Slatedroid info

Everything about android tablet pc [slatedroid]

T-Mobile pushing security update to its LG G4

Posted by wicked August - 31 - 2015 - Monday Comments Off

lg_g4_display_corner_TA

Security, sound, and video. That’s the focus for a software update T-Mobile is pushing to its LG G4.

Throughout August, devices from a multitude of companies have received software updates to patch the Stagefright vulnerability. T-Mobile is taking its turn today in pushing the security update to its LG G4.

The carrier is also adjusting sound settings by separating ringtone and notification options. Finally, T-Mobile is allowing users to record video in slow motion.

The new build, which is labeled H81110n, is sized at 353MB and should reach devices during the week.

Source: T-Mobile

Come comment on this article: T-Mobile pushing security update to its LG G4

Qualcomm announces Smart Protect anti-malware for Snapdragon 820 phones

Posted by wicked August - 31 - 2015 - Monday Comments Off

qualcomm smart protect snapdragon 820Qualcomm has announced a new anti-malware service for devices using the upcoming Snapdragon 820 processor that takes a more proactive approach towards malicious apps and downloads. While most anti-malware scanners compare results from a static database, Qualcomm’s approach dynamically checks transformed malware, too.

The service offers up APIs for OEMs to use in their built-in security solutions on devices to help analyze application behavior. By monitoring and learning behavior, Smart Protect can figure out which apps are malicious and might have changed since they were initially checked against any database.

Qualcomm Smart Protect is made possible by the Snapdragon 820’s Zeroth machine learning technology. Another plus to using the processor’s integrated behavior learning tech is that all of the scanning and analysis is done on-device, not in the cloud. For anyone that’s concerned about privacy and security, that’s a major advantage compared to other solutions.

As malicious software and apps continue to grow, expect to see more hardware manufacturers take steps towards security like this.

For Smart Protect in action, you can check out Qualcomm’s blog post and video below.

source: Qualcomm

Click here to view the embedded video.

Come comment on this article: Qualcomm announces Smart Protect anti-malware for Snapdragon 820 phones

Security hole found in Samsung smart fridges

Posted by wicked August - 25 - 2015 - Tuesday Comments Off

samsung_smart_fridge_model_use

Some testing recently conducted by Pen Test Partners revealed a man-in-the-middle vulnerability in Samsung smart fridges that could be used to hack into a user’s Gmail account. The Samsung refrigerator that was tested has Wi-Fi capability that among other things, allows a user to display their Gmail calendar on the screen. The Pen Test Partners’ testing showed that although Samsung implemented a Secure Sockets Layer for connections, the fridge was not validating certificates leaving it vulnerable to attack.

In order to take advantage of the security, the attacker would have to be connected to the same network that the fridge is connected to, so a secure network and careful vetting of who you let “visit” on your network can help reduce exposure.

While accessing a Gmail account may not seem like an interesting target for hackers, many expect Internet connected devices to eventually include payment capabilities making them more enticing targets. Jonathan Vaux with Vix notes, “your fridge will have a payment capability. People are immediately associating [Samsung Pay] with the phone, but they’re the biggest provider of white goods and so I will have a fridge, I’m sure, that will have connected payments in it.”

Pen Test Partners has been testing a variety of Internet-of-Things (IoT) devices and previously discovered Samsung was sending unencrypted voice recordings from their Smart TVs over the Internet.

source: Tech Insider

Come comment on this article: Security hole found in Samsung smart fridges

OnePlus 2 OTA update includes StageFright patch, gets rolled out to India first

Posted by wicked August - 21 - 2015 - Friday Comments Off

oneplus_2_official_angled

While many OnePlus 2 fans are still waiting to get their hands on an actual device thanks to the slow rollout of invites, OnePlus has been busy with its OxygenOS firmware, announcing its first over-the-air (OTA) update that bumps the firmware to version 2.0.1. The OTA includes security patches, bug fixes and other improvements, and we have the changelog after the break.

Changelog:

  • Added patch for StageFright security exploit
  • Improved battery performance
  • Improved user interface logic and coherence
  • Fixed an issue with pinch-to-zoom in Google Photos
  • Fixed an issues where Dark Mode would cause instability in certain apps
  • Fixed an issue related to import/export of contacts stored on SIM card
  • Additional support for global carrier APNs
  • Other improvements and fixes

The OxygenOS v2.0.1 OTA will see a staggered rollout, beginning with India. It’s good to see OnePlus take security seriously, having previously announced a firmware update for OnePlus One handsets a week ago that included patches for the StageFright exploit.

 

Source: OnePlus

Come comment on this article: OnePlus 2 OTA update includes StageFright patch, gets rolled out to India first

Why Android Auto scares me

Posted by wicked August - 15 - 2015 - Saturday Comments Off

android auto review aa (7 of 16)

For those who do not know, Android Auto, is a car information/entertainment system, that allows car owners to connect to their Android devices. Then, through the car’s dashboard unit, Android Auto provides access to compatible apps, as well as data and features on the device. Android Auto provides a means for users to answer and make calls using voice commands, receive and have messages read to them, dictate and send new messages, as well as access to the device’s maps and navigation. Android Auto is designed to minimize distractions for drivers, by providing a means for users to perform essential actions, without necessary taking their hands off the steering wheels, or their eyes off the road. It accomplishes this by using large widgets that can be easily touched without a need for high precision, voice assisted commands, and by offering apps a limited API set. After all, we don’t want drivers playing Flappy Bird while at the wheel. Talk about road rage! But I digress.

The manufacturers that have signed up to support Android Auto reads like a who’s who of the auto industry, and includes Abarth, Acura, Alfa Romeo, Audi, Bentley, Chevrolet, Chrysler, Dodge, Fiat, Ford, Honda, Hyundai, Infiniti, Jeep, Kenwood, Kia, Maserati, Mazda, Mitsubishi, Nissan, Opel, Pioneer, RAM, Renault, SEAT, Škoda, Subaru, Suzuki, Volkswagen and Volvo.

Without a doubt, Android Auto is a fantastic idea. Rather than drivers taking their eyes off the road, searching for their phone when it rings and trying to answer a call, all while driving with one hand, using Android Auto, the driver simply glances over at the dashboard, sees who is calling, and can answer or reject the call with a simple voice command as appropriate. Drivers can also have incoming messages read to them, as well as dictate and send messages. Another great feature of Android Auto is access to your media files, as well as streaming services. There is a lot to be excited about regarding Android Auto, and I was one of it’s biggest fans. However, a few recent developments have left me questioning the readiness of both Google and the car manufacturers. Recently, my disquiet has grown into outright fear at the prospect of Android Auto and the increased use of software in modern cars.

HackingTeam and RCS Android

But what is worse is that Hacking Team itself was hacked.

Hacking Team is a company based in Italy that sells intrusion and surveillance software to governments around the globe. Their software suite includes tools to compromise Windows, Macs, iOS and Android devices. For Android, they could gain control of a device through the installation of a seemingly innocuous app, that initially contains no malicious code. However, once installed, the app uses dynamic loading to download and execute their spyware payload. This spyware, called RCS Android (Remote Control System Android) has been described as the most sophisticated Android malware so far exposed. RCS Android can listen to and record conversations using the device’s microphone, capture screenshots and photos, record voice calls, track the device’s location, capture both WiFi and online account passwords, collect SMS, MMS, Gmail and IM messages, as well as device contacts. In addition, it can upload all this data to a command server, upgrade itself, gain root access, and uninstall itself.

It is scary enough that there is malware out there that can do all this, but what is worse is that Hacking Team itself was hacked, and over 400GB of company data was posted online. This data trove contains the source code for their apps, spyware, botnets, as well as company emails and other data. Thanks to Hacking Team, all this code is in the wild, and will be studied, modified, and used.

Stagefright (and others)

Stagefright, is a truly frightening Android vulnerability. It was discovered by Joshua Drake, a researcher from Zimperium’s zLabs. Drake discovered that a specially crafted MMS can be sent to a vulnerable Android device, and, before a notification is even shown, the device can be compromised. The Stagefright vulnerability uses the fact that by default, messenger apps automatically download MMS images.

stagefright

It is estimated that approximately 95% (950 million) of Android devices where vulnerable at the time of it’s disclosure to the press. The 5% of devices not vulnerable are really old devices, running Android versions less than Android 2.2. Stagefright is every hackers wet dream, wherein a device is compromised completely remotely, without user interaction, allows an arbitrary payload delivery, and all traces of the hack can be completely wiped.

Although Drake has been in contact with Google regarding the vulnerabilities, and sent patches to Google as early as April 9th, Google Nexus devices (the poster children for fast updates and upgrades) are just getting patched five months later.

Although the Chrysler hack is the most recent, there has been a steady stream of car related software glitches in the past few years.

To compound the issue, there is CVE-2015-3825, discovered by IBM’s X-Force Application Security Research Team. It affects Android devices from 4.3 and above, including the as yet unreleased Android M version. An app with no permissions (yes you read that right), can escalate it’s privileges and become a super app, essentially owning the device (almost like Hacking Team’s app, but even more sinister). This covers about 55% of Android devices available today. Thankfully, this vulnerability is still under wraps, but we can only hope and pray that the bad guys haven’t found and/or are not currently exploiting it.

With Stagefright and RCS Android, an attacker could infect virtually every Android phone on the planet, without anyone noticing. In the movie Ex-Machina, Nathan (who owns a Google-type search engine) says he hacked every cell phone on the planet to get camera and audio. What should be just fiction, now doesn’t sound that far fetched any more.

Chrysler Hack and Ford Recall

Wired’s Andy Greenberg also had a run in with a couple of hackers, Charlie Miller and Chris Vasalek, who demonstrated their ability to compromise a Jeep Cherokee completely remotely. In case you are too busy to go read the full article, the hackers sent commands through the car’s entertainment system, and ordered the car to turn on it’s AC at maximum, changed the radio station, changed the dashboard display to a picture of themselves, turned on the windshield wipers, cut the car’s transmission and disengaged the brakes. Note that this was a car they had not modified in any way, and all the above was done over the internet, using a vulnerability in the entertainment system. Allow me to emphasize that, over the internet, hackers where able to cut the car’s transmission and disengage the car’s brakes.

While the researchers have been sharing their work with Chrysler over the past nine months, it doesn’t inspire much confidence in me as far as the future of connected cars go.

Jeep_Grand_Cherokee_--_03-21-2012_2

Although the Chrysler hack is the most recent, there has been a steady stream of car related software glitches in the past few years. In June, for example, Ford had to recall more than 430,000 cars (including the 2015 Focus, C-Max and Escape models) to update the software, because removing the ignition key may not be enough to turn off the car’s engine!

None of these hacks, so far, involve Android Auto, however they are worth mentioning to show that auto makers have issues with software in vehicles. Although I cannot help but acknowledge that software in vehicles has incredible benefits (ABS, improved fuel efficiency, etc).

Why so serious?

With the amount of information our smartphones hold related to our lives and finances, a hacked smartphone is a major source of worry and headache. However, having a completely compromised smartphone is not necessarily life threatening, for either myself or the people around me.

When a car decides to arbitrarily break these given set of rules, it poses a great danger not just to its occupants, but to other vehicles, as well as pedestrians.

Admittedly, a lot of my activities using my smartphone, or in close proximity of my phones, could be embarrassing if made public. More importantly, a very high number of smartphone owners perform financial transactions through their phones, and a hacked phone can result in massive financial losses. With a hacked automobile, the potential for damage, injuries and loss of life is far greater.

At the moment, Android Auto is a strictly information/entertainment system, and cannot be used to control, manage and/or monitor car operations. However, the Android Auto APIs indicate that querying car diagnostics is part of the future plans. Both the Auto makers and Google have to take extra steps to ensure Android Auto is properly isolated and sandboxed. Unfortunately, with their track record thus far, I’m not holding my breath.

Conclusion

The scary part of this is not the software in automobiles or Android itself. Individually, they are a concern, but the idea of both together is quite troubling. And the same can be said of both Apple’s CarPlay and Microsoft’s Windows Automotive.

Microsoft, arguably the biggest and most important software company in the world today, still has issues surrounding it’s most lucrative software (Windows if you haven’t guessed), and this is with their ability to push out updates regularly. How frequently can auto companies push out updates? How are the updates going to be installed? Can users decide to reject an update? Who becomes accountable when a user rejects an update, for whatever reasons, and the car is compromised in the middle of a commute? Who is accountable if the car is compromised using Android Auto?

Don’t forget that even if you refrain from purchasing one of these monsters, any other car on the road can be one of these, and happen to be the unlucky machine infiltrated by the bored teenager in his mother’s basement in East Africa (replace with virtually any where else in the world). The safety of our roads are predicated on the belief that every driver follows a set of rules. When a car decides to arbitrarily break these given set of rules, it poses a great danger not just to its occupants, but to other vehicles, as well as pedestrians.

Latest OxygenOS update addresses StageFright exploit for OnePlus One devices

Posted by wicked August - 14 - 2015 - Friday Comments Off

OnePlus_New_ROM_OxygenOS_Forum

OnePlus recently announced that it is slowing down the rate at which it issues invites for its 2016 flagship killer, the OnePlus 2, which isn’t great news for its fans. But, on the other hand,  it has also just announced that it’s released a firmware update for the OnePlus One to deal with the marauding StageFright exploit. And that is good.

According to announcement on its forums, the OxygenOS firmware for the OnePlus One has been updated to v1.0.2 and includes security fixes for the StageFright exploit. Before proceeding to flash the updated, it’s recommended that OnePlus One owners backup their data. If your OnePlus One already has the OxygenOS installed, there’s no need to factory reset your device, again, a good thing. Needless to say, it’s strongly advised to upgrade your OnePlus One to this latest firmware. More information about the update can be found on the OnePlus website.

 

Source: OnePlus

Come comment on this article: Latest OxygenOS update addresses StageFright exploit for OnePlus One devices

Verizon Samsung Galaxy S6, S6 Edge, and Tab 4 getting Android 5.1.1 with Stagefright fixes

Posted by wicked August - 14 - 2015 - Friday Comments Off

samsung-galaxy-s6-edge-green-emeraldVerizon is pushing Android 5.1.1 and a Stagefright fix to update the Samsung Galaxy S6, Galaxy S6 Edge, and Galaxy Tab 4 10.1.

The new update also includes a switch for the parallax wallpaper effect, new camera quick exposure, caller ID for Advanced Calling, and Chinese language support.

Source: Verizon (1), (2), (3)

Come comment on this article: Verizon Samsung Galaxy S6, S6 Edge, and Tab 4 getting Android 5.1.1 with Stagefright fixes

Android Lollipop screen pinning

With your mobile hotspot under control from last week’s Android customization post, it’s time we move to a new topic. This week we will look at a handy feature in Lollipop called screen pinning.

It’s a pretty simple thing, for when you need to hand your phone over to a friend or family member for a second, but you only want them to use one app, and only one app. Android 5.x Lollipop has a feature to help, screen pinning is exactly what the name implies, allowing you to pin an app to your display, blocking use of other apps.

Let’s look it over and see what Lollipop screen pinning is all about.

Before we begin

It is not often I get to share a project or trick that does not have specific requirements, but today is not one of those days. You will need to have an Android device with at least Android 5.0 Lollipop installed in order to follow along, but that’s it.

Prevent unwanted access to your device using screen pinning

I painted a picture above of locking your device to your child’s favorite game, or locking your friend to just your image gallery, these are great uses, but there are other uses that can be great for business and marketing equipment as well.

lock screen lockscreen security

There are a couple levels of security available in screen pinning. The first thing that screen pinning can do for you is provide a full screen immersive mode, of sorts. While it does hide the notification bar, it does not hide the navigation buttons, at least it all but disables them. Pressing the nav buttons provides a message reminding you that screen pinning is active. Much better than accidentally jumping out of your favorite game in the heat of battle.

The first level of use does allow the user to long press the Overview button (recent apps button) to exit screen pinning. This may work for your toddler, but not your friend. To really lock things down, you can require your lock PIN or passcode to exit screen pinning. This effectively secures your device and data from browsing when you need to hand your device over to someone.

How to enable screen pinning

Things should be enabled by default, but let’s dive into the settings first, then pin a screen after.

Open your device Settings.

Android Lollipop screen pinning settings

Go to Security.

Scroll down and click on Screen pinning.

If it is off, simply tap the toggle to turn screen pinning on. Then, make the choice now if you are going to require your device lock PIN or passcode to disable screen pinning once started.

Good stuff, now to use screen pinning.

The process is pretty easy, you may have already noticed the icon but weren’t sure what it was for.

Android Lollipop start screen pinning

Open up the app you would like to pin.

Tap the Overview button (I’ll never get used to that name, it’s the Recents list button, who’s with me?)

Your app will be the first tile in your recent apps list, scroll it upward to reveal a small pin icon in the bottom right hand of the tile. Tap on the pin.

You will be notified that you are entering screen pinning mode, and reminded how to get out again.

Hit Got It to continue.

Hand your device over to your friend, colleague, customer, teacher or family member with no worries of them snooping around.

How to turn off screen pinning

I almost feel like I don’t need to say this, again, so I’ll make it really quick.

Android Lollipop stop screen pinning

Long press on your Overview button.

A message pops up to tell you you have exited screen pinning. Unless you have it locked down with PIN or passcode, then just enter that and you are free to resume your day.

What’s next

Despite the convenience factor, screen pinning was not really designed to be a bulletproof security measure for your device. The user can, for example, still hit the power button to shutdown and restart your device, and this offers little to no defense against USB connections to a PC or other data collecting tools. Basically, you’ll still need to monitor the person using your device if you really can’t trust them.

This, sadly, means that screen pinning, even when password protected, is not enough to protect a tablet for many business applications, like in an unmanned kiosk setting, for example.

digital insurance card review

Also, if you are one of the few that have your automotive insurance card as an app on your device, please check your local law before handing your phone over to law enforcement. Even though you may now think to use a PIN or passcode protected pinned screen, in some jurisdictions, the act of handing your phone to an officer for any reason at all grants them legal permission to perform a full search of your device.

Please take the time to learn your local laws before handing your phone over to law enforcement, and do be smart about who you hand your device over to aside from the police, just because your phone is locked to a single app, doesn’t mean it won’t up and disappear on you. At least you’ve created our Tasker project to identify intruders attempting to use your device, right?

Next week

I hope you learned a little and have great ideas on how to use screen pinning to protect your data and info the next time you hand your device over. Next week on our Android customization series we will look at something completely different – did you know that you can use almost any internet connected device as a sort of Chromecast for YouTube, controllable from your phone? We’ll dive into it.

Do you use screen pinning at all, or is it just one of those great features that you forget to use when the time arises?

Google reveals details about monthly security updates in new Android Security Google Group

Posted by wicked August - 13 - 2015 - Thursday Comments Off

Screen Shot 2015-08-13 at 1.45.40 PM

The last few weeks have been pretty crazy in the world of Android security, and it all started with that pesky Stagefright exploit that came to light last month. In wake of the far-reaching vulnerability, Google, quickly followed by Samsung and LGannounced its plans to issue monthly security-focused over-the-air updates to Nexus devices, in addition to regular platform updates from here on out.

At the big Black Hat security conference that took place recently, lead engineer for Android security at Google Adrian Ludwig announced that Google would be more transparent with its security updates in the future. The company plans to do this by detailing all security-focused updates in the newly-created Android Security Updates Google Group. Basically, if you’re looking for more details about what’s in the current update for Nexus devices, this new Google Group is your go-to.


Google-logo-aa16x9See also: How is Google fixing the Stagefright vulnerability that affects 95% of all Android phones?1310684

Looking through the Group, it’s easy to see that Google is taking this stuff seriously. All of the updates in the Group so far are a tad confusing and technical, but all of the information is there if you’d like to learn more.

National Cyber Security Alliance adds BlackBerry to their ranks

Posted by wicked August - 12 - 2015 - Wednesday Comments Off

National Cyber Security Alliance.  (PRNewsFoto/National Cyber Security Alliance)

BlackBerry got a start in the enterprise sector where security and privacy were major concerns for entities that were looking for mobile communications platforms. Over the years, BlackBerry has earned over 70 different government certifications or approvals which is more than any other mobile vendor. With this strong background in mobile security, BlackBerry seems like a natural fit for the National Cyber Security Alliance (NCSA), but they are only just now joining according to an announcement made today.

NCSA’s executive director Micheal Kaiser says the organization welcomes “the unique perspective that BlackBerry brings to the NCSA, and we look forward to working with BlackBerry to solve  cybersecurity challenges, particularly as they relate to mobility and the Internet of Things.” Meanwhile, BlackBerry’s Edward Hearst, vice president of U.S. Government Business Development, says BlackBerry hopes to share “knowledge and insights to further advance efforts to ensure that the mobile experience is safe and secure for users, no matter what devices they have or information they access.”

source: National Cyber Security Alliance (PR)

Come comment on this article: National Cyber Security Alliance adds BlackBerry to their ranks

ePad 7 Android 4.0 ICS
$162 $100 FREE SHIPPING 

10" Android 4.2 1.2GHz Tablet PC

7