Category: android

Auto Added by WPeMatico

PIN-Stealing Android Malware

Posted on By infossl
android, banking, biometrics, malware, pins, Security technology, Uncategorized

This is an old piece of malware—the Chameleon Android banking Trojan—that now disables biometric authentication in order to steal the PIN: The second notable new feature is the ability to interrupt biometric operations on the device, like fingerprint and face unlock, by using the Accessibility service to force a fallback to PIN or password authentication. … Read More “PIN-Stealing Android Malware” »

Leaked Signing Keys Are Being Used to Sign Malware

Posted on By infossl
android, keys, leaks, malware, Security technology, Uncategorized

A bunch of Android OEM signing keys have been leaked or stolen, and they are actively being used to sign malware. Łukasz Siewierski, a member of Google’s Android Security Team, has a post on the Android Partner Vulnerability Initiative (AVPI) issue tracker detailing leaked platform certificate keys that are actively being used to sign malware. … Read More “Leaked Signing Keys Are Being Used to Sign Malware” »

Differences in App Security/Privacy Based on Country

Posted on By infossl
academic papers, android, censorship, data collection, geolocation, privacy, Security technology, Uncategorized

Depending on where you are when you download your Android apps, it might collect more or less data about you. The apps we downloaded from Google Play also showed differences based on country in their security and privacy capabilities. One hundred twenty-seven apps varied in what the apps were allowed to access on users’ mobile … Read More “Differences in App Security/Privacy Based on Country” »

System Update: New Android Malware

Posted on By infossl
android, cyberweapons, gps, malware, Security technology, Uncategorized

Researchers have discovered a new Android app called “System Update” that is a sophisticated Remote-Access Trojan (RAT). From a news article: The broad range of data that this sneaky little bastard is capable of stealing is pretty horrifying. It includes: instant messenger messages and database files; call logs and phone contacts; Whatsapp messages and databases; … Read More “System Update: New Android Malware” »

Malicious Barcode Scanner App

Posted on By infossl
android, malware, Security technology, ukraine, Uncategorized

Interesting story about a barcode scanner app that has been pushing malware on to Android phones. The app is called Barcode Scanner. It’s been around since 2017 and is owned by the Ukrainian company Lavabird Ldt. But a December 2020 update included some new features: However, a rash of malicious activity was recently traced back … Read More “Malicious Barcode Scanner App” »

Android Apps Stealing Facebook Credentials

Posted on By infossl
android, credentials, facebook, google, malware, Security technology

Google has removed 25 Android apps from its store because they steal Facebook credentials: Before being taken down, the 25 apps were collectively downloaded more than 2.34 million times. The malicious apps were developed by the same threat group and despite offering different features, under the hood, all the apps worked the same. According to … Read More “Android Apps Stealing Facebook Credentials” »

Wallpaper that Crashes Android Phones

Posted on By infossl
android, phones, protocols, Security technology

This is interesting: The image, a seemingly innocuous sunset (or dawn) sky above placid waters, may be viewed without harm. But if loaded as wallpaper, the phone will crash. The fault does not appear to have been maliciously created. Rather, according to developers following Ice Universe’s Twitter thread, the problem lies in the way color … Read More “Wallpaper that Crashes Android Phones” »

Hacking Voice Assistants with Ultrasonic Waves

Posted on By infossl
academicpapers, android, apple, google, hacking, iphone, Security technology, sidechannelattacks, smartphones, video

I previously wrote about hacking voice assistants with lasers. Turns you can do much the same thing with ultrasonic waves: Voice assistants — the demo targeted Siri, Google Assistant, and Bixby — are designed to respond when they detect the owner’s voice after noticing a trigger phrase such as ‘Ok, Google’. Ultimately, commands are just … Read More “Hacking Voice Assistants with Ultrasonic Waves” »

Voatz Internet Voting App Is Insecure

Posted on By infossl
academicpapers, android, blockchain, Security technology, voting, vulnerabilities

This paper describes the flaws in the Voatz Internet voting app: “The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections.” Abstract: In the 2018 midterm elections, West Virginia became the first state in the U.S. to allow select voters to cast their … Read More “Voatz Internet Voting App Is Insecure” »

Security Vulnerabilities in Android Firmware

Posted on By infossl
android, firmware, Security technology, smartphones, supplychain, vulnerabilities

Researchers have discovered and revealed 146 vulnerabilities in various incarnations of Android smartphone firmware. The vulnerabilities were found by scanning the phones of 29 different Android makers, and each is unique to a particular phone or maker. They were found using automatic tools, and it is extremely likely that many of the vulnerabilities are not … Read More “Security Vulnerabilities in Android Firmware” »