Android

About that “Any fingerprint can unlock your Samsung Galaxy S10” report

Plenty of headlines are warning about anyone’s fingerprint being able to unlock a Samsung Galaxy S10, but I’m not sure it’s quite as simple as that…


2 min read

Smashing Security #144: Google helps the FBI, Twitter Jack’s hijack, and car data woes

Should Google really be helping the FBI with a bank robbery? What’s the story behind the Twitter CEO claiming there’s a bomb in their offices? And how much does your car really know about you?

And we mourn the loss of Doctor Who legend Terrance Dicks…


2 min read

Earn $2.5 million if you find a remote zero-day exploit for Android

A vulnerability broker is offering up to $2.5 million for zero-day remote exploits which would allow attackers to infect a remote Android smartphone with malware, with no user interaction required. But who will they then sell exploits to?


1 min read

bitdefender.com

Google’s bug bounty bid to make big Android apps more secure

Google’s bug bounty has been expanded to not only covers the firm’s own products, but additionally all apps in the official Google Play store which have had 100 million or more installs.

Read more in my article on the Hot for Security blog.


0 sec read

500,000 Monzo banking customers told to change their PINs

Mobile-only bank Monzo has apologised for a gaffe which left the PINs of a subset of its customers exposed to its internal engineers.


2 min read

Smashing Security #135: Zombie grannies and unintended leaks

We take a bloodied baseball bat to Android malware, and debate the merits of a social media strike, as one of the team bites the bullet and buys a smart lock for the office.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Oli Skertchly.


1 min read

bitdefender.com

La Liga fined €250,000 after Android app spied on football fans

The Spanish football league La Liga has been hit with a fine after its official Android app was found sneakily listening to people’s surroundings when soccer matches were being played.

Read more in my article on the Hot for Security blog.


0 sec read

bitdefender.com

Google Play is flooded with hundreds of unsafe Android anti-virus products

A new study has closely examined whether 250 security products for Android smartphones are capable of protecting users at all.

The results are in… and disturbing.

Read more in my article on the Hot for Security blog.


0 sec read

Smashing Security #116: Stalking debtors, Facebook farce, and a cyber insurance snag

How would *you* track someone who owed you money? What was the colossal flaw Facebook left on its website for anyone to exploit and hijack accounts? And what excuse are insurance companies giving for not paying victims of the NotPetya malware millions of dollars?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Joe Carrigan of the Information Security Institute at Johns Hopkins University.


1 min read

Patch your Android now against critical .PNG image bug

Android users are being reminded to be careful about the files they open on their smartphones, after the discovery that harmless-looking image files could be harbouring malicious code.


41 sec read

Exposed! Facebook pays teenagers to install app that harvests personal data

Since 2016 Facebook has been paying users aged 13-35 up to $20 per month to install an app which has almost unlimited limitless access to their smartphones and most sensitive data.


1 min read

Twitter exposed some Android users’ protected tweets, and didn’t notice for over four years

Twitter has owned up to a privacy goof that exposed some Android users’ private tweets.


1 min read

Ingenious! The Android malware which only triggers if you’re moving

Android malware in the Google Play Store could tell whether it was likely to be running on a genuine victim’s device or being analysed by a security team.


1 min read

tripwire.com

Unlocking Android phones with a 3D-printed head

Forbes journalist Thomas Brewster wanted to find out just how well a variety of Android phones and a top-of-the-range Apple iPhone would fare against a determined attempt to break facial recognition. And he did that by having a 3D-model printed of his head.

Read more in my article on the Tripwire State of Security blog.


0 sec read

Smashing Security #090: Fortnite for Android, and the FCC’s DDoS BS

Fortnite players are told they’ll have to disable a security setting on Android, the FCC finally admits that it wasn’t hit by a DDoS attack, and Verizon’s VPN smallprint raises privacy concerns.

All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast hosted by computer security veterans Graham Cluley and Carole Theriault, joined this week by David Bisson.


1 min read

You’ll have to disable a recommended Android security setting to install Fortnite

Encouraging Android users to download apps from non-official sources is not a good idea from the security point of view, but Epic Games wants to maximise its profits.


2 min read