Google, Samsung to issue monthly Android security fixes

LAS VEGAS - Google Inc. and Samsung Electronics Co. will release monthly security fixes for Android phones, a growing target for hackers, after the disclosure of a bug designed to attack the world's most popular mobile operating system.

The change came after security researcher Joshua Drake unveiled what he called Stagefright, hacking software that allows attackers to send a special multimedia message to an Android phone and access sensitive content even if the message is unopened.

"We've realized we need to move faster," Android security chief Adrian Ludwig said at this week's annual Black Hat security conference in Las Vegas.

Previously, Google would develop a patch and distribute it to its own Nexus phones after the discovery of security flaws.

But other manufacturers would wait until they wanted to update the software for different reasons before pushing out a fix, exposing most of the more than 1 billion Android users to potential hacks and scams until the fix.

Ludwig also said Google has made other security changes. In an interview, he told Reuters that earlier this year the team broke out incidence rates of malicious software by language. The rate of Russian-language Androids with potentially harmful programs had spiked suddenly to about 9 percent in late 2014, he said.

Google made its roughly weekly security scans of Russian phones more frequent and was able to reduce the problems to close to the global norm.

Ludwig said improvements to recent versions of Android would limit an attack's effectiveness in more than nine out of 10 phones, but Drake said an attacker could keep trying until the gambit worked. Drake said he would release code for the attack by Aug. 24, putting pressure on manufacturers to get their patches out before then.

Nexus phones are being updated with protection this week and the vast majority of major Android handset makers are following suit, Ludwig said.

Samsung Vice President Rick Segal acknowledged that his company could not force the telecommunications carriers that buy its devices in bulk to install the fixes and that some might do so only for higher-end users.

"If it's your business customers, you'll push it," Segal said in an interview. Samsung is the largest maker of Android phones.

Ludwig said many Android security scares were overblown. He added that only about one in 200 Android phones Google can peer into have any potentially harmful applications installed at any point.

Drake noted that those figures exclude some products, including Fire products from Amazon, which use Android.

As with Apple's iPhones, the biggest security risk comes with apps that are not downloaded from the official online stores of the two companies.

Stolen files from Hacking Team, an Italian company selling eavesdropping tools to government agencies around the world, showed that a key avenue was to convince targets to download legitimate-seeming Android and iPhone apps from imposter websites.

source: www.abs-cbnnews.com

How hackers can control Android phones via text message

Cyber security firm Zimperium on Monday warned of a flaw in the world's most popular smartphone operating system that lets hackers take control with a text message.

"Attackers only need your mobile number, using which they can remotely execute code via a specially crafted media file delivered via MMS (text message)," Zimperium Mobile Security said in a blog post.

"A fully weaponized successful attack could even delete the message before you see it. You will only see the notification."

Android code dubbed "Stagefright" was at the heart of the problem, according to Zimperium.

Stagefright automatically pre-loads video snippets attached to text messages to spare recipients from the annoyance of waiting to view clips.

Hackers can hide malicious code in video files and it will be unleashed even if the smartphone user never opens it or reads the message, according to research by Zimperium's Joshua Drake.

"The targets for this kind of attack can be anyone," the cyber security firm said, referring to Stagefright as the worst Android flaw discovered to date.

"These vulnerabilities are extremely dangerous because they do not require that the victim take any action to be exploited."

Malicious code executed by hackers could take control of smartphones and plunder contents without owners knowing.

Stagefright imperils some 95 percent, or an estimated 950 million, of Android phones, according to the security firm.

Zimperium said that it reported the problem to Google and provided the California Internet firm with patches to prevent breaches.

"Google acted promptly and applied the patches to internal code branches within 48 hours, but unfortunately that's only the beginning of what will be a very lengthy process of update deployment," Zimperium said.

It did not appear as though hackers had taken advantage of the Stagefright vulnerability, according to Zimperium.

Updating Android software powering mobile devices is controlled by hardware makers and sometimes telecommunication service carriers, not Google.

While Apple controls the hardware and software in iPhones, iPads, and iPods powered by its mobile operating system, Google makes Android available free to device makers who customize the code and update it as they see fit.

More about Drake's research was to be disclosed at a Black Hat computer security conference taking place in Las Vegas early in August.

source: www.abs-cbnnews.com

Banking apps on Android phones most at risk of virus -Kaspersky

JERUSALEM - Banking applications on Android phones are most vulnerable to cyber crime, the chief executive and co-founder of Russian anti-virus software maker Kaspersky Lab said on Monday.

Eugene Kaspersky said 99 percent of mobile attacks are towards Android-based phones, since Apple has strict controls and does not allow third-party applications.

The most disturbing trend in cyber attacks was a growing shift to mobile devices from computers and a major cyber attack using mobile phones was bound to happen since cellular users are not properly protected, he told Reuters.

"I expect something really bad to happen to change people's minds and awareness," he said, noting that it took the Chernobyl virus in 1998 for people to properly protect their computers.

"Cyber crime is moving to mobile but people are not aware. It's still not as big as computer crime but it's growing fast. The trend is a very dangerous situation," he said at a cyber-tech conference in Israel, where he wants to open a research and development lab.

Kaspersky makes one of the top-selling anti-virus programmes in the United States, where it has gained market share in recent years against products from Symantec Corp, Intel's McAfee and Trend Micro.

He said it was hard to determine where most cyber attacks are coming from geographically but cyber criminals typically speak Chinese, Spanish, Portuguese and Russian.

source: www.abs-cbnnews.com

Free app provides guide to Sinulog festival

MANILA – If you're planning on celebrating Sinulog in Cebu this weekend, there's a mobile app to guide you on the much-awaited festival and its related events.

The Sinulog Guide is a mobile app developed by Cebu-based startup InnoPub Media in partnership with Smart Communications Inc. It can be downloaded for free at the Google Play Store and Windows Phone Store.

The app provides information on where to stay, where to go during and after the festival and what other events you can attend during the festivities.

Sinulog Foundation executive director Ricky Ballesteros said the app is very useful for those who will attend Sinulog, whether residents or tourists.

“[It is a] unique resource that would help our guests make the most of the biggest festival in the Philippines,” he said.

The app is compatible to Android phones, and can be accessed through their website.

It also offers information on the history of Cebu and the Sinulog festival.

Apart from interactive maps and listings, the app also contains directories of hotels, taxis, consuls and hospitals you might need during your visit at Cebu.

The Sinulog Guide comes with a GPS to track where you are and to route out where you want to go in Cebu.

The app is currently being updated and a newer version containing with related articles shall be made available before the festivities start on January 19.

source: www.abs-cbnnews.com

Hoping to put past behind, ZTE comes strong at Philippines mobile debut

MANILA, Philippines — Their name may have been dragged by one of the most controversial issues to rock Philippine politics, but Chinese IT manufacturer ZTE remains bullish about the Philippine market as it attempts to restore its image and prove dominance in the local mobile space.

During the launch of its initial mobile phone products to hit local shores, executives of one of China’s largest technology companies were tight-lipped about the damage wrought by what is now known as the controversial NBN-ZTE deal, hoping to put the past behind in hopes of furthering their business in the country.

Officials, however, pointed out how their business remained strong in the Philippines despite the issue, as they are still one of the preferred partners of large telecom providers in the country, particularly as manufacturing suppliers of broadband dongles, pocket Wi-Fi devices, and telecom equipment.

“We are the fourth largest phone manufacturer in the world and the biggest in China,” asserted James Chen, president of ZTE Philippines who was just appointed in March. “In 2011, we posted $13 billion in revenues, and we continue to grow our market worldwide.”

Coming into the Philippines, a market already dominated and crowded by multinational phone manufacturers as well as home-grown Pinoy phone companies, Chen emphasized how their deep experience in the telecom world, coupled with their manufacturing and R&D capabilities, will become the main differentiators of the brand against competitors.

Brandishing their new products –– composed of two feature phones, three Android-based smartphones, and a 7-inch Android tablet –– executives claimed their edge over local phone brands such as myPhone and Cherry Mobile in the areas of reliability and durability, emphasizing their vast pool of resources.

“Most of the time we see these two major brands focus on OEM handsets,” claimed Henry Yu, the head of devices division at ZTE. “The common feedback from end users is that the defective rate is very high.”

In contrast, Yu said that despite connotations, the products manufactured by ZTE are “quite reliable,” as they own the technology, manufacturing, and R&D capabilities that go into making their phones.

“We have better technology capabilities than myPhone and Cherry Mobile,” he added.

For his part, Jimmy Go, president of MSI-ECS, the appointed distributor of ZTE mobile products in the Philippines, likened the current situation of mobile phone companies to the early days of PC manufacturing.

“Before, PC brands outsource manufacturing of their products to the cheapest supplier, but the user experience has not been great,” Go said. “Today, 90 percent of the market is captured by the branded PCs, because they can control the quality of their products, and they are the first to introduce all the latest models.”

In its initial foray into the Philippine market, ZTE Mobile is bringing in six phone and tablet models that, executives said, are being positioned for the mid-range market.

Bannering the new fleet of phones are three smartphones powered by Google’s Gingerbread Android operating system. The cheapest in the line, the Mimosa Mini V856, is a dual-SIM phone with a small 2.8-inch display that will retail for P5,390 locally.

The two other Android phones are for users with a bit more budget for mobile devices: the Kis V788 comes with a 3.5-inch TFT capacitive touchscreen display, a 3-megapixel back camera, and a standard-issue 800 MHz processor. The Skate 4.3H, meanwhile, is powered by a 1GHz single-core processor, is fitted with a 4.3-inch capacitive touchscreen display, and features a 5-megapixel back camera.

The two phones will retail for P7,490 and P13,990, respectively.

ZTE’s tablet, on the other hand, is a 7-inch device that comes packed with a 1.4GHz Scorpion chip from QUalcomm, a 4GB storage, a front and back camera, and a Dolby Mobile Sound technology for its speakers. It can be bought locally for P15,490.

Bringing up the rear of new ZTE phones are two feature handsets targeted at the price-sensitive, penny-pinching Pinoy consumer: the ZTE S516 is a basic feature phone in a candy bar form factor, while the ZTE R260 is a full-featured QWERTY phone with a hot-swappable SIM card slot. They are available each at sub-P5,000 price points.

ZTE officials, however, could not assure if the Android phones they are releasing today are capable of upgrade to Ice Cream Sandwich or Jellybean, although they noted that they are sure to come out with models featuring those flavors of the Android OS in the near future.

“Before, we played a major role in providing broadband dongles and pocket Wi-Fi devices for Philippine telcos,” Yu said. “But this year marks our focus on smartphones and handsets in other open channels.”

source: interaksyon.com