Reuters TV is now free. “Reuters TV is aimed at mobile consumers who don’t have time or interest in traditional appointment viewing, will cover general interest stories targeted at a U.S. and British audience. The content is produced specifically for Reuters TV.”
We’ve been warned ten thousand times about common passwords. But what about common Android Lock Patterns (ALPs)? “The Tic-Tac-Toe-style patterns, it turns out, frequently adhere to their own sets of predictable rules and often possess only a fraction of the complexity they’re capable of. The research is in its infancy since Android lock Patterns (ALPs) are so new and the number of collected real-world-patterns is comparatively miniscule. Still, the predictability suggests the patterns could one day be subject to the same sorts of intensive attacks that regularly visit passwords.”
Remember Android’s Stagefright security flaw? Apparently Google’s patch has its own issues. “On August 5, Google started releasing over-the-air (OTA) security updates for Nexus 4,5,6,7,9,10 and Nexus Player devices to address most of these flaws. However, shortly after the search giant started distributing the patches, researchers at Exodus Intel confirmed their suspicion that the fix for an integer overflow triggered in libstagefright during MPEG4 tx3g data processing (CVE-2015-3824) was flawed.”
Is there anything worse to store in plain text than passwords? Like, say fingerprint images? “Researchers from FireEye have found that data that could be used to clone a user’s fingerprint was stored as an unencrypted “world readable” image file on HTC smartphones. Four security researchers discovered that the image file, which is clear replica of a user’s fingerprint, could be stolen by rogue apps or hackers.”
Another day, another Android vulnerability. Maybe it is as bad as Flash. “Dubbed Certifi-gate, the researchers say that vulnerabilities in the OEM (manufacturers of Android devices like Samsung, LG and Sony) implementation of Remote Support allows a third party app’s plugins to access a device’s screens and actions using an OEMs own signed certificates. That means a nefarious individual could see what you’re doing and control your phone or tablet. And according to the researchers, there’s no reasonable way to revoke the certificates as an end user.”
Samsung and Google will release Android security patches every month. “Alongside the new frequent security updates, Google has finally released a patch for Stagefright for its own Nexus line of phones, which it sells directly to customers. The company argues that the majority of users weren’t at risk, however, with application sandboxing limiting the amount of damage an attacker could do.”
If I were Google these would be fightin’ words: “Android is the new Flash”. “Several years ago, Steve Jobs called out Adobe Flash as a trainwreck of security and performance problems, garnering him contempt from industry players deeply invested in the software platform. Today, Google’s Android platform is getting same brutal appraisal, but it’s coming from Android’s own fans.”
Yet another Android security bug can render your phone silent. “By either installing a malicious app on an Android device, or directing users to a nefarious website, hackers can cause an Android device to become ‘apparently dead — silent, unable to make calls, with a lifeless screen,’ Trend Micro explained. If the exploit is installed through an app, it can auto-start whenever the device boots, causing Android to crash every time the device is powered on.” From what I’m reading on other sites, if the bug is activated by just visiting a malicious site, you can reboot the phone and you’ll be fine. I’m reading a lot of different takes, though – I think this is still developing.
Ewww. There is a really nasty Android bug out there. “It’s like something from a bad movie: eager to learn the details of the bad guy’s dastardly plot, the good guys hack his phone armed with little more than knowledge of his phone number. No physical access to the phone, no tricking him into opening some shady application; just a quick message sent to his phone, and bam — they’re in. Alas, that’s essentially how a new Android hack works, according to researchers… and the vast majority of Android devices are vulnerable.”
I’m going to share this with you, and then with my husband, because phone spam drives him bonkers: How to Block Numbers that Haven’t Called or Texted You First.
Good stuff from How-To Geek: How to Create Geographic Event Triggers with Your Smartphone and IFTTT. I need to create one to remind me when I go to Sheetz: “Those Wisconsin cheddar bites will do you no good.”