Soon after its release, electronics insurance company SquareTrade put Samsung’s new flagship phone through its breakability test, a series of drops, dunks, and tumbles. It was deemed the most breakable phone of all time: “S8 is the first phone we’ve tested that’s cracked on the first drop on ALL sides,” SquareTrade wrote in a video demonstrating the drops.
One of those holes is that Galaxy S8’s face recognition can be tricked with a photo. At least this is what a video from Spanish Periscope user Marcianophone purports.
The CyanogenMod team has posted an update of their own, confirming the shutdown of the CM infrastructure and outlining a plan to continue the open-source initiative as Lineage, which we suspected was going to be the case last week.
Known as Silverpush, the software is designed to monitor consumers’ television use through the use of “audio beacons” emitted by TVs, which consumers can’t hear but can be detected by the software. The letters note that the software would be capable of producing a detailed log of the television content viewed while a user’s mobile device was turned on for the purpose of targeted advertising and analytics.
Earlier this year, G Data contemporary Marble Security found a fake, pre-installed version of Netflix had been stealing personal data from several smartphone models, including the Samsung Galaxy range and the LG Nexus, and transmitting its swag to a server in Russia.
Silent Circle is all about security, but security is about more than just a phone that features encryption. There is an entire ecosystem in place starting with the secure PrivatOS 1.1. The latest upgrade to the operating system introduces a feature called Spaces which allows for OS-level virtualization and the ability to keep work and personal apps and data completely separate from each other. These features are also due to rollout to first generation Blackphones through an upcoming update.
So that much we know. What I have noticed over the past few years is something different, but possibly related: the reluctance of pedestrians to engage in negotiation for right of way. Time was, in this most self-deprecating and pointlessly apologetic of Europe’s cities that collision detection was default behaviour for pavement-dwellers. Older readers may remember a sketch in the BBC’s The Fast Show where ‘Indecisive Dave’ spent so long in trying to negotiate passage through a doorway with another person that he eventually just waved to his friends, said ‘See you later’ and went home.
As many of you may know, Cyanogen is built from Android source code, with layers upon layers of custom code placed on top. These changes allow for users to highly customize the look and feel of the OS. For example, users running Cyanogen can place custom skins on the OS and also increase a device’s security thanks to additional settings. There are countless developers that contribute their code to make Cyanogen a better alternative to vanilla Android, which is provided straight from Google as open source.
Cyanogen has told potential investors that it has a deal in place to bring its custom version of the Android OS to India through a manufacturer called Micromax. Alongside Samsung, Micromax currently holds almost as much share of the smartphone market in India, making this deal a very large step to get Cyanogen into the hands of millions of more people.
The researchers monitor changes in shared memory and are able to correlate changes to what they call an “activity transition event,” which includes such things as a user logging into Gmail or H&R Block or a user taking a picture of a check so it can be deposited online, without going to a physical CHASE Bank. Augmented with a few other side channels, the authors show that it is possible to fairly accurately track in real time which activity a victim app is in.
There are two keys to the attack. One, the attack needs to take place at the exact moment the user is logging into the app or taking the picture. Two, the attack needs to be done in an inconspicuous way. The researchers did this by carefully calculating the attack timing.
The researchers created three short videos that show how the attacks work. They can be viewed here: http://bit.ly/1ByiCd3.
When you click on it, the app asks for administrator privileges of the device. Once opened the sole user interface FireEye observed for the app contains pops up saying “Program Error” and “It’s Deleted!” when translated to English from Korean.
These exploits usually require the user to approve of something first.
The app captures text messages, security certificates and banking details which it then sends to a Gmail address included in the malware – an email address which Google has now terminated