Tag Archive for: Android

Google to launch a new ‘anti-virus’ system for apps, reveals Android 15 beta release

/in


Android 15, set to debut on Pixel smartphones later this year, has revealed intriguing features through developer previews and public beta releases. Among these features is a potential new tool aimed at aiding users in identifying and containing malicious apps on their devices.

Feature Unveiled in Android 15 Beta:

The latest beta of Android 15 has unveiled a prospective feature that could chnage app security on the platform. Reported by Android Authority, this feature allows system apps like Google Play Services or the Play Store to isolate and impose restrictions on detected apps, akin to antivirus programs on Windows.

Functionality and Implementation:

The proposed functionality involves quarantining apps, severely limiting their capabilities once identified as potential threats. While the code for this feature exists within Android 15, it remains dormant pending activation. If implemented, quarantined apps would face restrictions such as being barred from displaying notifications, hiding their windows, stopping activities, and preventing device ringing.

Also read: Looking for a smartphone? To check mobile finder

Restricted Access and Potential Limitations:

The envisaged “QUARANTINE_APPS” permission would be exclusively granted to apps signed by Google’s certificate, effectively restricting the quarantine function to the Play Store or Google Play Services. Notably, despite quarantine, apps would remain visible in the app drawer, albeit greyed out. Tapping on such icons would inform users of their unavailability and offer options for restoration.

Uncertainties Surrounding Implementation:

While the feature was initially observed in a developer build of Android 14 in 2022, its fate in Android 15 remains uncertain. Should Google proceed with its integration, it’s likely that only designated Google entities would wield the power to quarantine apps. Such a tool could prove invaluable in cases where suspicious app behavior is flagged by Google’s Play Protect malware scanner.

As Android 15 inches closer to its official release, the potential inclusion of a…

Source…

Alert: Pixel Phones’ Exploited Android Zero-Day Flaw Patched

/in


In the realm of smartphone security, the recent spotlight has fallen on Google Pixel devices, where two zero-day vulnerabilities have been unearthed and promptly addressed by Google. As per recent reports, the Android zero-day flaw, and others like it, were exploited by forensic firms, shedding light on the intricacies of smartphone security and the measures taken to safeguard user data and protect against these mobile security risks.

 

Exploited Vulnerabilities, Unique Fixes


Google Pixel phones, although running on the Android operating system, operate under a distinct update mechanism. Unlike other Android devices, Pixels receive tailored updates owing to their specialized hardware platform directly managed by Google. This bespoke approach ensures that Pixel users benefit from exclusive features and heightened security measures.

 

In the latest security bulletin for April 2024, while the broader Android ecosystem didn’t face significant threats, Pixel devices faced active exploitation of two vulnerabilities: CVE-2024-29745 and CVE-2024-29748. These vulnerabilities posed risks of vulnerability disclosure and elevation of privilege, respectively, highlighting the intricate nature of smartphone security.


A Peek into the Android Zero-Day Flaw


Forensic companies, adept at navigating device vulnerabilities, seized upon these flaws to unlock Pixel phones and access their stored data without the need for PIN authentication. GrapheneOS, a renowned name in privacy-focused Android distributions, uncovered these exploits, shedding light on the clandestine world of smartphone security breaches.

 

CVE-2024-29745, identified as a high-severity information disclosure flaw in the Pixel’s bootloader, and CVE-2024-29748, characterized as an elevation of privilege bug in the Pixel firmware, were the focal points of exploitation. These Zero-day exploits enabled unauthorized access to device memory, raising concerns regarding data integrity and user privacy.


Patching the Android Zero-Day Flaw in Pixel Phones


Responding swiftly to the looming threat, Google deployed fixes aimed at patching vulnerabilities. By implementing measures such as zeroing memory during booting and restricting USB…

Source…

LightSpy Malware Attacking Android and iOS Users

/in


A new malware known as LightSpy has been targeting Android and iOS users.

This sophisticated surveillance tool raises alarms across the cybersecurity community due to its extensive capabilities to exfiltrate sensitive user data.

LightSpy is a modular malware implant designed to infiltrate mobile devices. With variants for both Android and iOS platforms, it represents a significant threat to user privacy.

The malware’s extensive functionality allows it to harvest a wide range of personal information from infected devices.

Technical Details of the Attack

LightSpy is engineered to siphon off a variety of data from the victim’s device, including:

  • GPS location data
  • SMS messages
  • Data from messenger apps
  • Phone call history
  • Browser history

Document

Stop Advanced Phishing Attack With AI

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by
other email security solutions. .

Moreover, LightSpy can remotely execute shell commands and record voice-over IP (VOIP) call sessions, adding to its surveillance capabilities.

Broadcom’s latest blog post highlights the LightSpy malware implant’s technicalities and impact on targeted devices.

The malware is known to spread through various means, including phishing campaigns and compromised websites.

Once a device is infected, LightSpy operates stealthily, often undetected by the user.

The modular nature of LightSpy means it can be updated with new capabilities post-infection, making it a remarkably resilient and adaptable threat.

Impact on Users

The implications of such a malware infection are severe.

Users’ private information can be compromised, leading to potential identity theft, financial loss, and personal safety concerns.

The ability to track browser history and communications in real time provides malicious actors with a wealth of information that can be exploited.

Users are advised to keep their security software up to date and to be cautious of unrequested communications that could serve as potential infection vectors.

The emergence of LightSpy malware is a stark reminder of the evolving…

Source…

Android 15 looking to enhance Wi-Fi security with a new toggle

/in


Android 15Beta 1 was released earlier this week, and as with every new beta release, Android experts everywhere go through the UI with a fine-toothed comb to find all the new features buried within the operating system. This time was not an exception, with the addition of a long-overdue new toggle found targeting Wi-Fi security.

Android expert Mishaal Rahman recently uncovered a significant update in Android 15 Beta 1: a new toggle labeled “Allow WEP networks” has been added to the device’s network settings. This change underscores Google’s ongoing focus on improving user security, particularly in the context of wireless networks.

Wired Equivalent Privacy (WEP) is a wireless network security protocol introduced decades ago. Unfortunately, WEP technology has been superseded by stronger, more robust standards like WPA (Wi-Fi Protected Access) and the newer WPA3.

WEP’s inherent design flaws make it vulnerable to cracking, even by novice hackers. If a network uses WEP, unauthorized individuals could potentially intercept and read data transmitted over it, posing a serious risk to your private information.

Android 15 looking to enhance Wi-Fi security with a new toggleAndroid 15 looking to enhance Wi-Fi security with a new toggle

Android 15 Beta 1 Network preferences screen with WEP allowance ON

By default, Android 15 Beta 1 blocks connections to WEP networks. The new “Allow WEP networks” toggle provides an override, but it includes a clear warning, stating “WEP is an older security protocol that’s less secure.” This change helps users make informed decisions about Wi-Fi connections.

While some users might still need this toggle for connecting to older devices, most users will benefit from leaving it disabled. This update aligns with Google’s attempts to protect user data, especially when using potentially insecure public Wi-Fi networks, such as those found in hotels or coffee shops.
It is wise to avoid WEP networks whenever possible, and it is advisable to upgrade your home router’s security to WPA2 or WPA3. Additionally, it is always a good idea to be cautious when connecting to unknown public Wi-Fi networks, or if unsure, consider using a VPN for added protection.

Source…