Android fingerprint readers may be easier to hack than Touch ID
There’s nothing like a Black Hat Security Conference to leave you feeling exposed and vulnerable. Today’s compromise? Fingerprint readers. Security researchers Tao Wei and Yulong Zhang have exposed some pretty significant flaws in the Android fingerprint framework. The duo outlined a couple of different attacks — including malware that can bypass fingerprint-authenticated payment systems and various backdoor attacks — but the biggest offender was a “fingerprint sensor spying attack” that could remotely lift prints from affected phones. Researchers found the attack viable on both the HTC One Max and the Samsung Galaxy S5, but not on iPhone or other Touch ID devices.
The security discrepancy is pretty huge. Affected devices simply don’t do enough to lock down their fingerprint scanners, often leaving them at the mercy of higher level system privileges. Apple’s Touch ID, on the other hand, won’t give up fingerprint data without a crypto key, Zhang told ZDNet — even if an attacker has direct access to the fingerprint sensor.
The exploit is particularly troubling in light of the kind of information at stake: passwords can be changed if your credentials are compromised, but you can’t change your fingerprints. Thankfully, device manufacturers are on the case: notified vendors have already issued patches for the exploit. Keep your device updated and you should be fine.
Filed under:
Misc, Mobile, Samsung, HTC, Google
Tags: android, blackhat, BlackHatConference, fingerprint, google, htc, mobilepostcross, samsung, security, touchid
More photos of the Samsung Galaxy Note 5 emerge, show us the device with the screen on
(adsbygoogle = window.adsbygoogle || []).push();
This latest Galaxy Note from Samsung appears to be its worst-kept secret yet – case in point, we’ve got more photos of the Samsung Galaxy Note 5 to look at, and they even show us what part of the user interface is going to look like. The pictured device looks like it should be very nearly the finished product, and gives us a great tour of the device’s curves in fully lit photos.
As expected, the back of the device is curved, giving it the appearance of a back-to-front Galaxy S6 Edge, and should result in a better feel in the hand. Droid-life has also apparently been told that the S-Pen is going to be spring-loaded, which explains why the S-Pen appears to be flush with the bottom of the Note 5 in all the images we’ve seen.
We also get a look at the UI of the Note 5 which shows us that abstract Samsung wallpaper we’ve all be expecting as well as what looks like an updated Air Command, which will give S-Pen users even more options to play with. The source of these photos also says that the Note 5 will not have a microSD slot and will have a 3,000mAh non-removable battery. We doubt this is going to be the last we see of the Note 5 before its announcement event on August 13th.
What do you think about the photos of the Samsung Galaxy Note 5? Let us know your thoughts in the comments below.
Source: Droid-life
The post More photos of the Samsung Galaxy Note 5 emerge, show us the device with the screen on appeared first on AndroidSPIN.
Samsung puts an end to Boxee’s secret project, lays off dozens of employees
The plan for Samsung to develop a dedicated media tablet to replace the television remote has come to an end. The team working on the project, largely Boxee employees that transferred to Samsung in 2013, have been laid off as a result. The project, known internally as Perfect Experience, would have competed with Chromecast and other streaming devices while being unique.
Variety, the publication that learned of PX’s cancellation, describes what Samsung was working on:
At the center of PX, which had been in development for around two years, was a dedicated media tablet that aimed to replace the traditional TV remote. The tablet was supposed to give users access to a unified guide with listings of live TV and streaming content with a custom-built user interface that looked unlike any traditional multi-purpose mobile device, according to multiple sources familiar with the project.
Content from streaming services and television providers were among the partnerships Samsung was seeking out. Other than that, PX probably would have operated like Android TV does today. The only difference would have been the hardware and software controlling everything. Samsung likely would have had an advantage by bundling the tablet with its high-end televisions.
A debut was initially pegged for CES 2015, but delays pushed the launch to late 2015. Following even more delays, a release was forced into 2016. Variety reports that content providers were balking at Samsung’s desire to have content embedded into PX’s guide; therefore, users would have been able to skip apps entirely. Organizational conflict was also mentioned as a possibility leading to the project’s end.
Former Boxee CEO Aver Ronen was working with Samsung, too, and is among the employees that have left Samsung.
A Samsung representative commented on the report: “It is our policy to not comment on rumors, speculation or personnel matters.” The rep went on to note that the company will continue investing in areas that “enhance the Samsung experience” for consumers.
Come comment on this article: Samsung puts an end to Boxee’s secret project, lays off dozens of employees
Samsung kills Boxee’s secret tablet remote project, lays off staff
If you were hoping for Boxee’s glorious return as part of Samsung, brace yourself for crushing disappointment ahead. Samsung has reportedly cancelled the group’s next-generation remote project and laid off much of the Boxee team, according to Variety. The team’s project, dubbed internally as Perfect Experience, or “PX,” was apparently focused on developing a tablet-like remote that would sit on your coffee table and let anyone in your household search and control programming. It was supposed to include a guide that brought together both TV listings and content from streaming services. That’s something Boxee has been working towards over the course of its last two set-top boxes, the cube-like Boxee Box and the disastrous Boxee TV, whose main selling point was an (incredibly buggy) cloud DVR feature for over-the-air TV shows.
Samsung paid around $30 million for the Boxee team and its technology two years ago after the company ran out of money and the Boxee TV fell flat. Naturally, Samsung wouldn’t comment directly on the report, but a rep noted that “in order to continuously innovate, we constantly invest in areas of our business that enhance the Samsung experience for our consumers.”
As Variety tells it, Samsung initially gave the the Boxee team plenty of resources and helped them reach around 100 employees. But a combination of delays (it was supposed to debut at CES and be bundled with this year’s TVs), a lack of cooperation from content owners, who didn’t want to make their wares available directly within Samsung’s app, and general distrust from Samsung’s Korean home team led to the PX project falling apart. The idea of a tablet living room centerpiece actually makes sense today — I’ve ever warmed up to the Wii U’s gamepad — so hopefully Samsung finds some way to keep the spirit of this project alive.
Filed under:
Home Entertainment, HD, Samsung
Source:
Variety
Tags: Boxee, hdpostcross, PX, samsung
Samsung to release monthly security updates to its Android devices in wake of Stagefright exploit
A number of mobile devices on AT&T and Sprint have already begun receiving security patches for the Stagefright exploit in Android. Most of the devices that are already receiving updates are from Samsung, and that’s not a coincidence. The Korean tech company has just announced a new Android security update process that “fast tracks” security patches over the air when certain vulnerabilities are uncovered. These small updates will make their way to Samsung devices roughly once per month.
Prior to introducing this new update method, Samsung, like many other OEMs, would likely struggle to push out security patches in a timely fashion. Many security exploits are very time sensitive, so this is great news for owners of Samsung devices.
Dong Jin Koh, Executive Vice President and Head of Mobile Research at Samsung Electronics explains:
Since software is constantly exploited in new ways, developing a fast response process to deliver security patches to our devices is critical to keep them protected. We believe that this new process will vastly improve the security of our devices and will aim to provide the best mobile experience possible for our users.
Google also recently announced a new initiative that will bring monthly security OTA updates to Nexus devices, in addition to regular platform updates. The updates from Google will also be available through AOSP.
Samsung says it’s working with carriers around the world to figure out a way to best implement this new update approach, and that more details on the new method will be released soon.
T-Mobile drops the Galaxy S6/S6 Edge price by up to $200
There were talks of the Samsung Galaxy S6 and S6 Edge price being dropped and it looks like T-Mobile is the first carrier to do so.
T-Mobile has dropped the price by $100 off the 32GB and 64GB Galaxy S6 and S6 Edge. Already a good savings, but the real drop in price is for the 128GB models as they have been dropped by $200. That makes them the same price as the 64GB models.
New prices are $579 for a regular 32GB Galaxy S6 or for only $659 get the huge 128GB model. The Galaxy S6 Edge is priced at $679 for the 32GB or $759 for the 128GB. Obviously there is no point in getting the 64GB anymore.
Come comment on this article: T-Mobile drops the Galaxy S6/S6 Edge price by up to $200
AT&T and Sprint are pushing Stagefright updates to many Samsung phones
Stagefright is a new Android security vulnerability that affects millions of Android devices. It is critical it gets fixed right away. Google is pushing out an update to Nexus phones today, but now AT&T and Sprint are pushing the update to many Samsung phones.
The phones AT&T will be updating are:
- Galaxy Note 4 (N910AUCU2COC6)
- Galaxy S6 Active (G890AUCU2AU2AOF4)
- Galaxy S5 (G900AUCU4BOF3)
- Galaxy S5 Active (G870AUCU2BOF3)
Sprint will be updating:
- Galaxy S6 (G920PVPU2BOGA)
- Galaxy S6 Edge (G925PVPU2BOGA)
- Galaxy S5 (G900PVPU3BOG1)
- Galaxy Note Edge (N915PVPU4COG1)
To check for these updates, head into Settings>System update>Update now.
Source: AT&T (1), (2), (3), (4), Sprint (1), (2), (3), (4)
Come comment on this article: AT&T and Sprint are pushing Stagefright updates to many Samsung phones
AT&T and Alcatel OneTouch to issue Stagefright patches for the Idol 3, various Samsung devices
A number of Samsung devices on Sprint’s network are already starting to receive Stagefright exploit patches, along with the Nexus 6 and Nexus 5. It looks like AT&T is doing the same, as the carrier just released a series of update documents detailing the new security patches for various Samsung devices. Updates to the Samsung Galaxy S6 Active, Note 4, S5 and S5 Active should begin rolling out today, and you can find the update documents linked below:
- Samsung Galaxy S6 Active – G890AUCU2AU2AOF4
- Samsung Galaxy Note 4 – N910AUCU2COC6
- Samsung Galaxy S5 – G900AUCU4BOF3
- Samsung Galaxy S5 Active – G870AUCU2BOF3
If you’d like to check for the updates manually, head to Settings>System update>Update now.
Related Videos
.rvs_wrapper
width: 350px;
.rvs_wrapper.align_left
float: left;
.rvs_wrapper.align_right
float: right;
.rvs_wrapper.align_center,
.rvs_wrapper.align_none
width: 100%;
.rvs_wrapper.align_center
text-align: center;
.rvs_wrapper.align_center.cbc-latest-videos ul li
float: none;
display: inline-block;
vertical-align: top;
.rvs_wrapper.cbc-latest-videos:not(.align_none) ul li:nth-child(2n+1)
clear: both;
.rvs_title
font-weight: 600 !important;
margin: 0 !important;
font-size: 24px !important;
.rvs_wrapper.align_right .rvs_title
padding-left: 20px;
.rvs_title a
font-family: ‘Roboto Condensed’;
color: #3a3a3a;
.rvs_wrapper.cbc-latest-videos ul
padding-top: 10px;
.rvs_wrapper.align_left.cbc-latest-videos ul li,
.rvs_wrapper.align_none.cbc-latest-videos ul li
padding: 0 15px 0 0;
.rvs_wrapper.align_right.cbc-latest-videos ul li
padding: 0 0 0 15px;
float: right;
.rvs_wrapper.align_center.cbc-latest-videos ul li
padding: 0 7px;
.rvs_wrapper.cbc-latest-videos ul li > a
font-weight: 400;
.rvs_wrapper.cbc-latest-videos ul li > a .yt-thumbnail
margin-bottom: 0;
@media only screen and (min-width : 480px)
body #page .rvs_wrapper.cbc-latest-videos ul
width: 100% !important;
@media only screen and (max-width : 480px)
body #page .rvs_wrapper.cbc-latest-videos
width: 100%;
float: none !important;
overflow-x: auto;
overflow-y: hidden;
body #page .rvs_wrapper.cbc-latest-videos ul
overflow: auto;
max-height: none;
body .rvs_wrapper.cbc-latest-videos ul li
float: left !important;
clear: none !important;
Additionally, Alcatel OneTouch has just issued a statement claiming that it will release a Stagefright security patch to the Idol 3 on Monday, August 10th for devices in the United States. While the update will only be available in the U.S. at the start, the manufacturer claims it will roll out the update to more regions soon after the 10th.
Read more: Security firm uncovers another far-reaching Android vulnerability
Samsung ‘fast tracks’ Android security fixes with monthly updates
To ensure that your Samsung devices get timely updates when security issues arise, the company announced a new plan for the patches. Samsung is changing how it handles the security problems by fast tracking fixes via over-the-air updates which will happen “regularly about once per month.” The device maker says it worked with carriers to quickly patch the Android Stagefright flaw that let hackers access phones through MMS videos. Moving forward, Samsung will employ a similar process for beaming out updates, with a hand from carriers and other partners to make sure Android gadgets are updated as soon as possible — especially when it comes to critical issues. “Since software is constantly exploited in new ways, developing a fast response process to deliver security patches to our devices is critical to keep them protected,” explains Samsung executive vice president Dong Jin Koh. Expect to see more info on devices and update timelines in the near future.
Filed under:
Cellphones, Mobile, Samsung
Source:
Samsung
Tags: android, galaxy, mobilepostcross, samsung, security, software, update
(Update: multiple Samsung devices, too!) Stagefright patch now rolling out to the Nexus 6 and Nexus 5 as build LMY48I
- Samsung Galaxy S6 – G920PVPU2BOGA
- Samsung Galaxy S6 Edge – G925PVPU2BOGA
- Samsung Galaxy S5 – G900PVPU3BOG1
- Samsung Galaxy Note Edge – N915PVPU4COG1
The update may take a day or two to make its way to your device, but at least we now know that a fix is coming. To check for the update manually, head to Settings>System update>Update now.
Original post: According to a couple of Sprint update documents, the Nexus 6 and Nexus 5 should be receiving an update today carrying build LMY48I. The new build brings security fixes for the Stagefright flaw we first heard about a few days ago. Build LMY48I doesn’t appear to bring any fixes other than the patch for the Stagefright issue.
The Stagefright exploit is a new vulnerability found in the Android operating system that can affect devices running Android 2.2 or later. As of right now, there really isn’t anything to worry about, but we’d still advise you to check out our full explanation on the Stagefright exploit here.
While there are still no new factory images posted by Google for these devices, this is a pretty good sign that the updates should start rolling out sometime soon. Have you gotten the new update for your device? If so, be sure to let us know in the comments section down below.
AIVAnet 