Android

The Shield: the open source Israeli Government app which warns of Coronavirus exposure

The Israeli health ministry released a smartphone app which takes location data from users’ phones in an attempt to determine if they might have been exposed to the COVID-19 Coronavirus.

Should you be worried about your privacy? Perhaps not.

Smashing Security #170: PornHub, Coronavirus apps, and remote working

It’s a self-isolated Coronavirus special as we discuss with our quarantined special guest how COVID-19 is making itself felt in the world of cybersecurity, and we offer tips on how to better protect yourself if you’re unexpectedly working from home.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with Graham Cluley and Carole Theriault, joined this week by Malicious Life’s Ran Levi from his attic.

Malicious Coronavirus victim tracking app demands ransom payment from Android users

A malicious Android app that pretends to warn users about those nearby infected with the COVID-19 Coronavirus actually locks devices, and demands a $100 payment in Bitcoin.

Android anti-virus products put to the test – which are the best at stopping new malicious apps?

If there’s one clear message you can take away from the latest real-world test of Android security products, it’s that relying upon Google to protect your smartphone isn’t really good enough.

bitdefender.com

Over one billion Android devices at risk as they no longer receive security updates

More than one billion Android devices are at risk of being hacked or infected by malware, because they are no longer supported by security updates and built-in protection.

That’s the conclusion of an investigation which found that at-risk smartphones are still being sold, despite the range of malware and other threats to which they are vulnerable.

Read more in my article on the Hot for Security blog.

ToTok chat app tells users to ignore Google’s spyware warning

Google is warning users that ToTok is unsafe. ToTok says that users shouldn’t trust Google’s warning…

Teenage girls tempt Israeli soldiers to install spyware for Hamas

It’s not the first time Israeli soldiers have been targeted with Hamas honeytraps to infect their smartphones with spyware.

Android users at risk from Bluetooth hijack attack, and are warned of “short distance worm” threat

Hackers could exploit a flaw on unpatched Android 8.0 and 9.0 phones to run malicious code such as a worm, with no user interaction required.

Win $1.5 million hacking an Android phone

If you can crack the security of the Titan M chip found on the Google Pixel 3, Pixel 3a, and Pixel 4 smartphones, you could be in for a big reward…

bitdefender.com

Millions of Android phones may be vulnerable to camera spying vulnerability

Security researchers have uncovered a vulnerability in Android smartphones that could allow an attacker to secretly take photos and record videos without any permissions being granted.

Read more in my article on the Hot for Security blog.

About the “easy to hack” EU Exit: ID Document Check app

The British Home Office’s app for EU citizens applying to live and work in the UK post-Brexit “could allow hackers to steal phone numbers, addresses and passport details.”

But is this something worth losing any sleep over?

About that “Any fingerprint can unlock your Samsung Galaxy S10” report

Plenty of headlines are warning about anyone’s fingerprint being able to unlock a Samsung Galaxy S10, but I’m not sure it’s quite as simple as that…

Smashing Security #144: Google helps the FBI, Twitter Jack’s hijack, and car data woes

Should Google really be helping the FBI with a bank robbery? What’s the story behind the Twitter CEO claiming there’s a bomb in their offices? And how much does your car really know about you?

And we mourn the loss of Doctor Who legend Terrance Dicks…

Earn $2.5 million if you find a remote zero-day exploit for Android

A vulnerability broker is offering up to $2.5 million for zero-day remote exploits which would allow attackers to infect a remote Android smartphone with malware, with no user interaction required. But who will they then sell exploits to?

bitdefender.com

Google’s bug bounty bid to make big Android apps more secure

Google’s bug bounty has been expanded to not only covers the firm’s own products, but additionally all apps in the official Google Play store which have had 100 million or more installs.

Read more in my article on the Hot for Security blog.

500,000 Monzo banking customers told to change their PINs

Mobile-only bank Monzo has apologised for a gaffe which left the PINs of a subset of its customers exposed to its internal engineers.