POSTS TAGGED: security

Thwart Password-Stealing Eyes with TimePIN

unnamed

Don’t you hate it when you are stuck in a crowd and you need to unlock your mobile device? Sure, the vast majority of the time, nobody’s genuinely trying to sneak a peek at your lock screen code—but you never truly know who’s watching. Because of the potential danger of having others learn our lock screen codes, we all try various “techniques” to thwart would-be prying eyes. But let’s face it—if somebody really wants to stealthily learn your lock screen code, there’s a good chance that they’ll find it.

Rather than using a single, predefined unlock code, wouldn’t it be nice if you could have a time-based PIN that changes so that a passwor. . . READ ON »

9 comments Read On

Yet Another Reason to NOT Trust “Trusted” Companies: Facebook Can Now Read Your Text Messages

facebookpermissions

Remember all those times when we here at the XDA Portal have told you that privacy is important? Despite many people thinking that we are all just a bunch of nerds wearing tinfoil hats, we do have our reasons to be somewhat paranoid. After all, we’re quite sure that you wouldn’t like the idea of having somebody snoop around your cell phone for all the naughty pictures and messages sent to and from your significant other. If you couldn’t care less about who reads the information on your device, then you might as well just go ahead and install Facebook. Yes, the Facebook app for Android. Yes, the free one from the Play Store. But, wait… Why would this app even be highlighted here? If this caught . . . READ ON »

5 comments Read On

Samsung Responds to KNOX MitM Attack “Vulnerability”

Untitled-1

About a month ago, we talked about a recent study (PDF) stating that most security vulnerabilities on Android are ultimately due to OEM customizations. And surprise, surprise—this can even happen on devices with technologies designed to protect users.

Late last month, security researchers at Israel’s Ben-Gurion University of the Negev discovered a security vulnerability that allowed a user-installed application to intercept unencrypted network traffic. Rather than describing this as a flaw or bug, Samsung labels the vulnerability a classic Man in the Middle (MitM) attack, which could be launched at any point on the network.

Samsung was also quick to state that this type of attack can be th. . . READ ON »

no comments Read On

Snapchat: A Lesson in How NOT to do Security

Snapchat logo

Here at XDA, we focus on bringing you news about what developers are up to on the forums or significant changes in the mobile industry. Today though, I bring an analysis of some recent news about goings-on in the security world in relation to a particular mobile application you may or not have heard of: Snapchat.

Snapchat is best described as a gimmick application, widely used by teens to send each other photos and short videos, which “self destruct” after viewing, preventing copies being made, etc. Before the security world tries to spear me on a stick and roast me, allow me to point out that Snapchat is an entirely flawed application. It’s not possible to achieve what they are trying to do, as t. . . READ ON »

Tags:

10 comments Read On

CyanogenMod Adds WhisperPush Secure Messaging into CM10.2 Nightlies, CM11 Integration Soon!

Capture

While secure text messaging systems have been available on Android for quite some time, many users (even power users) have failed to set them up on their devices. This isn’t because privacy isn’t important, but it’s often one of those things you don’t think of until it’s too late.

Now, CyanogenMod is taking a great first step by incorporating an existing and open source secure text messaging platform into CyanogenMod. The integration comes in the form of TextSecure, which is maintained by Open WhisperSystems and lead engineer Moxie Marlinspike. Moxie is also in charge of the CM integration of the app, ensuring functionality and a degree of security. New to the CM impl. . . READ ON »

no comments Read On

Google Pulls HushSMS after Flash SMS DoS Info

unnamed

Not too long ago, we talked about the Flash SMS (class 0) DoS vulnerability affecting the current lineup of Nexus devices. Discovered by Romanian security researcher Bogdan Alec, the vulnerability was such that Flash SMS (class 0) messages sent in rapid succession would cause unexpected behavior on various Nexus devices. Curiously, though, the bug only affected Nexus device owners.

Luckily, the vulnerability was never all that damaging. After all, the worst outcome that has been seen so far is data loss due to a device reboot. That said, the vulnerability certainly opens up users to annoying pranks and spam that can get in the way of essential productivity.

Now, the vulnerability has claimed its first ma. . . READ ON »

2 comments Read On

Google Nexus Devices Vulnerable to DoS Attacks, Protect Yourself with Simple App

ddos-attack-335px

Due to their expedient updates and lack of potentially vulnerable carrier and OEM addons, Nexus devices are considered to be among the safest Android devices. Being certified by Google mean a lot, but everything has some vulnerabilities, and newest Nexus devices are no exemption.

According to Romanian security researcher Bogdan Alecu, the Nexus lineup is vulnerable to a denial-of-service attacks based on a special type of SMS. This attack relies on Flash SMS, short messages displayed on the screen without being stored in the inbox. These are most often seen in pre-paid contract plans, used by a carrier to send messages with recent costs.

As it turns out, Flash SMS messages sent in rapid succession can cau. . . READ ON »

10 comments Read On

How to Disable the Annoying Certificate Popup in KitKat

Android-security-apps

My mother always told me that security matters. And she was right. Security is important, as right now, devices can be hacked, phished, or scammed in multiple ways. That’s why protections are so important, especially in public areas. Security certificates were invented and widely used to prevent thieves from stealing our data.

It appears that security matters to XDA Forum Member forceu as well, as he wrote a guide on installing a custom security certificate to bypass the “Your network could be monitored” message when connecting to certain networks in KitKat. This pop up can be annoying, and it forces you to ignore the message when it could actually matter.

Forceu then discovered that c. . . READ ON »

no comments Read On

Shock and Awe: OEMs Cause Android Security Issues

Home_Alone_Boy1

It should come as no surprise that here at XDA, we are always calling on the OEMs to do a better job of removing the bloat of their custom UIs (Samsung – we’re looking at you and your now insane TouchWiz size) and improving the overall user experience. What may come as a shock to some, though, is that a recent study by researchers at North Carolina State University says that those same OEMs, and their incessant need to have a custom UI as some sort of “branding,” are directly responsible for most of the security issues found with Android. Cue Home Alone face.

In all honesty, we really shouldn’t be all that surprised. XDA Elite Recognized Developer jcase gave a great talk at XDA:Dev. . . READ ON »

9 comments Read On