Google faces antitrust charges for Android from EU

It's always not good between Google and EU these days. Google has to now face antitrust charges from EU stating that it is violating competition by unfairly favoring it's services (maps and search) on Android devices over it's rivals.

Google's products such as maps, mail, search comes pre - installed in devices running Android and device manufacturers have to agree with this if they want to get a licence to the software. The European Union had been studying this and thus here comes the result. If any of these things is unbundled from the agreement with the manufacturers in Europe, it would be a major setback for Google. 

Google also faces  antitrust charges on another front. European Authorities had charged Google for unfairly dominating the market position to favor it's services and there are chances that it would be fined upto $7 billion.

The Federal Trade Commission, Washington is also probing on whether Google broke the U.S. antitrust laws to boost its services. Canadian authorities have closed the probe on this but have said that they would continue to monitor the company.

How easy is it to crack your android?

Much has been written and debated on whether iPhone is better than your android, whether iphone is difficult to crack down. Recently, there had been a battle between Apple and FBI where in Apple won it for time being. In this case, FBI managed to crack an iPhone without any help from Apple which made Apple to take FBI to court. Keeping this aside, questions arise in the mind of android users on whether their device is safe or not.

Android needs to still work on security

Experts from North Caroline State University had issued a report on Mashable explaining the various ways in which your phone can be cracked. After going through the post, it is clear that there is no clear answer. This also meant that unless the user enables a password lock and encrypts it contents (microSD as well), the device is secured meaning that hackers or security agencies can use Brute Force method as the only tool to gain access to your device.

In iPhone, you can enter wrong password not more than 10 attempts after which all the contents of your device will be automatically erased. In Android, the data will be erased after such 30-40 failed attempts. It is said from many reports that custom apps can write data onto Android device that is managed by a third party on a rooted device. This can be done by using an image to fool the fingerprint scanner. Just using the unencrypted microSD card will do the job as well.

This life saving feature is truly amazing: Android N developer preview

If you are in an emergency situation (medical emergency), think of the situation where your phone would be your life saver. Seems like a dream right?Nope. Android N has a new feature added into it that would do so.

In the Android N developer preview, Google has added an option to include medical details and personal contact information (also your medical emergency contact). When you guys setup a new phone on N developer preview, you would be asked to add these information (although this is optional). You can add your name, birth date, address and medical info like blood group, medications, allergies and a contact which comes in handy in such emergencies. This way the responders can use the emergency button on your phone (locked phone). 

If you have not done it in the beginning, you can find it in settings > User at any time in the future. This feature is surely a welcoming feature in Android N. Hope that Google would bring this feature to the consumer version.

New attack hit android and iOS devices, can the steal crypto keys of your device

Last time I talked about mazar virus that hit Denmark and other European nations. This time there is another report on an attack that can steal your crypto keys. 

Well, if guys don't know where you use the crypto keys here it is. Crypto keys are used to protect your pay accounts, wallets and many of the high value assets. So how is this done?

The exploiters use the side-channel attack that is based on Elliptic Curve Digital Signature Algorithm. This algorithm is used because it is faster than other crypto systems. It can be done when cryptographic operations are being done and by measuring the electromagnetic radiations. This way full extraction of data can be done. The attacker can perform such actions by measuring them using a simple magnetic probe, or using an USB cable of your phone and a USB sound card. It is said that researchers were able to fully extract the secret keys from OpenSSL.

The researchers from Tel Aviv university and University of Adelaide have published (separately) on how to extract the ECDH keys from a standard laptop. Although, this uses sound emitted by devices rather than the electromagnetic emanations that is used in the case of mobile phones.

New Android malware hits Denmark

The mazar malware has started to spread across Europe and this time, it has hit Denmark. As reported by Heimdal Security, the virus has been spread across 100,000 phones in Denmark and has stated that it is difficult to say how much damage been caused by the malware.

The virus operates through text messages wherein once installed, it would send all web traffic by creating a malicious proxy. This would allow the attackers to access sensitive details from the user's web activities. 

The virus is said to have its source from SMS. You would get an SMS stating something and if you fall for it, then that would the end of your privacy. Users have to just ignore those messages which asks you to follow a link. It is also said that phones running on kit kat are the ones affected. Much older versions are also said to be victims of this virus.

Although, many security firms have worked on it, only 3 of them have detected this virus. It is only Heimdal that has shared it's results with public.

Google kills a hacker bug, patches critical flaws

Yet again a news on security flaws in Android. Google has fixed a serious bug on Android that could remotely be exploited by email, MMS or link on a webpage which contains specially crafted media file. Also, Google patched seven critical flaws in their February patch for nexus devices that would affect the mediaserver service of the Android Operating System. The flaw would mean that your device could be remotely hacked when the mediaserver processes the files delivered by either email or MMS or through a webpage. The flaws affect Android 6.0 Marshmallow, Android 5.0 Lollipop and Android 4.4.4 Kitkat.

Google has also announced some equally serious bug in Broadcom Wi-fi driver that would allow the hacker to remotely corrupt the OS kernel and gain access to the device.

So overall, the February update has addressed 13 security bugs that included seven critical, five highly severe and two moderate. 

New android ransomware using clickjacking to gain admin privilages

Now, another news on Android malwares and this time, it is on ransomwares. Hackers have found a way to get administrative privilages using these.

File-encrypting ransomwares have now targeted the Android devices. One such technique is the clickjacking technique that tricks the users to grant admin privilages. Clickjacking is a malicious technique of tricking the user to click something and thus getting access to the computer thereby revealing confidential information of the user's device. A clickjack will take an embedded form of code that has the potential to execute without the user's knowledge (like clicking a button that shows that you can download a file but executes some other function). 

As stated by pcworld, the ransomware applications targeting Android has been less significant due to its restrictions in application permissions. It is also stated that Android devices running on (atleast) 5.0 lollipop are protected from these ransomwares. But, most of the devices still run older versions of Android (older than lollipop). 

It's advised to all users to download applications only from trusted venders (or on Play Store which is highly recommended) to prevent any such ransomwares on your devices.