‘Masque Attack’ Vulnerability Allows Malicious Third-Party iOS Apps to Masquerade as Legitimate Apps
Just a week after new WireLurker iOS malware surfaced, there’s yet another vulnerability in iOS that can potentially be used to install malicious third-party apps. Called Masque Attack for its ability to emulate and replace existing legitimate apps, the flaw was discovered by security research company FireEye.
Masque Attack works by luring users to install an app outside of the iOS App Store, by clicking a phishing link in a text message or email. For example, in a demo video, an SMS message with a link attached was sent with the following text “Hey, check this out, the New Flappy Bird.”
Once clicked, the link directs to a website, which prompts the user to install an app. The app in the video isn’t Flappy Bird, but a malicious version of Gmail that installs directly over the legitimate version of Gmail downloaded from the App Store, making it virtually undetectable.
Masque Attack can be used to install fake versions of apps over legitimate App Store versions using iOS enterprise provision profiles, which are used for beta testing or by companies to distribute apps to employees without the need for the official App Store.
As explained in a blog post, as long as both the existing App Store app and the malicious imposter app use the same bundle identifier (a unique identifying number), the fake version will replace the actual app in a way that’s very difficult for the user to detect. The hidden malicious app is able to upload email messages, SMS messages, phone calls, and more, which is possible because “iOS doesn’t enforce matching certificates for apps with the same bundle identifier.”
While the attack cannot replace stock Apple apps like Safari and Mail, it is able to affect apps that have been installed via the App Store, and has the potential to be much more dangerous than other vulnerabilities like WireLurker.
Masque Attacks can pose much bigger threats than WireLurker. Masque Attacks can replace authentic apps,such as banking and email apps, using attacker’s malware through the Internet. That means the attacker can steal user’s banking credentials by replacing an authentic banking app with an malware that has identical UI. Surprisingly, the malware can even access the original app’s local data, which wasn’t removed when the original app was replaced. These data may contain cached emails, or even login-tokens which the malware can use to log into the user’s account directly.
FireEye has gotten the attack to work on iOS 7.1.1, 7.1.2, 8.0, 8.1, and the 8.1.1 beta. The company notified Apple about the vulnerability on July 26, but iOS users can protect themselves by not installing apps from third-party sources other than the official App Store, avoiding clicking on “install” popups in SMS messages or third-party websites, and avoiding apps/uninstalling apps that give an “Untrusted App Developer” alert.
iOS 7 users can check to see if they’ve been the victim of an attack by going to Settings –> General –> Profiles to see what provisioning profiles are installed. iOS 8 devices do not show installed provisioning profiles, making it more difficult to detect an attack.
Imagination Announces PowerVR Series7 Graphics, Likely Headed for Apple’s 2015 iOS Devices [iOS Blog]
Imagination Technologies today announced the launch of its next-generation PowerVR Series7 graphics architecture, setting the stage for further improvements to the graphics used in Apple’s iOS device lineup.
Series7XT and Series7XE GPUs achieve up to a 60% architectural performance increase on the latest industry standard benchmarks compared to equivalent configurations of previous generation PowerVR Series6XT/6XE GPUs, maintaining and extending PowerVR’s reputation as the most efficient, highest performance, lowest power GPU.
Of most interest to Apple users is the Series7XT family, which will be the successor to the Series6XT graphics used in Apple’s latest A8-series chips. The new Series7XT family ranges from two to 16 shading clusters offering up to 512 cores of graphics processing power, giving developers the ability to include “console-quality effects” such as HDR and 4K rendering in their mobile apps.
– PowerVR GT7200: 2 shading clusters, 64 ALU cores
– PowerVR GT7400: 4 shading clusters, 128 ALU cores
– PowerVR GT7600: 6 shading clusters, 192 ALU cores
– PowerVR GT7800: 8 shading clusters, 256 ALU cores
– PowerVR GT7900: 16 shading clusters, 512 ALU cores
Apple currently uses quad-core GX6450 graphics in its A8 chip for the iPhone 6 and 6 Plus, and more powerful six-core GX6650 graphics in the A8X chip found in the iPad Air 2.
Table adapted from AnandTech
PowerVR graphics architectures have typically taken on the order of 18 months from announcement of licensing to their appearance in products, but things moved much faster with the current Series6XT offerings. Those were announced in January at CES 2014 but made their way into Apple’s A8 chip in the iPhone 6 and 6 Plus just eight months later, suggesting the new Series7XT graphics could appear in next year’s A9 chips from Apple.
Imagination and Apple have worked closely together over the years, with Apple being a key investor in the graphics firm as it raised its stake to roughly 10 percent in mid-2009.
Last week, Google Voice users noticed that MMS messages were working on Verizon Wireless. Today, it was officially announced, and Google Voice also got another very cool update for all users. Native MMS support for photo messaging has been added, meaning that users will no longer get a SMS with a link.
You need to obviously opt in to Google Voice in Hangouts. Once you have done that, just attach photos to any SMS message, and it will be delivered as a native MMS. Those of you waiting for group messaging, have no fear because Google said it will be enabled in a future update.
source: +Dylan Salisbury
Come comment on this article: Google Voice adds native MMS support for photo messages, Verizon officially on board
We first heard the Navy was developing a minesweeping robot boat last year, but now it’s closer to a reality. Dubbed the Unmanned Influence Sweep System (UISS), it’ll accompany the Navy’s new, high-tech Littoral Combat Ship (LCS) to explore and detonate explosives in suspected minefields. The Navy tapped Textron Systems last September to develop a UISS prototype for 2016, along with six complete ships by 2019. While it’s not our military’s first robotic vessel, it may end up being one of the first that’s more than a glorified patrol ship.
The UISS will basically be the LCS’s minesweeping buddy. It uses an acoustic generator and a magnetic cable to trick mines into thinking it’s a much larger ship. Naturally, the UISS should be able to take major blasts — at least more so than the Littoral Combat Ship, which can be sunk with just a single anti-ship missile. The LCS isn’t meant for large-scale naval battles, though; instead it’s designed for tackling small fast-attack boats in waters too shallow for bigger ships. Even so, the fact that it can’t really take a hit has come under criticism since it cost a whopping $37 billion to develop.
[Photo: A UISS prototype/U.S Navy]
Filed under: Robots
Via: Popular Science
New York City isn’t always kind to ridesharing services like Lyft and Uber, but those companies have just gained an important ally. BuzzFeed News has learned that state Attorney General Eric Schneiderman recently sent a letter to NYC’s Taxi and Limousine Commission (TLC) opposing rules that would limit firms to dispatching exclusively affiliated drivers unless they strike deals with rivals. To Schneiderman, that creates “serious antitrust issues.” Companies would frequently have to collude with each other to grow, and the rule would favor well-financed outlets that can lure drivers away, such as Uber. Instead, the official suggests an approach where transporters can affiliate with any company that shares the same worker’s compensation system.
The Commission hasn’t publicly responded to the objection, although it delayed a vote on the rule after receiving a flood of negative comments. At a minimum, it’s aware that this isn’t a popular idea. It’s clear that Uber is on the Attorney General’s side, though — while it might see some benefits if the measure passes, it’s concerned that it would lose as many as 3,000 part-time drivers that would be forced to choose a single outfit. Schneiderman’s letter isn’t binding by any means, but there’s no doubt that the TLC is now under a lot of pressure to rethink its strategy.
Source: BuzzFeed News
Mo Versi, HTC’s Vice President of Product Management, has today announced via Twitter that the Taiwanese company will start rolling out the much-anticipated Android 4.4.4 Eye Experience update to all Rogers, TELUS and Bell-branded variants of its flagship smartphone, the One M8, located in Canada, starting tomorrow, November 11.
Hit the break for the full changelog.
- Radio stability improvement
- Transition improvements
Eye Experience Implementation:
- Split Capture
- Photo Booth
- Auto Selfie
- Voice Selfie
- Video Face Tracking
- Live Makeup
- Video Screen Sharing
- Camera stability
- Video highlight stability
- Zoe 1.0
At 9:00am (PST) tomorrow, you should be able to initiate the upgrade manually. To do this, make sure you’re connected to a Wi-Fi network. Then, from the home screen, press the Menu key, followed by Settings. Scroll to the bottom and tap ‘About Device’, followed by ‘Software Update and ‘Update Now’.
Come comment on this article: HTC to roll out Eye Experience update to Canadian One (M8) tomorrow
As Verizon’s reign of exclusivity over Sony’s SmartWatch 3 has now come to an end, residents in the United States can pick up Sony’s smart watch offering from the Play Store for $249. The device is currently listed as ‘in stock’ and will ship within 1-2 business days, so if you order today with Standard Delivery, it should be with you no later than Friday, November 14.
For those unfamiliar with the SmartWatch 3, it’s the latest Android Wear watch to hit the market, and it looks like it’s going to be one of the most successful. The unit sports a premium design, includes support for a truckload of different watch faces, and incorporates a ton of dedicated applications — all available to download through its official companion app.
If you like the sound of the Sony SmartWatch 3 and want to grab one up via the Play Store — hit the source link below.
Source: Play Store
Come comment on this article: Google Play now listing Sony SmartWatch 3 for $249
According to a report published by the International Business Times earlier today, HTC is expected to unveil the successor to its current flagship smartphone, the One (M8), at next year’s Mobile World Congress conference in Barcelona, Spain.
The handset, dubbed the One (M9), is rumored to feature some pretty impressive specifications, including a 5.2-inch 2K AMOLED display with a resolution of 1440 x 2560 pixels, a Snapdragon 805 CPU, 3GB of RAM, 64GB of internal storage (expendable up to 128GB via microSD) and IP67 certification.
Similar to all of HTC’s recent flagships, the device will consist of an aluminium unibody design and the revolutionary BoomSound speakers we’ve grown to love. Out of the box it will run the latest build of Android 5.0 Lollipop skinned with the Taiwanese company’s Sense 7 user interface, and support for 64-bit computing.
Are you excited to see what HTC has up its sleeve for its next flagship smartphone? Be sure to let us know your thoughts in the comments section down below.
Come comment on this article: HTC One (M9) to be unveiled at MWC next year with some stellar specs
Looking to save on your next Android smartphone, tablet, or accessory? Maybe you’re in the market for some new apps, games, or services. Whatever the case, we’ve got your back.
Check out the following hand-picked list of deals and steal which covers a whole range of products. Sure, some of this bleeds a little bit out of the area of Android, but we don’t think you’ll mind. See something out there that’s worth sharing? Drop us a line!
Hurry, many of these are limited-time sales and can disappear at any moment!
Note that prices generally reflect a two-year service commitment and that occasionally existing subscribers will have a different cost. Also, some outlets employ their own terms and conditions.
- Moto X (2014) – $50
- LG G3 – $50
- Save $100 on Droid Turbo when trading in old smartphone (requires two-year contract)
- Verizon’s official promotions
- Amazon Fire Phone with 1 year of Amazon Prime – $.99 (with two-year service agreement)
- Samsung Galaxy S5 $79.99
- Samsung Galaxy S4 $.01
- AT&T’s current Special Offers promotions
- Samsung Galaxy S5 16GB (Sprint) $79.99
- HTC One M8 Harman/Kardon Edition $.01
- LG G2 $.01
- Sprint will cover your cancellation fees up to $350 per line (EXPIRES JAN 1 2015)
- Alcatel One Fierce Prepaid Phone – Silver (T-Mobile) $98.68 (40% OFF)
- T-Mobile’s official current deals
Unlocked or No-Contract
- Refurbished 8GB Nexus 4 with white bumper case ($129.99)
- Refurbished 16GB Nexus 4 with white bumper case ($149.99)
- BLU Studio 5.0 LTE unlocked ($171.63)
- BLU Studio 6 HD unlocked ($187.81)
- HTC Desire 816 (Virgin Mobile $232 (35% OFF)
- LG Optimus F3 (Virgin Mobile) $57.48 (68% OFF)
- Samsung Galaxy S3 (Boost Mobile) $185 (54% OFF)
- Moto G (Boost Mobile) $74.97 (42% OFF)
- LG Volt (Boost Mobile) $79.99 (60% OFF)
- Alcatel One Fierce Prepaid Phone – Silver (T-Mobile) $98.68 (40% OFF)
- Samsung Galaxy S4 for $1 through Best Buy
- Acer 13 Chromebook with Tegra K1 $249.00 (17% OFF)
- Samsung – 11.6″ Chromebook $199 ($50 OFF)
- HP – 11.6″ Chromebook Wi-Fi + 4G LTE $199 ($100 OFF)
- CHOE Qi Wireless Charger Charging Pad for $22.99 (67% OFF)
- Save 50% on Fitbit Zip
- Active Wrap Bluetooth headphones for $24
- Pre-Order Exclusive: The Limited Edition Code Black Drone + HD Camera for $89 (55% OFF)
- SanDisk Ultra 64GB MicroSDXC for $31.99 (68% OFF)
- Samsung 32GB microSD $16.40
- Icon Bluetooth speaker for $20 (80% OFF)
- Save 70% or more with these portable speakers
- Save up to 25% on Bluetooth headsets through Amazon
- Price drops for a wide selection of accessories through Expansys
- Buy a Nexus 4 (8GB) and Nexus 7 (16GB) for $189.99
Other awesome stuff
- Amazon’s Countdown to Black Friday Deals
- Free two-month Hulu Plus or three-month Google Play Music All Access for Chromecast
- Unlimited Cloud Storage for Amazon Prime members
- Amazon Deal of the Day page
- Target’s upcoming Black Friday deals
- Receive six months of Google Play Music All Access with the purchase of a Nexus 6 (EXPIRES JAN 31, 2015)
The post Kick-ass mobile deals and steals (smartphones, tablets, games, and more) appeared first on AndroidGuys.
If you think that knitting tends to be boring outside of the occasional yarnbombing, you’re in for a pleasant surprise. Researchers at the Manchester School of Art have been working on hybrids of 3D printing and knitting that literally add a new dimension to clothes. Their approach adds interlocking 3D printed loops that add dashes of color and texture while remaining flexible enough to wear. The early creations (like what you see above) won’t win any fashion awards, but they hint at what’s possible — you could turn a relatively ho-hum sweater into a conversation piece. It’ll probably be a long, long while before you can buy one of these material mash-ups at the local store, but you can swing by the Knitting Nottingham exhibition before November 28th if you want to see them in person.