Google’s Project Zero released a proof-of-concept attack against a Wi-Fi firmware vulnerability in Broadcom chips that backdoors the iPhone 7. The flaw was patched in iOS 11.
Bluetooth is an important smartphone technology, allowing us to transfer files, or to listen to music, wirelessly. It’s so useful that many people leave it switched on all the time.
But researchers have discovered a vulnerability in the technology that allows hackers to take control of a victim’s phone remotely. Known as “BlueBorne”, the technique can be used by hackers to connect to a nearby phone, install malware, steal data, or delete important personal information. And it takes less than 10 seconds for them to break in.
Most worrying is that the BlueBorne hack works on almost every smartphone – Apple, Android and Windows Mobile devices are all vulnerable to attack.
The good news is that manufacturers were alerted to the risks of BlueBorne weeks before the news went public. They have spent this time developing fixes for the vulnerabilities, blocking the weaknesses used by the hackers.
Both Windows Mobile and Apple iOS have already been patched – users need to update their phones as soon as possible. Unfortunately, any iPhone stuck on iOS 9 or earlier cannot be fixed, so users will need to seriously consider buying a new phone to protect themselves.
Patching Android has been much slower unfortunately. Google have a fix ready for their Pixel XL handsets, but older phones are still without full protection against BlueBorne. Patches will be released, but it may take days or weeks for these updates to make it onto users’ phones.
You can check whether your Android phone is affected using the free BlueBorne Vulnerability Scanner.
One important warning however: always ensure that you only download patches and updates from your handset manufacturer. Never, ever install security updates from a third party, or you may end up infecting your phone yourself.
Turn off Bluetooth when not in use
Although leaving Bluetooth enabled all the time makes using your phone easier, it also increases the risk of falling victim to BlueBorne hackers. If you can, disable Bluetooth completely; it is much safer to leave Bluetooth switched off completely until a patch is released.
If you must use Bluetooth, enable it only when required to reduce opportunities for hackers to crack your phone.
Install anti-malware software now
Waiting for an update for your Android phone is not really an option. Until the patch is released, your phone (and data) are at risk of being hacked. Remember – it only takes 10 seconds to take control of your phone.
In order to prevent any other kind of threats, the best option is to install an antivirus app on your mobile devices.
While you wait for a BlueBorne patch for your Android handset, download a trial of Panda Mobile Security to keep yourself protected now.
The post BlueBorne Bluetooth hack could affect millions of smartphones appeared first on Panda Security Mediacenter.
Microsoft fixes 25 critical vulnerabilities including one zero day under attack and one tied to the high-profile BlueBorne attack vector.
The Onliner spambot, Google’s forthcoming Not Secure warnings for Chrome, the WireX botnet, Sarahah privacy and more are discussed.
Oreo Android, the sweetest version?
What does an Oreo cookie, a donut, a marshmallow or a lollipop have to do with your smartphone? Well, believe it or not, the names of all those sweets indicate the Android operating system installed on your cell phone.
After months of speculation about the new features to be included in the new Android operating system, August 21, the day of the solar eclipse, was the date chosen by Google’s engineers to unveil Android 8.0, codenamed Oreo. This new version allows you to minimize videos to a small window in any corner of your screen so that you can video chat while you’re checking your calendar or writing an email, for example.
However, the trend of codenaming Android releases after sweets and desserts is nothing new. Despite Android’s first two versions were unnamed: Android 1.0 (launched in September 2008) and Android 1.1 (released a year and a half after the first one), all subsequent Android versions have received tastier names than their predecessors.
Version 1.1 was followed three months later by version 1.5 (April 2009). Despite incorporating some really cool features (such as the ability to associate the contacts on your phone to pictures, or record videos in MPEG-4 and 3GP formats), this release is mainly remembered for being the first one codenamed after something as sweet as a cupcake.
From then on, all new Android versions have received a name that is irresistible for those with a sweet tooth.
If it was not tasty enough, Android Cupcake was followed by Android Donut in September 2009. This version, which featured a quick search box and major improvements to Android Market, was followed a month later by Eclair (Android 2.0 and 2.1), with amazing live wallpapers which responded to your touch. Additionally, Eclair included live traffic information that allowed users to choose the fastest way to get to their destination.
Almost a year after Eclair’s release, Android decided it was time to offer users another delicacy with the launch of Froyo, short for “frozen yogurt.” This new version enabled users to control their phones using their voice.
In December 2010, seven months after Froyo was released, Android announced the launch of Ginberbread. This codename was used to refer to versions 2.3 and 2.3.7, which provided a smooth experience for both users and app developers. This release introduced support for NFC communication, which allows users to, among other things, make payments with their phone as if it were a credit card.
An Android version as sweet as honey
Just three months after the release of Gingerbread, Android launched Honeycomb in March 2011. Honeycomb was the first Android operating system specifically adapted for work with tablets, and featured a simple interface that allowed the use of wide-format images.
Ice cream sandwiches
Several months had to pass before Android 4.0, codenamed Ice Cream Sandwich, was released in October 2011. This version managed to satisfy users’ sweet tooth once again, with its new control technology and customization options.
Almost an entire year had to pass before Android 4.1, Jelly Bean, came out in July 2012. Jelly Bean was the first operating system to include a personal assistant with Artificial Intelligence. Plus, it provided the ability to use different user accounts on the same cell phone.
After a long break… Kit Kat
The technological advances included in Android 4.1 were so widely acclaimed that users had to wait more than a year for the next Android version. However, after the long wait, October 2013 saw the release of Android Kit Kat and its revolutionary ‘OK Google’. ‘OK Google’ allowed people to start a voice search, get driving directions or play a song without even touching their phones – just verbally saying the phrase.
Android Lollipop, released in November 2014, allowed the operating system to make the jump from smartphones and tablets to other types of devices. This update, which spanned versions between 5.0 and 5.1.1, marked the birth of the Android-based smartwatches, smart cars and smart TVs.
It looks as if, after Jelly Bean, Android made the decision to launch a single new version per year. So, 13 months after Lollipop was launched, Google released Android Marshmallow in October 2015. User devices (now spanning not only tablets and smartphones, but all sorts of devices), became even tastier with the new Google Now on Tap, a feature that provided quicker shortcuts and smarter replies, as well as improved security features.
June 2016 saw the release of Android Nougat. This version included a new Multi-Window mode and support for a new virtual reality platform called Daydream.
Some years ago, getting your phone wet was lethal. Today, however, Samsung’s latest spot for the launch of the Galaxy S8 smartphone features people taking pictures with their cell phones from the bottom of a swimming pool. Who knows if Android version 35, if Google continues with its habit of releasing a new version each year, will allow us to command our smartphone or smartwatch to make us some chocolate cookies…
What happens when cable and phone companies are left to their own devices?
Federal Communications Commission (FCC) will soon stop accepting comments on Net Neutrality. There has been a lot of confusion amongst people who are either not technology savvy or not familiar enough with the ongoing debate. We spent years following the conversation and researching the topic, so we wanted to give you the cold facts hoping you will make an educated decision.
What is Net Neutrality?
As you may remember before 2015 ISPs were not heavily regulated and were using tactics that are against the current policies of Net Neutrality. The years between 2005 to 2014, in particular, were like the wild west of broadband providers. There were cases of ISPs banning P2P usage, VOIP blockages, and at some point, ATT pressured Apple to ban Skype. People started voicing their opinion against the corporate practices, so Net Neutrality was born. New rules started being enforced on June 12, 2015, and ISPs were no longer able to execute similar methods without the risk of having to pay a hefty fine.
Earlier this year, Ajit Pai was appointed to govern FCC. He is an avid opponent of Net Neutrality and his “Restoring Internet Freedom” proceeding is getting close to repealing it.
What happens when Net Neutrality gets repealed?
If the new proceeding gets accepted, corporations such as Comcast, Verizon, ATT, Frontier, and Cox will have their control back, and they will again have the ability to act as content gatekeepers. They will even be able to impose new fees so paying $10 a month for accessing Facebook from your phone might happen sooner than later. You may have to upgrade to a ‘business account’ if you want to use Outlook from your home Wi-Fi. It will be similar to Vladimir Putin’s recent war on VPNs. North Korea and China have similar laws too. In your case, you won’t be blocked from accessing content as this decision would violate the 1st Amendment. However, millions of Americans who have access to only one ISP may have to choose to either pay an extra fee or give up on their favorite app or a TV show. Repealing Net Neutrality means that ISPs will stop being treated like utility providers. Some of the major internet providers in the US have already begun violating the current rules.
There are only a few more days left until FCC stops accepting comments about the planned repeal of Net Neutrality. The end date is scheduled for August 30th, 2017. Feel free to make your voice heard by leaving a comment in the “Restoring Internet Freedom” proceeding here.
The post What is Net Neutrality and How to Voice Your Opinion? appeared first on Panda Security Mediacenter.
Is telepathy texting the next step in technology communications?
With over 2 billion registered members, Facebook is the world’s most popular online service. But to maintain that title, Facebook is constantly developing new services to keep people logging in. In a recent video conference, Facebook chief Mark Zuckerberg discussed one of the cutting edge projects his team are working on. The top secret Building 8 division has begun to develop what they call a “direct brain interface”, or the technology that would allow to text by “telepathy”.
What would you do with a direct brain interface?
The direct brain interface is intended to capture the words you plan to speak as they pass through your brain. These thoughts would then be converted into text, ready for transmission – to a nearby screen, or even directly into the mind of another person using a similar interface.
Initially, Facebook hopes that their new technology will allow people with brain injuries or communication problems finally “speak” with the outside world. One scientist working on the project believes such a device would be “as transformative as the computer mouse”.
Taking the direct brain interface mainstream
Once the medical application has been proven, Facebook would naturally expect to take the interface mainstream. Zuckerberg described how he would like to see the technology used to send messages telepathically between Facebook users.
Because the technology is “decades” from release, it is hard to properly imagine what the interface could do. At the most basic level it will probably work like a person-to-person version of the Facebook Messenger app. Presumably users would be able to send text messages direct to the brain of their friends, anywhere in the world without having to lift a finger, or making a sound.
The potential for problems
Just like any computing device, there is always a potential risk that the direct brain interface could be hacked. Again, the specifics of such an attack are hard to guess, but could be relatively harmless, such as receiving unwanted advertising messages directly into the brain.
The outcomes of a cyberattack could conceivably be far worse too. Malware that increases processor activity could cause the interface to overheat, damaging the brain for instance. As the Stuxnet virus demonstrated, malware can cause physical damage. But if that damage is caused to devices connected directly to the human brain, the results could be catastrophic – potentially fatal.
Plenty of time to prepare
The good news is that Facebook’s telepathic text system is still a long, long way from even having something to test. It will be many years before we see a working prototype, let alone a unit that we can actually buy.
In the meantime, engineers will be hard at work developing security measures to protect users against hackers and malware. And as devices finally start to appear, you can expect to see new anti-malware products going on sale to add an extra layer of defence.
In the meantime, why not check if Facebook Messenger is properly protected on your phone with a free Panda Mobile Security download
Google’s August Android Security Bulletin featured patches for nearly a dozen remote code execution bugs impacting Google’s Pixel and Nexus handsets.
Smartphones have become a crucial part of our everyday lives; we shop, bank and network using our phones. But with so much valuable personal data being stored on these devices, they have become a top target for cyber criminals. If they can crack our phones, they can steal our identities, blackmail us for cash, or empty our bank accounts using scams.
As a result, hackers have been developing new ways to attack – the latest using SMS text messages.
For some years now hackers have used a technique known as phishing – emails pretending to be from our bank that try and trick us into handing over our account details. As people have got better at spotting phishing emails, less are falling victim, which means that hackers have changed their tactics, focusing on our phones.
Smishing is very similar conceptually; instead of sending emails however, the attackers are sending SMS text messages to their victims. Each of these texts is designed to trick people into handing over sensitive personal information – like their online banking PIN number. Others will encourage them to access a fake website, or to download an app that has been infected with malware.
How to spot a smishing message
Almost every smishing message has one thing in common – a sense of urgency. You will be told that your bank account has been compromised, and you must login using the supplied link immediately. Or that a routine security check has temporarily blocked access to your account, before asking you to confirm you password to restore access. You may even be asked to download a special app to improve the security of your account, the sooner the better.
The truth is that no bank sends urgent SMS messages; most actually rely on letters and secure emails to communicate important information. If you do receive a text message from your bank, it will never include a link – you will simply be directed to logon to the website at your earliest convenience, or to call their phone banking service.
Similarly, your bank will never send you a link to a website to download a new app. They may direct you to the official App Store or Google Play store, but most will send a push notification through their official app, rather than via SMS text message.
If you are in any doubt at all about a text message you receive, delete it. If the matter is truly urgent, your bank will contact you again. You can also give them a call to confirm whether there really is a problem.
Finally, you should always protect your smartphone with a reputable anti-malware app. In the event that you are tricked into downloading a malicious app, the anti-malware tool will conduct a scan automatically, and advise you that there is a problem before any of your personal data is stolen.
You can even protect yourself against smishing scams right now by downloading a free trial of Panda Mobile Security.
Apple released iOS 10.3.3 Wednesday that serves as a cumulative patch update for multiple vulnerabilities including the high-profile BroadPwn bug.