Galaxy K Zoom, Snooping Skype, Smash a Phone for a OnePlus One – News Bits

3G intra-circle roaming now allowed in India

Earlier if an operator didn’t have a licence for operating 3G services for a region, they tied up with an operator which had the required licence in order to provide these services. The government office of TDSAT (Telecom Disputes Settlement and Appellate Tribunal) came up about a year back and put up a ban on such tie-ups. This ruling caused operators to abruptly stop providing 3G services where they didn’t have a licence to operate.

Now finally after a prolonged period of rumination, TDSAT has reversed the ban on operator tie-ups for 3G services. Hopefully operators will bring back their old tie-ups and start 3G services soon in most regions. This should bring a boost in 3G penetration in India with this in effect.

More on this from Medianama.

Is it a Phone, Is it a Camera – Samsung Galaxy K Zoom?

Samsung unveiled the latest Samsung Galaxy K Zoom, a camera centric smart phone this week. Don’t get us wrong, this is not a slim and sleek mobile phone. The form factor of the Galaxy K Zoom is more like a point and shoot camera with smart phone functionality baked into it.

The camera has a 20.7 megapixel sensor with a retractable lens system. It features Optical Image Stabilizer (OIS) to minimize motion blur due to shaky hands. The Zenon flash on this allows for better nighttime shots. The smart phone side of the device is powered by Android 4.4.2 running on a 1.3Ghz hexa-core processor, 2GB RAM, 8 GB of Internal Storage and a 2430 mAH battery.

Take a look at this video to see what the Galaxy K Zoom has to offer.

Get more information about the product on Samsung’s page.

http://www.gizmodo.in/indiamodo/Samsung-Galaxy-K-Zoom-Smartphone-Unveiled/articleshow/34376821.cms

Security goof up by Skype

It seems like Microsoft has performed a security no-no here with Skype. It looks like they’re storing Archived Messages, Contact Information, and more unencrypted on the device in a local database. It’s also quite easy for a novice programmer to gain a hold of all your Skype conversations and contacts if they access your device or system. So you may want to be careful with your laptops and devices by password or pin protecting access to them to ensure that no one has access to it. Read more about this from Security Affairs

Smash your Phone and get a OnePlus One at $1

OnePlus One
The latest entrant into the smart phone race, OnePlus, has launched their latest OnePlus One. A CyanogenMod driven phone runs on a Qualcom Quad-core processor, 3GB RAM and 16 or 64GB onboard storage depending on the variety you get.

The smart phone is powered by a 3100 mAh battery which should go quite a way between recharges. With Global LTE (4G) support, NFC, Bluetooth 4.0 you’re covered by most global networks and accessories. The phone also comes with 3 microphones for active noise cancellation. In the camera section, the One Plus One comes with a 13 Megapixel Sony Exmore camera with Dual LED and a front camera is a 5 megapixel one. The phone can record video in 4K resolution.

As you can see the specs of the One Plus are really good, inline with most flagship phones. What’s amazing is that OnePlus plans on selling the 16GB version for just $299 (approx. Rs.18,000) and the 64GB one for $349 (approx. Rs. 21,000). These are killer prices for a flagship device.

Now, they haven’t started selling these phones yet. You can enter the Oppo Smash the Past Contest where you send them a video of you smashing your current smart phone and win a chance of buying a OnePlus One at $1 and 3 invites to buy the phone, which you can give your friends. Check the contest and contest details over at: oneplus.net/smash. It’s not any old smart phone they want you to smashup, but the latest line of flagship phones from other manufacturers!

If you’re not yet ready to smash your current phone to buy a OnePlus One, the company says that you may have to wait till June to get your hands on one.

Careful where you charge, your iPhone can be hacked by a malicious Charger

It’s not just apps from app stores which can infect your phone these days, a bunch of Georgia Tech hackers at the Black Hat US conference have revealed that the just the act using your phone while it’s charging from an unknown charger can let hackers in. While the iPhone is considered to be quite a secure device, their technique showed how easy it is infect your phone by plugging it in.

They used BeagleBoard to create a malicious charger, which they call the Mactan. When an iPhone user connects their phone to a Mactan ‘charger’, they run the risk of having their phone compromised. In the demo which they performed when the user unlocks the phone while it’s on charge, the Mactan  replaced the Facebook app on the phone with a fake version which had a malicious payload.

The hacker stated that the payload could contain malicious code which takes the screenshots when passwords are entered, send data from the phone to a remote server, and much more! If you’ve not jail-broken your phone, it doesn’t matter – this exploit can still work on your device, and did I mention that all this takes under 60 seconds? Scary Stuff!

Luckily it looks like Apple will be rolling in a patch for this in iOS 7 which is due to be released shortly. Till then stay safe and don’t charge from unknown charging stations, who know what’s lurking behind those wires. We leave you with a parting thought from the makers of Mactan – “While Mactans was built with limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish.”

Sources: here and here

 

Fake Netflix App Steals Data on Android Phones

Netflix, one of the top most acclaimed applications for Android users took a while to expand its support to all Android users including Android 2.2 (Froyo) and 2.3 (Gingerbread) Since there was a gap in availability with more number of users attempting to get this application on their Android device created a perfect space for Android.Fakeneflic, a Trojan horse whose geographical distribution is low but threat containment is easy. The researchers from Symantec computer security firm published about this Trojan in a blog post.

The Fake Netflix application has only two parts, the login screen and the loading screen. Like the legal Netflix application, the Trojan asks for a login and password. When the ‘Sign In’ button is given a hit, a screen pops up indicating that the Android device is incompatible with the device’s hardware and it recommends to install another version of application in order to resolve the issue. In the mean time the account information is stolen and sent to a server. Also there is no attempt to download the recommended solution. When the user chooses the ‘Cancel’ option, the application tends to uninstall itself. When the uninstall process is interrupted, the user is being returned to the previous screen with the incompatibility message getting displayed. It is still not very much clear on how much amount of information the Trojan can access. However Semantec claims that the information is stored offline.

Though people from CNET entertain the fact that the Fake Netflix application is just a test application, this could cause a great threat to the users if the information reaches wrong hands as many of them have same username and passwords for multiple sites. However this affects the people who side-loaded the application outside the official market, where as people who received Netflix from the user market had no issues.

The malicious applications are versions of legitimate applications that have been modified to include a malware. It is then it is repackaged and distributed. But here, in this case the application is a completely different program.

The Security company partially blamed Andriod`s hardware fragmentation problems stating “multiple unsanctioned developer projects sprung up attempting to port a pirated copy of Netflix application to run on devices that are not officially supported“. This leads to bad behavior. Even Peter Vesterbacka, one of Rovio’s founder and an Angry bird developer said, “Android is growing, but its growing complexity at the same time. Device fragmentation is not the issue, but rather the fragmentation of the eco-system. So many different shops, so many different models. The carriers messing with the experience again. Open but not really open a very Google-centric eco system“. But the platform can’t be blamed completely.

Though Android has gained the most market share in the mobile world, on the other hand it`s also a horrible mess of bugs, low quality OEM designs, terrible engineering and there comes Security Vulnerabilities popping up constantly. One has to be more careful if he downloads software from a third-party user.

Key Tips to Protect Yourself from Phone Hackers

The latest news about the now-obsolete tabloid ‘News of the World‘ gave me a shock. The critically acclaimed Royal family, the terrific murderers, pathetic murder victims, and almost everyone became prey to the phone hackers (sorry, they are the so-called journalists). Now that the tabloid has been closed forever we shouldn’t be happy thinking that this is the ‘happily ever after’ ending for the phone-hacking business.

Somewhere in this same world there will be phones getting hacked when you are reading this article. We aren’t modern day Robin Hoods to stop the people from doing evil but what we could do from our side is, follow these simple steps to ward off the hackers from our valuable phone.

1. Is your Password Powerful or Pathetic?

I know many people who still use the default passwords for their phone even years after buying the phone. The default password will be same for the whole company for instance if your phone is of Nokia brand then the password of all phones produced by that brand is 12345. To crack this code no special intelligence is needed.

Change these default passwords first. As soon as you buy a phone and put your sim card change all the default passwords. However, most people end up changing the password from default ‘12345’ to obvious ‘22222’. Some people are so naïve that even a hacking amateur can easily hack their phones.

You must avoid the following while choosing your passwords –

  • Birthdays of any kind (yours, spouse’s, kid’s, etc)
  • Anniversaries
  • Your name’s number format. For instance, DEEP = 45516
  • Last few digits of your social security number

Keep your password totally random.

Tip – Don’t write down this password anywhere; one of my cousins has kept a really hard-to-guess password but she wrote it down and kept it in her clutch where she keeps her mobile too.

2. Lock your phone

What’s the use of keeping cryptic passwords without using them? It is as similar as not having a password at all. Keep your phone locked always especially when you are surrounded by quite a lot of people. I know it too obnoxious to lock and unlock each time you receive or send a message, but if you love your phone you don’t have any other option other than locking your phone (until someone finds phone locking system with biometrics).

Especially if you are a proud owner of a smartphone then definitely your phone should be under lock always. Unlike conventional mobile phones which needs a passcode to access voice mails, smartphones allow users to access the voice mailbox with a single touch (thanks to the voice mail Apps) irrespective of the user’s identity.

3. Hacking your phone, without using your phone

Your phone can be hacked without the help of it. Yeah, a hacker can simply call from an outside line to your service provider and access your voice mailbox. All he needs is your social security number or some other personal detail. The default passcode may me jus 0# or 0, etc.

To avoid these type of mishaps call your service provider and change the pass-code to access your voice mailbox and also discuss with them about increasing the security levels.

You may not be a big shot to get hacked, but once you get hacked then you will surely become a big shot (of course in the negative sense). Therefore, build up a Crypt (above said points) for your Phone right now!

The Big Clean Up by Google

There’s been another security snag; and this time it has affected people from world over at one go. The default Google apps on Android are leaking user’s credentials and information potentially allowing others to access users’ contacts, calendar, and private photos.

The Ulm University in southern Germany has conducted a research which has brought forth the aforementioned results. This flaw affects an estimated 98 percent of Android users. There are 100 million activated Android devices and 400,000 new devices activated every day. In this light, the threat endangers the personal lives of many as well the business interests of a few.

The researchers tested many Android versions and discovered that those using Android versions older than Android 2.3.4 (Gingerbread) are completely susceptible. According to Google, the devices that accessed the Android Market till May 2 this year, 99.7% of those ran versions older than Gingerbread.

Mike Paquette, Chief Strategy Officer at Top Layer Security feels that Google is dealing with a serious vulnerability and users could lose a lot of classified information. But he does not think it is the catastrophe it is being made to be as the attacker would need some physical proximity with the victim to steal the authentication tokens that enable theft. “This attack is similar to another known technique called ‘session ID stealing,’ where attackers could gain access to a user’s e-mail account by ‘stealing’ an active session ID by ‘listening’ on a public Wi-Fi network“, Paquette said.

The engineers at Google worked hard to fix this gaping hole on their platform. Late last week, Google responded with an official statement, “Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in Calendar and Contacts. This fix requires no action from users and will roll out globally over the next few days“. It’s a good thing that they could fix this issue on the server-end without requiring firmware updates because we know how notoriously slow manufacturers and carriers are at rolling out these updates. Since started the roll out last week, so we’re hoping that they’ve finished rolling these out globally.

Even though they’ve identified the problem and fixed it, mobile and laptop users should stay away from using open public Wi-Fi networks. Who knows what else people who are snooping around these networks can gather based on what data your phone is sending out. If your apps use a non-secure http connection instead of the secure encrypted https connection to exchange data with the server, any information the app is sending out can be intercept and stolen by anyone snooping on these networks.

99% of Android users are at risk of leaking crendentials [Updated]

Android sales are at an all time high, and there appears to be no stopping Google’s mobile-OS juggernaut. But, how safe and secure is your personal data and credentials? According to a study at the University of Ulm in Germany, the answer to that question is rather shocking. The study reports that 99% of Android users are at risk of leaking digital credentials when they visit certain websites or connect to unsecured Wi-Fi networks. This is caused by the improper implementation of ClientLogin — an authentication protocol. This is prevalent in Android 2.3.3 and earlier. Every time an Android user logs onto a service such as Twitter or Facebook, authToken data is stored for upto 2 weeks, and this data can be accessed by those who know to go about it. According to the researchers:

“To collect such authTokens on a large scale an adversary could setup a wifi access point with a common SSID (evil twin) of an unencrypted wireless network, e.g., T-Mobile, attwifi, starbucks…With default settings, Android phones automatically connect to a previously known network and many apps will attempt syncing immediately. While syncing would fail (unless the adversary forwards the requests), the adversary would capture authTokens for each service that attempted syncing.”

Android 2.3.4 has had this lapse in security patched up, however with OEM’s struggling to roll out updates in a timely fashion, you might want to stay clear of unsecured networks and only use ClientLogin on https websites in the mean time.

 

UPDATE: Hours after this post was published, Google acknowledged the security issue and assured users that a fix would be available within a day. The best part, the changes are made by Google on the server-side level and will require no tedious update or changes made to your Android device on your part. Trust Google to hit the ground running that fast. Kudos.

Facebook and Android – Prone to Security Attacks

Do you know what is hot with Facebook at present? Being vulnerable to security attacks! Well Facebook is one of the toppers of social media both for fun and business. Millions of people rely on Facebook for total control and out-of-control activities in their personal lives. And, millions of businesses rely totally on Facebook for marketing, promotion and other kinds of serious stuff. Now, to all those people this is really a bad news; but it is true and we have to be aware of it. Recently, there have been reports that Facebook users are attacked by potentially unwanted sites for about the past 12 months. If you have found your Facebook friends behaving in a strange manner with posting updates on your wall, then they are not to blame. AVG Technologies have found something shocking to throw light on it.

Your friends are probably victims of the security attacks where these sites pull your friends by offering some links that are highly tempting to click through. For instance, the OMG kind of videos or links that is highly compelling to click – “OMG you won’t believe what this teacher does to his student in front of the camera!”. Your friend (or even you) click it, complete a survey and provide much information to those people behind this. Those who provided far too information to get those ‘compelling’ stuff will surely pay a price in terms of their security. Off-course, there are ways to avoid the security hazards.

Now, if you have clicked the link and provided your personal information or access to applications, you are not the only victim. Your Facebook friends also become victims because of your act. The culprit link is then reposted via your profile to your friends’ wall; can you just imagine the potential reach? Well it is what is happening now with Facebook and the attacks have started to come in right from the beginning of this year.

While it has already been established that Facebook contributes to more than 60% security threat to businesses back in 2010, the percentage will surely rise due to current attacks. According to AVG the increase in the number of applications and people installing them is the major cause of these security issues. All applications want access to Facebook account information and permission to post on walls. So the consequences could not be predicted unless every application carries a ‘clean’ tag.

Even more sadly this issue is not just with Facebook but lately with Android too. AVG tells that phones are just like Facebook in lack of security but creating a false sense about the same. With Android the problem is serious because most of the applications and malware are popular among users themselves and the platform is open source. Isn’t that a good place for hackers and cyber space criminals?

So where does it all end? Common sense! Watch out for spam and never make the mistake to fill in your personal information for anything funny or dirty. You could put the whole cyberspace into risk. As you see, you become a victim and your friends do and so do your friend’s friends. This causes an avalanche. So why not be vigilant and save the disaster?

With your phone, never allow access to any applications; do not automatically download open source software when you are connected to free internet (I know that’s tempting). Have reliable antivirus software. One moment of negligence could cause a big disaster; it’s Butterfly Effect!

Can you trust your Smartphone?

The phone is smart, but the users need some assistance in getting smarter. The Smartphone is, as its name suggests, extremely intelligent not just with the applications it facilitates, but also with the false impression of security it gives to its users.

[ad#ga-cbox-right]Smartphone users are very vaguely sentient of the risks their devices pose to the information they put on it or transfer through it. This was proved by a survey of 1,600 smartphone owners from across UK, France, Spain, Italy and Germany; by a security firm Kaspersky. It established that 27 percent of the participants were “highly concerned” about security on their devices.

According to the 1,600 people who took the survey; nearly one-third kept sensitive information like bank account PINs, e-mail passwords, identification numbers on their smartphones, which made their finances vulnerable to outside infiltration. Of these users, only about half were aware of anti-virus software for their devices, and a measly 10 people actually used the software.

This is seen in the light of the recent malware attack on Android. Google identified 50 apps that were secretly pushing malware onto phones with the apps downloaded, and those security breaches were leading to further breaches. Google has taken prompt action by removing the apps from its Android market and using a remote “kill switch” that allowed forcible removal of downloaded apps from infected handsets. Google has further said that the defenselessness the apps exploited can be fixed with the Android 2.2.2 update, but Android has not allowed every user to get an updated version, thus raising questions about the clean nature of the apps and the safety of the device.

Meanwhile, Google is also working on a software patch to fill the gap and is sending out emails to affected users to help them whatever way it can. Although Google can create the patch, it cannot distribute it; as that job belongs to the carriers and handset manufacturers, which in a way implies that the patch might not reach every user, thus leaving a possibility for another malfunction. To add to Android’s helplessness is the open nature of the Market, which is a selling point in comparison to Apple’s iOS platform for the iPhone and iPad, but leaves the Market open to such attacks.

All major service providers seem to be sailing in the same susceptible boat. Apple’s iPhone is no safer than Google’s Android. Apple does screen its apps, but it would be a lie if it claims to thoroughly screen the 350,000 apps in the iTunes App Store so as to guarantee complete safety and absence of malicious apps.

On the other hand, Android users are at an advantage because if they pay attention to the apps that are accessing the Internet and other systems on their phones, they can prevent an attack on their device. Any app on Android has to take the user’s permission and specify what it intends to access, and these items are enumerated in a push notification. The user has the opportunity to vet the app and prevent it from accessing unnecessary and unrelated apps. For example, a wallpaper app does not need to access the internet or interfere with the gaming app. This kind of screening does not take a lot of research to understand and practice. This is the most basic protection the user can ensure when they use any app, and it will restrict the reach of the malware. Any anti-virus software, for these devices, will have a pretty limited capability, especially while trying to deal with viruses that haven’t even been identified or encountered yet.

Users and creators need to make the “smart” in smartphones more bankable and need to strengthen their security softwares so as to ensure maximum protection to user and device.

Android’s Dream Shattered by DroidDream

In today’s world, one needs to be smarter and faster; and that only comes with devices like the Smartphones and tablets. With advanced technology come innovative threats to authenticity and security of the devices. McAfee has reported a list of malware threats to mobile gadgets. It is not just a vague theoretical threat, but it has shifted to the realm of the actual in the form of “DroidDream” which has made its way into Google’s official Android Market.

This attack came to pass a week back and was attached to multiple applications posted to the Google-run Android Market and many third party app markets. With a mere $25 entry fee to publish your application on Google, spammers and malware writers are encouraged to infiltrate into official territory. The security cover for mobile devices is not as sophisticated as it is for PCs. Given Android’s easily penetrable app culture, the door for malevolent apps is wide open. Anti-virus firm Symantec explains that threats have been on the rise in recent months, when previously they were limited to more “proof-of-concept type exploits”.

Over 50 Trojan apps were identified and expunged by Google as soon as the word spread. Kevin Mahaffey, CTO of Lookout, a mobile device security tools maker, explains the Android malware discovery as – “DroidDream is packaged inside of seemingly legitimate applications posted to the Android Market in order to trick users into downloading it, a pattern we’ve seen in other instances of Android malware such as Geinimi and HongTouTou. Unlike previous instances of malware in the wild that were only available in geographically targeted alternative app markets, DroidDream was available in the official Android Market, indicating a growing need for mainstream consumers to be aware of the apps they download and to actively protect their smartphones“.

For the first time in history, a malicious attacker can send a packet of data and money foes flying“, said John Hering, CEO of Lookout Mobile Security. The money is on the tablet computers and mobile devices which are linked to personal information, internet as well as the carrier billing system.

The Android malware has been attached to legitimate applications and posted to third-party stores. Dave Marcus, Director of Security Research and Communications from McAfee Labs, elucidates, “Analysis has shown that these apps can break out of the typical sandbox that most apps reside in, to potentially gain control over the entire device and its data. In terms of attacks and malware, it doesn’t get any worse than root access, which this malware has“.

This is not to say that Android is not inherently safe, it is to encourage users to exercise caution and not blindly click ‘OK’ to all the warnings that pop up while installing an app. Given how quickly Google removed the infected apps, it is not out of order to trust Android, but it gives an idea of how foolproof it is.

I say it loud & clear – Apply your own brain to what you use, even when it comes with an official tag.

Lookout – Security and backup for Android devices

Lookout is an Android app which does multiple tasks –

  • It keeps your device safe from Malware by scanning any new app you install and make sure it’s safe,
  • Lookout also comes with an online service which allows you to back up data from your phone to their servers,
  • You can  track the location of your phone from their online site if you loose your phone.

One of the uses of this application is to find your device when it goes missing. When you install this application, you’re promted to sign up for an account. If you’ve misplaced your phone, just head over to Lookout’s online server and sign in with this account. Once you log-in you get options to locate your device on a map. For better accuracy, you’ll have to enable GPS on your phone by default. I checked the service without GPS on, and it still did a good job of locating the device based on the wireless networks. If you still can’t locate the phone, use the scream option on the website, and it sends a request to your phone to make a very loud sound so you can find it. This request may take a while to get to you phone based on the network connectivity. The “Scream” continues for a minute, so if you find your phone before that, use the volume control to turn off the noise.  It is LOUD, so you may not want to try it out at office (like my friend did) !

You can schedule the app to run automated backups of your contacts, call logs and pictures from your phone to the Lookout Servers. If you’d prefer not to backup any of these, you can choose to remove them from the backup list as well.

You can also setup Lookout to automatically scan for viruses and malware on your Android device. You can enable the Antivirus to run automatically and scan for malware automatically when you install a new application. You can also scheduled automated virus scans of your phone at customizable durations. And you can always run these tasks manually if you wish to do so.

QR for Lookout

If you’re looking for a good recommendation for Lookout, check out how app helped catch a thief – here’s the news video

You can get this app from the Android Market by scanning the QR code on the right or head over to Lookout’s Mobile Site www.mylookout.com/m/android using your mobile web browser.

Here are more screenshots from the Lookout Application for Android: