Samsung announces a fix for wide-reaching Galaxy keyboard exploit
Samsung is finally responding to a major security bug that affects the keyboards on its Galaxy smartphones and tablets. The security firm NowSecure revealed the exploit earlier this week, which gives hackers the ability to execute code on Samsung’s mobile devices. Today, Samsung announced that it’s issuing a fix to its mobile security policies over the next few days. The company also stressed that it didn’t think the exploit wasn’t much of a threat, since it required a hacker being on an unsecured network with your phone. Also, the company’s Knox security software offers kernel protection to prevent malicious code from running. Still, this isn’t the sort of exploit any company can ignore, especially when a research firm has already detailed exactly how it works.
Samsung says most of its users have Knox enabled by default and will get a prompt to apply a new security policy automatically. The company is also working on issuing an expedited firmware update to protect devices that don’t have Knox enabled already.
You can make sure your phone is ready to receive the security update by following Samsung’s instructions below:
Go to Settings > Lock Screen and Security > Other Security Settings > Security policy updates, and make sure the Automatic Updates option is activated. At the same screen, the user may also click Check for updates to manually retrieve any new security policy updates.
So what happened? NowSecure noted Samsung’s implementation of SwiftKey’s predictive keyboard left a major opening for an exploit. The firm also made it clear the issue doesn’t affect SwiftKey’s standalone apps — it was entirely Samsung’s fault, since it gave SwiftKey’s keyboard privileged user status on all of its devices.
Even worse, TechCrunch notes that Samsung was warned about the exploit months ago by NowSecure. At the time, it told the security firm that a fix was already sent to carriers. But after NowSecure discovered Galaxy S6 phones from Verizon and Sprint were still vulnerable, it decided to announce the vulnerability at a hacker conference, forcing Samsung to respond.
Filed under: Cellphones, Mobile, Samsung
Source: Samsung
Fairphone 2 debuts with a modular design based on “social values”
Amsterdam-based company Fairphone has just released its new version of its environmentally friendly modular smartphone, the Fairphone 2.
Conflict minerals that are extensively used in the mobile tech industry have been the cause of concern for many welfare and human rights organizations due to the poor and extremely harsh working conditions that miners suffer from while mining them. Fairphone’s goal was to produce a smartphone with “social values”, supporting conflict-free minerals and a safe working environment at all levels of manufacturing.
Another particularity of the Fairphone 2 is its highly modular design that lets users easily unscrew the device apart to replace components by ordering new ones. The processor, camera, and even the microphone can be replaced on the Fairphone 2, which according to the company, allows users to keep their device longer by simply swapping parts when wanting performance improvements. Unlike Google’s project Ara, the Fairphone 2 looks like a traditional phone however everything can be swapped out kind of like a desktop computer.
Here are the specs of the Fairphone 2:
- 5-inch display (1920×1080) with Gorilla Glass 3
- Qualcomm Snapdragon 801 processor
- 8MP rear camera
- 32GB of internal storage with microSD card slot
- Android 5.1 Lollipop
- Dual-SIM support
Fairphone is a promising smartphone start up whose concept looks ahead of the smartphone industry, values social morals and ethics and by doing so, hopes to build a better future. The Fairphone 2 will be available in Europe starting Autumn 2015 at a relatively high price tag of €525. (partly due to the high cost of conflict-free minerals)
Pre-orders for the Fairphone 2 will open this summer.
Click here to view the embedded video.
Source: Fairphone
Come comment on this article: Fairphone 2 debuts with a modular design based on “social values”
Deal: Baldur’s Gate, Sentinel 4: Dark Star and more are on sale in the Play Store
Looking for a few great games that will help kill some time? You might want to head over to the Play Store to score a few premium titles for cheap. A number of games are being offered at a discount today, but we’d say the best deal of the bunch is Baldur’s Gate Enhanced Edition. It’s currently available for just $4.05 (down from $9.99), which is one heck of a deal. Other titles available for a discount include the addictive strategy game Sentinel 4: Dark Star, the fantasy-filled BattleLore: Command, racing game Colin McRae Rally and the addictive puzzler Talisman Prologue.
If you’re interested, head to the Play Store links below to check out each title:
- Baldur’s Gate Enhanced Edition – $4.05 (previously $9.99)
- Sentinel 4: Dark Star – $0.99 (previously $2.99)
- BattleLore: Command – $3.99 (previously $9.99)
- Colin McRae Rally – $0.99 (previously $1.99)
- Talisman Prologue – $0.99 (previously $2.99)
We’re not exactly sure how long these deals will last, so be sure to download them sooner rather than later!
Review: Hands-On With Olloclip’s Telephoto + Ultra Wide-Angle Active Lens and Ollocase [iOS Blog]
iPhone camera accessory maker Olloclip has been producing lenses for the iPhone 6 since shortly after the phone debuted last year, but the company recently improved its product lineup with the addition new iPhone 6 and 6 Plus cases and a new Active Lens, which combines an ultra wide-angle lens with a telephoto lens.
Olloclip’s iPhone photography accessories are some of the most popular on the market because of their quality and ease of use, and the company’s two newest products are a welcome addition to the product lineup. The iPhone 6 Ollocase works perfectly with Olloclip lenses and the Active Lens is one of Olloclip’s most versatile lenses, useful for landscapes, selfies, portraits, and shots where you need to get just a bit closer to your subject.
Ollocase
Olloclip’s lenses don’t work with iPhone cases because of the way the lenses fit over the top of the iPhone 6 or 6 Plus, leading Olloclip to create the Ollocase, a specialized case that does accommodate its lineup of camera lenses.
Olloclip first ventured into case making with the iPhone 5s, producing a two-piece plastic case that was bulky and overly complicated, but their new case for the iPhone 6 and 6 Plus is much, much improved, and it’s clear that a lot of thought went into the design.
It’s constructed from a thin polycarbonate shell that adds little bulk to the iPhone, and around the sides, it has a rubber bumper. The rubber bumper protects from minor drops and extends a bit past the display, keeping it from touching a table or desk when it’s face down. As a bonus, the flexibility also makes it easy to put on and take off if you like to swap cases often.
Read more 
What You Need to Know About Recent ‘XARA’ Exploits Against iOS and OS X
Earlier this week, researchers from several universities published a report exposing a string of security vulnerabilities in iOS and OS X. The vulnerabilities, all labeled as XARA weaknesses, let malicious apps approved on the Mac and iOS App Stores gain access to sensitive data like passwords.
The report details several methods that inter-app interaction services can use to access everything from the Keychain and Websocket on OS X to the URL scheme on iOS and OS X, giving hackers access to sensitive data, including information stored within third-party apps like 1Password, Gmail, Facebook, Twitter, Instagram, Evernote, and more.
Following the release of the report, iMore‘s Nick Arnott and Rene Ritchie have taken an in-depth look at the XARA weaknesses in a series of posts on the subject, explaining exactly what they do, how they work on iOS and OS X, and the steps that you can take to protect yourself.
The first post from iMore gives a quick overview of what XARA is, explaining that it’s a group of exploits that use malicious apps to gain access to secure information by inserting themselves into the middle of a communications chain or sandbox.
OS X, not iOS, is primarily affected by XARA exploits, and the malicious apps are able to be distributed through the Mac App Store and the iOS Store. After being downloaded, an app using XARA exploits waits to intercept data. Ritchie explains how it works:
For OS X Keychains, it includes pre-registering or deleting and re-registering items. For WebSockets, it includes preemptively claiming a port. For Bundle IDs, it includes getting malicious sub-targets added to the access control lists (ACL) of legitimate apps.
For iOS, it includes hijacking the URL scheme of a legitimate app.
iMore‘s second in-depth XARA post, written by Nick Arnott, goes into even more detail on the XARA weaknesses and details how to determine if you’ve been affected. On OS X, checking for malicious keychain entries is possible by opening the Keychain Access app, clicking on an item in the list, choosing “Get Info” and looking at the “Access Control” tab to see which apps have access to the Keychain item.
As detailed by Arnott, the only XARA exploit that affects OS devices is the one that involves URL scheme hijacking, detectable by paying careful attention to apps that open via URL scheme, as they may look slightly different than the real thing.
All that said, you can help protect yourself from URL scheme hijacking if you’re paying attention: When URL schemes are called, the responding application gets called to the foreground. This means that even if a malicious app intercepts the URL scheme intended for another app, it will have to come to the foreground to respond. As such, an attacker will have to do a bit of work to pull of this sort of attack without being noticed by the user.
In one of the videos provided by the researchers, their malicious app attempts to impersonate Facebook. Similar to a phishing website that doesn’t look quite like the real thing, the interface presented in the video as Facebook may give some users pause: The app presented isn’t logged in to Facebook, and its UI is that of a web view, not the native app.
Apple’s known about XARA for several months, and according to the researchers who shared the vulnerability with Apple, the company does appear to have tried to fix it several times without success. Avoiding the exploit is relatively simple, as Ritchie and Arnott point out. Avoiding malicious apps can be done by downloading software only from trusted developers and avoiding anything that seems suspicious.
For those interested in learning more about the XARA weaknesses, iMore‘s overview post on the exploit and the site’s more in-depth post are well worth a read.
AIVAnet 