Security News
Privacy advocates allege Ring goes so far as to silently deliver updates on Ring customer usage to Facebook, even if the Ring owner doesn't have a Facebook account. The EFF performed dynamic analysis on the Ring for Android mobile app, using the "Mitmproxy" tool running on a Wi-Fi access point connected to the doorbell.
Google is testing out a feature to make Android's built-in password manager safer, according to online sleuths who have picked apart its software. You could use it to take autofill input from third-party password managers, or if you wanted to keep everything in your Google account, you could use autofill with Google's own password management service.
Google has removed 17,000 Android apps to date from the Play store that have been conduits for the Joker malware - and in an analysis of the code, said that Joker's operators have "At some point used just about every cloaking and obfuscation technique under the sun in an attempt to go undetected." The internet giant said that having three or more active variants of Joker in circulation at the same time using different approaches or targeting different carriers is the norm; and at peak times of activity, up to 23 different apps from the Joker family have been submitted to Play in one day.
For much of Android's existence, Google has adopted a relatively hands-off approach that lets manufacturers ship units with pre-installed bloatware which, in many cases, cannot be easily removed. "Android Partners - who use the Android trademark and branding - are manufacturing devices that contain pre-installed apps that cannot be deleted, which can leave users vulnerable to their data being collected, shared and exposed without their knowledge or consent," the letter states.
These pre-installed apps can have privileged custom permissions that let them operate outside the Android security model. This means permissions can be defined by the app - including access to the microphone, camera and location - without triggering the standard Android security prompts.
Update] Pre-installed malware on Android phones is a growing menace - so much that on Wednesday this week, Privacy International and around 50 other international NGOs sent an open letter to Google demanding a stop to the habit. The pre-installed malware comprises a Wireless Update app detected by Malwarebytes as Android/PUP.Riskware.
Google has pulled three malicious apps from Google Play, one of which exploits a recently patched kernel privilege escalation bug in Android to install the app aimed at spying on users. The Camero app would download a DEX file from a C&C, which would then download the callCam APK file and use the CVE-2019-2215 exploit to root the device, install the app and launch it without any user interaction or the user's knowledge.
Google kicked off its first Android Security Bulletin of 2020 patching a critical flaw in its Android operating system, which if exploited could allow a remote attacker to execute code. Google said its' critical vulnerability exists in Android's Media framework, which includes support for playing a variety of common media types, so that users can easily utilize audio, video and images.
Google on Monday published the first Android security bulletin for 2020, with patches for 40 vulnerabilities, including a critical flaw in the Media framework. The Android Security Bulletin for January 2020 was split into two parts: the first addresses 7 vulnerabilities in Framework, Media framework, and System, while the second includes fixes for 33 security flaws in Kernel, Qualcomm, and Qualcomm closed-source components.
Watch out! If you have any of the below-mentioned file managers and photography apps installed on your Android phone-even if downloaded from the official Google Store store-you have been hacked and being tracked. These newly detected malicious Android apps are Camero, FileCrypt, and callCam that are believed to be linked to Sidewinder APT, a sophisticated hacking group specialized in cyber espionage attacks.