New malware hits android, uses masquerading technique

Android has been hitting the news since past a year or so. Now, android devices have a loop hole found in them. Security firm Zscalar has discovered a new malware that is capable of monitoring texts, browsing history and banking information. The malware, masquerades as an update for Chrome browser. This malware is hosted on webpages and is designed to look as a page of Google or officially belonging to android.

The malware is designed to monitor the the call logs, browsing history, text messages and banking information. Once this malware is installed, it sends the logs to a remote control server. Whats even more shocking is that this malware can find out whether your device has an anti virus installed or not. Also it can terminate such apps and evade detection. Once the malware has entered your device and you open the play store, a popup would be generated asking you to enter your credit card details. If you enter the details, these details would further be forwarded to some remote server which is still not known.

Although, the malware can be easily removed on factory reset of your device.

Google faces antitrust charges for Android from EU

It's always not good between Google and EU these days. Google has to now face antitrust charges from EU stating that it is violating competition by unfairly favoring it's services (maps and search) on Android devices over it's rivals.

Google's products such as maps, mail, search comes pre - installed in devices running Android and device manufacturers have to agree with this if they want to get a licence to the software. The European Union had been studying this and thus here comes the result. If any of these things is unbundled from the agreement with the manufacturers in Europe, it would be a major setback for Google. 

Google also faces  antitrust charges on another front. European Authorities had charged Google for unfairly dominating the market position to favor it's services and there are chances that it would be fined upto $7 billion.

The Federal Trade Commission, Washington is also probing on whether Google broke the U.S. antitrust laws to boost its services. Canadian authorities have closed the probe on this but have said that they would continue to monitor the company.

How easy is it to crack your android?

Much has been written and debated on whether iPhone is better than your android, whether iphone is difficult to crack down. Recently, there had been a battle between Apple and FBI where in Apple won it for time being. In this case, FBI managed to crack an iPhone without any help from Apple which made Apple to take FBI to court. Keeping this aside, questions arise in the mind of android users on whether their device is safe or not.

Android needs to still work on security

Experts from North Caroline State University had issued a report on Mashable explaining the various ways in which your phone can be cracked. After going through the post, it is clear that there is no clear answer. This also meant that unless the user enables a password lock and encrypts it contents (microSD as well), the device is secured meaning that hackers or security agencies can use Brute Force method as the only tool to gain access to your device.

In iPhone, you can enter wrong password not more than 10 attempts after which all the contents of your device will be automatically erased. In Android, the data will be erased after such 30-40 failed attempts. It is said from many reports that custom apps can write data onto Android device that is managed by a third party on a rooted device. This can be done by using an image to fool the fingerprint scanner. Just using the unencrypted microSD card will do the job as well.

This life saving feature is truly amazing: Android N developer preview

If you are in an emergency situation (medical emergency), think of the situation where your phone would be your life saver. Seems like a dream right?Nope. Android N has a new feature added into it that would do so.

In the Android N developer preview, Google has added an option to include medical details and personal contact information (also your medical emergency contact). When you guys setup a new phone on N developer preview, you would be asked to add these information (although this is optional). You can add your name, birth date, address and medical info like blood group, medications, allergies and a contact which comes in handy in such emergencies. This way the responders can use the emergency button on your phone (locked phone). 

If you have not done it in the beginning, you can find it in settings > User at any time in the future. This feature is surely a welcoming feature in Android N. Hope that Google would bring this feature to the consumer version.

New attack hit android and iOS devices, can the steal crypto keys of your device

Last time I talked about mazar virus that hit Denmark and other European nations. This time there is another report on an attack that can steal your crypto keys. 

Well, if guys don't know where you use the crypto keys here it is. Crypto keys are used to protect your pay accounts, wallets and many of the high value assets. So how is this done?

The exploiters use the side-channel attack that is based on Elliptic Curve Digital Signature Algorithm. This algorithm is used because it is faster than other crypto systems. It can be done when cryptographic operations are being done and by measuring the electromagnetic radiations. This way full extraction of data can be done. The attacker can perform such actions by measuring them using a simple magnetic probe, or using an USB cable of your phone and a USB sound card. It is said that researchers were able to fully extract the secret keys from OpenSSL.

The researchers from Tel Aviv university and University of Adelaide have published (separately) on how to extract the ECDH keys from a standard laptop. Although, this uses sound emitted by devices rather than the electromagnetic emanations that is used in the case of mobile phones.

New Android malware hits Denmark

The mazar malware has started to spread across Europe and this time, it has hit Denmark. As reported by Heimdal Security, the virus has been spread across 100,000 phones in Denmark and has stated that it is difficult to say how much damage been caused by the malware.

The virus operates through text messages wherein once installed, it would send all web traffic by creating a malicious proxy. This would allow the attackers to access sensitive details from the user's web activities. 

The virus is said to have its source from SMS. You would get an SMS stating something and if you fall for it, then that would the end of your privacy. Users have to just ignore those messages which asks you to follow a link. It is also said that phones running on kit kat are the ones affected. Much older versions are also said to be victims of this virus.

Although, many security firms have worked on it, only 3 of them have detected this virus. It is only Heimdal that has shared it's results with public.

Google kills a hacker bug, patches critical flaws

Yet again a news on security flaws in Android. Google has fixed a serious bug on Android that could remotely be exploited by email, MMS or link on a webpage which contains specially crafted media file. Also, Google patched seven critical flaws in their February patch for nexus devices that would affect the mediaserver service of the Android Operating System. The flaw would mean that your device could be remotely hacked when the mediaserver processes the files delivered by either email or MMS or through a webpage. The flaws affect Android 6.0 Marshmallow, Android 5.0 Lollipop and Android 4.4.4 Kitkat.

Google has also announced some equally serious bug in Broadcom Wi-fi driver that would allow the hacker to remotely corrupt the OS kernel and gain access to the device.

So overall, the February update has addressed 13 security bugs that included seven critical, five highly severe and two moderate.