Android fingerprint readers may be easier to hack than Touch ID
There’s nothing like a Black Hat Security Conference to leave you feeling exposed and vulnerable. Today’s compromise? Fingerprint readers. Security researchers Tao Wei and Yulong Zhang have exposed some pretty significant flaws in the Android fingerprint framework. The duo outlined a couple of different attacks — including malware that can bypass fingerprint-authenticated payment systems and various backdoor attacks — but the biggest offender was a “fingerprint sensor spying attack” that could remotely lift prints from affected phones. Researchers found the attack viable on both the HTC One Max and the Samsung Galaxy S5, but not on iPhone or other Touch ID devices.
The security discrepancy is pretty huge. Affected devices simply don’t do enough to lock down their fingerprint scanners, often leaving them at the mercy of higher level system privileges. Apple’s Touch ID, on the other hand, won’t give up fingerprint data without a crypto key, Zhang told ZDNet — even if an attacker has direct access to the fingerprint sensor.
The exploit is particularly troubling in light of the kind of information at stake: passwords can be changed if your credentials are compromised, but you can’t change your fingerprints. Thankfully, device manufacturers are on the case: notified vendors have already issued patches for the exploit. Keep your device updated and you should be fine.
Filed under:
Misc, Mobile, Samsung, HTC, Google
Tags: android, blackhat, BlackHatConference, fingerprint, google, htc, mobilepostcross, samsung, security, touchid
Google Fiber: next stop, San Antonio
We haven’t heard much from Google Fiber since last January, when 4 new markets were added to the list, but this doesn’t mean the team is slowing down. The Search Giant has just announced a new market will get its super fast gigabit internet – San Antonio, Texas.
This is not much to celebrate for the vast majority of us, but our fellow San Antonio techies will be glad to hear this. This market holds 1.4 million residents and is said to be one of the largest and fastest growing cities in the country. Google aims to push the industry further by offering its internet/TV services, which are both outstanding and amazingly affordable. It’s actually free for some, and even if you don’t opt for the 5 Mbps, $70 a month for 1 Gbps is insanely cheap!
Regardless, it will still be a while before we see Google Fiber actually launching in San Antonio, as they have yet to enter the design phases.
“We’ll work closely with city leaders over the next several months to plan the layout of over 4,000 miles of fiber-optic cables—enough to stretch to Canada and back—across the metro area.” -Mark Strama, Head of Google Fiber, Texas
Today we can honestly say Texans are very lucky. One of the first markets to get access to Google’s internet services was Austin, and now its neighbor is being blessed by what could be the best internet provider in the country. Meanwhile, California, Google’s home state, is still struggling to get in on the action! I suppose we can’t do anything but continue to wait. Interested in learning about the markets where Google Fiber is available? Here’s a neat map with all the details.
So – are any of you looking to get Google Fiber once it becomes available in San Antonio? How many of you have already been enjoying it? Hit the comments and share your thoughts with us!
How is Google fixing the Stagefright vulnerability that affects 95% of all Android phones?
The Stagefright vulnerability is likely the biggest Android security scare we have seen in a years. And of course, this exploit leaves 95% of all Android users susceptible to attacks, which could easily be triggered by using a simple MMS message.
We know Google is working hard to keep Android and all its services as secure as possible. Google’s lead Android security engineer Adrian Ludwig reminded us of a few ways the Search Giant keeps us safe from hackers, just some days ago. He then took the stage at cybersecurity conference BlackHat, where he specified what Google is doing to fix this specific weakness in the Android ecosystem. Let’s dig into the details!
Security updates pushing out today!
Ludwig mentions the MountanView-based company has started sending out security fixes to Nexus devices this Wednesday, something we reported on today. In addition, these improvements have been sent out to all partners, allowing manufacturers to send out their necessary OTA updates.
It shouldn’t take long before all major smartphones get the highly anticipated upgrade. Google states most popular phones should be ready in August. This would include devices like the “Samsung Galaxy S6 and S6 Edge, the Galaxy S5, the Galaxy Note 4 and Note Edge, the HTC One M7, One M8, and One M9, the LG G2, G3, and G4, Sony Xperia Z2, Xperia Z3, Xperia Z4, and Xperia Z3 Compact as well as all Android One devices.”
In addition, Nexus devices will get security updates every single month. Samsung is doing the same.
Android Messenger app also being improved
The main issue about the Stagefright exploit is that it required no user interaction. An attacker could gain control of your device without you viewing, downloading or interacting with the handset. Hell, you didn’t even need to pull it out of your pocket! This raised immense security concerns, of course, and Google has decided to do something about this, as well.
While it’s convenient to have MMS files automatically downloaded and displayed, such is never the safest route. In wake of these risks, Google’s official Messenger app is being updated and stripped of the ability to automatically download video files from MMS messages. Now the user will have to to click on a video in order to view it.
Wrapping up
Of course, Ludwig goes on to talk about his awesome ASLR technology, which is said to protect 90% of all Android users from vulnerabilities like Stagefright. Regardless, it was important for these issues to be addressed, and we are glad Google took things seriously and fixed everything in a timely fashion. Now we can all take a breath and continue getting those memes from our friends!
Google’s Nexus devices are getting monthly security updates
Samsung isn’t the only Android device maker promising monthly security updates in light of huge exploits like the Stagefright flaw. Google itself is vowing that Nexus devices will get monthly over-the-air patches, starting with software arriving today. If you own a Nexus 4 or any newer model, you won’t have to wait ages for these fixes to come as part of a point release. The duration of update coverage remains the same. You’ll get major OS updates for at least 2 years, and security fixes for either 3 years after launch or 18 months after your device leaves the Google Store.
This is an easier move for Google to make than Samsung, since it’s patching stock Android and doesn’t usually have to deal with the complications of carrier- or region-specific models. However, it’s also an important step that could set an example for Android partners that haven’t adopted the monthly schedule. Google clearly knows that the platform’s overall security suffers when neglectful hardware makers leave reasonably modern devices vulnerable for months (or forever, in some cases) — this tells companies that they no longer have an excuse.
Photo by Will Lipman.
Filed under:
Cellphones, Tablets, Mobile, Google
Source:
Android Official Blog
Tags: android, google, mobilepostcross, nexus, security, smartphone, stagefright, tablet, update
Google Fiber is heading to San Antonio
Perhaps as soon as next year, more than 1.4 million people in San Antonio will have another option for internet and television service.
Today, Google announced plans to move forward with Google Fiber’s expansion into its largest city yet. The reason that Google chose San Antonio for expansion is due to the “thriving tech landscape” in the city. San Antonio’s Bexar BiblioTech is the first all-digital public library and plenty of startups are calling the city home. President Barack Obama’s Tech Hire and Connect Home initiatives also have ties to San Antonio; therefore, jobs and innovation are bound to lead to a burgeoning tech scene.
Google did not say when the service will actually be available. The company must first design the fiber network over the next several months to figure out where thousands of miles of fiber-optic cables will go. After that, the people of San Antonio can experience an internet connection of 1,000 megabits per second.
San Antonio is joined by Raleigh-Durham, Charlotte, Atlanta, Nashville, and Salt Lake City as the other cities that are in the process of receiving Google Fiber’s services. This will build upon the three cities — Kansas City, Austin, Provo — where Google Fiber is already available. Google is also exploring launches in Phoenix, San Jose, and Portland.
Source: Google
Come comment on this article: Google Fiber is heading to San Antonio
YouTube is getting rid of ‘301+ Views’
When a video posted to YouTube starts to really rack up hits, the view counter has always frozen at “301+” for a while as the system checked for any robotic view count inflating shenanigans. It’s become something of an institution at the site, acting as a flag for videos that were on the verge of going viral. But that’s no longer the case. YouTube announced today that it is forgoing the 301+ freeze for a system that only counts views that they’re “confident only come from real people.” The new system is expected to provide more accurate and up-to-date numbers.
We’re saying goodbye to 301+ and hello to more up-to-date video views. pic.twitter.com/33OQuOvxcs
— YouTube Creators (@YTCreators) August 5, 2015
[Image Credit: UIG via Getty Images]
Source:
Google (Twitter)
Tags: 301, counter, google, machine intelligence, videos, views, youtube
Google commits to monthly security updates for Nexus devices
Security. We all worry about it, and we all leave our security in the hands of Google when we use Android devices. Our smartphones are continually gathering more information about us, from passwords to pictures and geotagging, to financial information such as credit card numbers and bank account numbers.
Security is absolutely crucial, and Google released an announcement today to make security a monthly update to Nexus devices after feeling the pressure from vulnerabilities in regards to libStageFright where malicious code could take over your device with just a text message.
Starting today, the Nexus 4, Nexus 5, Nexus 6, Nexus 7, Nexus 9, Nexus 10, and Nexus Player will receive OTA updates each month with security as the key focus in addition to platform updates. This week’s update does contain fixes for the libStageFright issues, and the fixes have been released to the public via the Android Open Source Project.
Nexus devices will continue to receive major updates for at least two years and security patches for the longer of three years from initial availability or 18 months from last sale of the device via the Google Store.
I have a couple concerns I have about this commitment.
1. I use a Samsung Galaxy Note Edge. I am vulnerable to the libStageFright issue until Samsung decides to update their devices. Google needs to commit to reduce fragmentation to ZERO when it comes to security. Also, considering that Google is only committing the monthly updates to their devices, my next phone HAS to be a Nexus device because I do not know the commitment Motorola, Samsung(although Samsung did respond with a new process, but they will need to prove themselves considering their poor reputation for updating their devices), LG, HTC, etc. have to fixing their devices as well. It makes me rather disturbed knowing my Note Edge is vulnerable to libStageFright when I know there is a fix for Nexus devices.
2. Google just announced a lifespan of three years for Nexus devices. I can’t imagine one single person who would want a device that is vulnerable to security threats. If Google will not commit to security beyond 3 years, or 18 months after the device is last sold in the Play Store, they are basically telling us to buy a new device every three years. No one can store anything personal on a device that is susceptible to malware.
I seriously hope Google rethinks this commitment to security patches, because I know plenty of people who use phones and tablets beyond three years. Security is one area where users are not forgiving. Mess up once, and users will probably jump ship to another mobile platform.
If you’re interested in a security review from Google, check it out at this link.
The post Google commits to monthly security updates for Nexus devices appeared first on AndroidGuys.
San Antonio is getting Google Fiber
Nearly six months after the city cleared a steeplechase-worth of legal hurdles, Google has finally announced that it will be installing its ultrafast fiber-optic network in San Antonio, Texas. Google cites San Antonio’s 1.4 million residents and thriving tech scene — including the country’s first all-digital library, the Bexar BiblioTech — as reasons for the selection. The fact that San Antonio was recently chosen for the President Tech Hire and Connect Home initiatives didn’t hurt, either. The company will spend the next few months coordinating with city leaders on how best to lay the 4,000 miles of necessary fiber-optic cable. There’s no word yet on when the 1,000 Mbps service will actually begin.
San Antonio joins Austin, Provo, and Kansas City as the only cities with Google Fiber actually installed. Nashville, Raleigh, Charlotte, Atlanta and Salt Lake City are all in talks with Google while San Jose, Portland, and Phoenix are all in the early consideration stages as well.
[Image Credit: Top – Bloomberg via Getty Images, inline – Google]
Tags: Austin, Texas, fiberoptic, google, Google Fiber, googlefiber, Kansas City, mbps, Nashville, Tennessee, Phoenix, Arizona, Salt Lake City, San Antonio, San Jose, California
Google Slides and Google Keep gain new powers
Today is Google’s update Wednesday, and it seems today’s focus is on Google Slides and Google Keep, gaining some neat new abilities.
First off, they’re is updating Slides with the ability to share presentations over video calls.
“All you need is your Android phone or tablet, and with one tap of the present button, you’ll see the option to present to a video call.“
This will certainly be helpful for the business world, where video calls and presentations occur frequently. It is already easy to use Slides with Chromecast or Airplay, or simply sharing the presentation. This feature will make things even easier.
Controlling the presentation is done through the mobile device you’re sharing the presentation from, allowing you to advance slides, view speaker notes, and use a timer
Next up is Google Keep, which can now export notes directly into Google Drive from a mobile device.
Google is always adding new things to their products to help make them more real-world-friendly, and these new features certainly add to that.
SOURCE: Google Docs Blog
The post Google Slides and Google Keep gain new powers appeared first on AndroidGuys.
Google to roll out security-focused updates to Nexus devices on a monthly basis
Just a few hours ago, we let you know that owners of the Nexus 6 and Nexus 5 should soon be receiving a security patch for the Stagefright exploit. That came as no surprise, as Nexus devices are normally among the first to receive timely OTA updates. It looks like the security patch we saw earlier today is part of a bigger initiative from Google, which the company just announced a few moments ago.
In a blog post, Google explained that from this week on, it will push out monthly security-focused over-the-air updates to Nexus devices, in addition to regular platform updates. These fixes will also be released to the public through the Android Open Source Project (AOSP). The company explains:
Nexus devices will continue to receive major updates for at least two years and security patches for the longer of three years from initial availability or 18 months from last sale of the device via the Google Store.
In addition, Google says the Nexus 4, 7, 9, 10 and Player are all receiving the Stagefright patch sometime today, as well.
Nexus in video
.rvs_wrapper
width: 350px;
.rvs_wrapper.align_left
float: left;
.rvs_wrapper.align_right
float: right;
.rvs_wrapper.align_center,
.rvs_wrapper.align_none
width: 100%;
.rvs_wrapper.align_center
text-align: center;
.rvs_wrapper.align_center.cbc-latest-videos ul li
float: none;
display: inline-block;
vertical-align: top;
.rvs_wrapper.cbc-latest-videos:not(.align_none) ul li:nth-child(2n+1)
clear: both;
.rvs_title
font-weight: 600 !important;
margin: 0 !important;
font-size: 24px !important;
.rvs_wrapper.align_right .rvs_title
padding-left: 20px;
.rvs_title a
font-family: ‘Roboto Condensed’;
color: #3a3a3a;
.rvs_wrapper.cbc-latest-videos ul
padding-top: 10px;
.rvs_wrapper.align_left.cbc-latest-videos ul li,
.rvs_wrapper.align_none.cbc-latest-videos ul li
padding: 0 15px 0 0;
.rvs_wrapper.align_right.cbc-latest-videos ul li
padding: 0 0 0 15px;
float: right;
.rvs_wrapper.align_center.cbc-latest-videos ul li
padding: 0 7px;
.rvs_wrapper.cbc-latest-videos ul li > a
font-weight: 400;
.rvs_wrapper.cbc-latest-videos ul li > a .yt-thumbnail
margin-bottom: 0;
@media only screen and (min-width : 480px)
body #page .rvs_wrapper.cbc-latest-videos ul
width: 100% !important;
@media only screen and (max-width : 480px)
body #page .rvs_wrapper.cbc-latest-videos
width: 100%;
float: none !important;
overflow-x: auto;
overflow-y: hidden;
body #page .rvs_wrapper.cbc-latest-videos ul
overflow: auto;
max-height: none;
body .rvs_wrapper.cbc-latest-videos ul li
float: left !important;
clear: none !important;
Thanks to Google’s current security measures, fewer than .15% of all Android devices that solely install apps from Google Play have a potentially harmful app installed. Obviously this is great news for Nexus owners, as this new monthly update initiative will provide more security to users than ever before.
AIVAnet 