacts: An automatically encrypting address book

Silent Meeting

A new, secure conference calling system allowing for multiple participants. Silent Circle say the system means no more access codes to remember and never again ask “Who’s just joined?” thanks to a visual interface that makes scheduling, inviting and monitoring attendees simple.

Silent Store

Installed on all Blackphone devices, the world’s first privacy-focused app store features apps from the developer community vetted by Silent Circle.

Silent World

An encrypted calling plan that lets users communicate privately with those who don’t have Silent Phone. Silent Worlds allows users to call anyone within the Silent Circle coverage areas privately, with no roaming charges or extra fees.

Silent Manager

Silent Manager gives enterprises a simple web based solution for managing plans, users and devices.

“Traditional security solutions have failed global enterprise in a mobile world and make data and privacy breaches feel inevitable to most enterprises” said Mike Janke, Co-Founder and Chairman of the Silent Circle Board at a press conference held at Mobile World Congress 2015 this morning. “What’s more, these breaches have evolved and have much broader impact. They now put every customer, employee and partner at risk. They are eroding the trust people have in enterprises. They have moved privacy firmly to the top of the boardroom agenda.”

Last week, Silent Circle last announced its buy out of its SGP Technologies joint venture between Silent Circle and Geeksphone. The acquisition resulted in Silent Circle taking a 100% ownership stake in SGP Technologies and the Blackphone product set. The company also announced it had raised approximately $50m in a private, common equity round to support accelerated growth.

Come comment on this article: Silent Circle reveals new Blackphone 2, forthcoming Blackphone+ tablet

sim card MIKI Yoshihito

Update: Gemalto released more details on the results of its investigation. The SIM maker acknowledged that the attacks publicized by The Intercept likely happened, but denied that the attacks resulted in a massive security breach. According to Gemalto, the NSA/GCHQ attack could only affect a small number of encryption keys, and only 2G networks. 3G and 4G SIM cards were not impacted by the breach, said the company. Check out Gemalto’s full statement.

Original post, February 23

Just a few days ago, a report claimed that documents leaked by NSA whistleblower Edward Snowden revealed that the American NSA and the British GCHQ (Government Communications Headquarters) hacked into a major SIM card manufacturer’s systems to steal encryption keys back in 2010. But today, Dutch SIM card manufacturer Gemalto has just announced that their SIM cards are secure following the massive security breach.

As reported by The Intercept, the two security agencies stole an immeasurable amount of encryption keys from the SIM card company, which allowed them to intercept otherwise locked-down data from users including voice, text and more. To make matters worse, Gemalto is one of the biggest SIM manufacturers in the world, supplying over two billion SIM cards per year and spanning throughout all four major US carriers as well as hundreds of other mobile service providers.

In a statement released earlier today, here’s what Gemalto had to say about the hack:

​Gemalto, the world leader in digital security, is devoting the necessary resources to investigate and understand the scope of such sophisticated techniques. Initial conclusions already indicate that Gemalto SIM products (as well as banking cards, passports and other products and platforms) are secure and the Company doesn’t expect to endure a significant financial prejudice.

The company will announce the results of its investigations on Wednesday, February 25th in a press release and a press conference. We’ll have to wait until then for the full results, but according to Gemalto, everything is looking secure so far.

Power consumption info can be used to spy on you

Posted by wicked February - 23 - 2015 - Monday Comments Off

Most people think that data leaks often happen through those apps that require the phone users to allow GPS, WiFi, and other possible entryways to be hacked. Some apps that can now track your every move via GPS are most likely to be open to hack attacks but researchers recently discovered that Android smartphones actually reveal information about one’s location to every app installed on device through the power consumption.

Is this really possible? Yes, according to Rafael, a defense research group from Israel, and Stanford University researchers who have developed PowerSpy. It’s a new technique that can gather information about the geolocation of a phone by simply tracking power usage. While WiFi and GPS location need permission from the user to be tracked, power consumption data are freely available to any app installed on the phone. This allows easy tracking of a user’s phone activities and movements.

This means anyone can track your location and movements real time by tricking you to download an app that makes use of PowerSpy technique. Any app can use this to communicate and track the user over the network and in real time. No need for location permissions because the particular trick gathers information such as routes and exact location by simply reading the phone’s power consumption.

Yan Michalevski, researcher at Stanford explains:

“You could install an application like Angry Birds that communicates over the network but doesn’t ask for any location permissions. It gathers information and sends it back to me to track you in real time, to understand what routes you’ve taken when you drove your car or to know exactly where you are on the route. And it does it all just by reading power consumption.”

The idea of PowerSpy works on the fact that more power is consumed by the phone once it moves farther away from a cell tower or when signal is blocked by mountains or buildings. It actually makes sense that battery is used more if it’s moving or is far from the power source.

Researchers tried to detect the noise by focusing on longer-term trends instead of those that last only a few minutes or seconds. This allows them to learn the algorithm and to determine the movement and location of the phone. However, the technology is still limited as the spy still needs to walk or drive through several routes as pre-measurement before one can track power usage and location.

For this project, the researchers travelled around the Bay Area in California to gather power consumption of an LG Nexus 4. Data are then compared with other power data collected on other phones. Special findings include that location could be identified with 90 percent accuracy.

PowerSpy may be effective and almost accurate (dangerous too) but Stanford researchers simply want to remind us of to be careful of allowing unsecure apps from not trusted sites  because a lot of information can be leaked.

Google has not replied when asked for a comment but it would be interesting to know what the Android team thinks or if there any possible fixes.

SOURCE: Wired

IMAGE: Martin Abegglen on Flickr

The NSA and GCHQ hacked a SIM card maker to steal your data

Posted by wicked February - 20 - 2015 - Friday Comments Off

sim card MIKI Yoshihito

In a new report from The Intercept, the NSA and GCHQ (Government Communications Headquarters) hacked into Dutch SIM card manufacturer Gemalto’s computers back in April 2010. The two government agencies, along with the Mobile Handset Exploitation Team (MHET), stole an immeasurable amount of encryption keys from the SIM card company, which allows them to intercept otherwise locked-down data from users including voice, text and more. The documents containing proof were leaked to The Intercept by former NSA member Edward Snowden. Gemalto is currently one of the world’s largest SIM card manufacturers, producing two billion SIM cards per year and spanning throughout all four major US carriers as well as hundreds of other mobile service providers. There’s currently no word as to exactly how many users are affected by the hack.

With the stolen encryption keys, the NSA and GCHQ can track mobile communication without first getting approval from telecom companies. The report adds:

Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt. As part of the covert operations against Gemalto, spies from GCHQ — with support from the NSA — mined the private communications of unwitting engineers and other company employees in multiple countries.

Gemalto was completely oblivious of the hack. Paul Beverly, CEO of Gemalto, explains, “The most important thing for me is to understand exactly how this was done, so we can take every measure to ensure that it doesn’t happen again.”

This is absolutely a huge negative on the mobile security front, which has already gotten a reputation of being quite precarious. If you have yet to read the full report from The Intercept, I’d suggest you do so. It may be a bit long, but it’s very informative and extremely eye-opening.

Beta channel for Android WebView open to Android 5.0 Lollipop devices

Posted by wicked February - 13 - 2015 - Friday Comments Off

google_android_system_webview_play_store_listing

Many were concerned with Google’s decision to unbundle WebView from the core system starting with Android 5.0 Lollipop. Older devices would be left behind, too, without updates and that means compromised security. Fortunately, Google has realized so many Android apps take advantage of WebView that it only makes sense to further support. With the latest version of Android, Google will be able to update WebView independently. Right now, developers can join the new beta channel to gain access to new APIs and other items. Developers will be able to become familiar with the updates before users get to see them.

You can join the beta channel of Android System WebView by clicking here.

Source: Android Developers Blog

Come comment on this article: Beta channel for Android WebView open to Android 5.0 Lollipop devices