Tag Archives: Android

Chromebox

Hi
Looking for a Chromebox which is i3 or higher.

Also a preference for one which has or will be getting android apps

Thanks

Location: Cent Ldn

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should…

Chromebox

Google got faster pulling bad Android apps from Play Store

Google wants to reinforce that the Play Store is the safest place for Android users to get apps with a new set of stats on how its efforts to block bad Android apps have improved.

Andrew Ahn, product manager for Google Play, said the company has “halved the probability” of users installing bad Android apps and also made the Play Store “a more challenging place for those who seek to abuse the app ecosystem for their own gain.”

“In 2017, we took down more than 700,000 apps that violated the Google Play policies, 70% more than the apps taken down in 2016. Not only did we remove more bad apps, we were able to identify and action against them earlier,” Ahn wrote in a blog post. “In fact, 99% of apps with abusive contents were identified and rejected before anyone could install them. This was possible through significant improvements in our ability to detect abuse — such as impersonation, inappropriate content, or malware — through new machine learning models and techniques.”

Liviu Arsene, senior e-threat analyst at Romania-based antimalware firm Bitdefender, said it is “commendable that Google is going through great lengths to optimize be malicious app bouncing process,” considering the more than 3.5 million apps in the Play Store.

“However, malware developers don’t necessarily have to submit ‘bad Android apps’ when they can simply create something that’s barely functional with the sole purpose of getting past the vetting process. Some apps may offer deceptive descriptions and functionalities just to get installed on devices, from which they can request all sorts of permissions for tracking users or for bombarding them with ads,” Arsene told SearchSecurity. “There have been instances where apps walk a very fine line between complying with Google’s advertising policy and spamming users with nag screens, browser redirects, and unsolicited pop-ups just for the sole purpose of generating revenue for the developer. While, granted, they don’t install malware or pilfer personal data, some of them can still be borderline legitimate.”

Will the Play Store catch all the bad apps?

A Google spokesperson told SearchSecurity that there will always be a chance for bad Android apps to slip through because “they evade detection in a sneaky way, or seem to be very borderline cases,” and in those cases Google relies on analyzing how apps are being distributed, monitoring user community flagging and reviewing data from post-install Google Play Protect scans in order to take action on a potentially harmful app.

“Apps submitted to Google Play are automatically scanned for potentially malicious code as well as spammy developer accounts before they are published on the Google Play Store. To complement that effort, we recently introduced a proactive app review process to catch policy offenders earlier in the process, while still ensuring that developers can get their apps to market as soon as possible — in a matter of hours, not days or weeks,” the spokesperson said. “During that process, apps are specifically reviewed for compliance against our Google Play Developer Content Policy and Developer Distribution Agreement, which prevents things like apps that are impersonating legitimate companies or deceptive behavior.”

Arsene applauded the work done by Google to block bad Android apps “because Android is one of the most popular operating systems.”

“Some built in app scanning features even let users know if they’ve downloaded something malicious from a third-party marketplace, which acts as an additional line of defense,” Arsene said. “However, it’s recommended that everyone owning an Android device, regardless if they install apps from official marketplaces or not, install a mobile security solution as it will have the ability to protect them from much more than just malicious apps, but also against web-based attacks and other online threats.”

Android KRACK flaw patched in latest security update

Google’s latest security update included the patch for the Android KRACK Wi-Fi flaw, but it is unclear when users will see the fix rolled out to devices.

When researchers first disclosed the KRACK vulnerability, they made it clear that the attack was “exceptionally devastating against Linux and Android 6.0 or higher” because those systems could be “tricked into (re)installing an all-zero encryption key.”

The November security update from Google included the patch for the Android KRACK flaw and fixed the issue for versions 5.0.2 through 8.0 of the mobile OS. However, users have already seen issues with the rollout.

The Android KRACK patch was part of the security patch level 2017-11-06 released by Google, but the November release was also split into patch levels 2017-11-01 and 2017-11-05. Google’s own Pixel and Nexus devices were first to receive a rollout, but some users reported getting the 2017-11-05 patch level, which meant the Android KRACK flaw was not fixed.

Users on Twitter expressed confusion about Google pushing the patch level that did not remediate the KRACK vulnerability, and the CopperheadOS Twitter account provided a possible explanation.

“They have the wpa_supplicant patches in the release for Pixels today marked EMR but they appear to have reverted the patch level back to 2017-11-05 so there’s probably something missing outside wpa_supplicant,” CopperheadOS wrote on Twitter. “It’s only in the branch for 2nd generation Pixels so it’s not really patched in AOSP when none of the branches has the patches without them being reverted. For most devices, they’ll only get it with 2017-12-01.”

Android KRACK around the ecosystem

Normally, users have to wait until Google adds a patch to the Android Open Source Project repository before hardware manufacturers can begin work to push the fix, but with the Android KRACK flaw manufacturers appear to have begun the work to fix the issue before Google.

Manu Kumar Jain, vice president and managing director of Xiaomi India, announced its patch three days before Google.

Samsung also confirmed its November 2017 security update will include the Android KRACK patch, but the rollout of the update had not yet begun at the time of this post.  

The original researchers who discovered KRACK were initially praised for disclosing the issue beforehand to allow major manufacturers time to create patches, but it is unclear when Google was informed of the issue.

Fake WhatsApp app downloaded 1 million times

Android users were tricked by a convincing fake WhatsApp app listing in the official Google Play Store, but one expert said this incident shouldn’t take away from confidence in the safety of the Play Store.

The issue was first revealed on the r/Android subreddit and showed a fake WhatsApp app listing in the Google Play Store that had the developer name appearing to be the real WhatsApp Inc. Redditor “E_x_Lnc” first posted about the fake listing, noting it used a Unicode character that mimicked a blank space after the name in order to bypass Google’s malware scanner and was invisible unless someone looked at the code itself.

There were some minor red flags on the fake WhatsApp app listing that redditors pointed out though. First, while 1 million downloads may seem impressive, the real WhatsApp has been downloaded more than 1 billion times. The fake WhatsApp app listing also contained the tag claiming the app contained ads, which the real app does not. Finally, the real WhatsApp listing bears the “Verified by Play Protect” branding from Google.

What the fakeout means

Liviu Arsene, senior e-threat analyst at Romania-based antimalware firm Bitdefender, said using Unicode characters to impersonate a brand name and the fake WhatsApp app itself should never have made it past the Google Bouncer malware scanners.

“Malicious app developers have proven to be very resourceful in the past, and this incident with WhatsApp is no different,” Arsene told SearchSecurity. “It’s worth noting that before actually installing an application users should also go through the comments section to see if others reported any abnormalities with it or even doing a little research regarding the developer’s name and what other apps has he published, to spot any potential issues.”

According to redditor “dextersgenius”, the app itself was little more than an ad-wrapper, and once installed it tried to hide itself by having a blank icon and no title.

Malicious app developers have proven to be very resourceful in the past, and this incident with WhatsApp is no different.
Liviu Arsenesenior e-threat analyst at Bitdefender

Arsene said “adware itself is not always malicious,” which may be why this fake WhatsApp app wasn’t caught earlier.

“Benign apps have been smuggled before in Google Play, only to be later updated with malicious components — even if for a short period of time,” Arsene said. “However, malicious behavior that involves data exfiltration and remote control of the device is a lot easier to spot that simply deciding whether or not an ad-displaying app is too intrusive.”  

Despite this incident, Arsene said Android users should still see the Google Play Store as the safest place to get apps.

“The general line for Android safety remains downloading apps from Google Play, mostly because these incidents where malware or aggressive adware makes it in their marketplace are sufficiently rare and quickly handled,” Arsene said. “However, it’s more than recommended to also rely on a security solution for mobile devices, as security vendors are in the business of scrutinizing apps more aggressively for keeping users safe.”

Wanted – SSD > 120gb

Need a SSD for building android and the like.

The HDD isnt cutting it anymore.

It has to be bigger than 120gb. 120gb doesn’t have have enough space after OS installation.

Something cheap would be great.

Location: Oldham

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Wanted – SSD > 120gb

Need a SSD for building android and the like.

The HDD isnt cutting it anymore.

It has to be bigger than 120gb. 120gb doesn’t have have enough space after OS installation.

Something cheap would be great.

Location: Oldham

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Wanted – SSD > 120gb

Need a SSD for building android and the like.

The HDD isnt cutting it anymore.

It has to be bigger than 120gb. 120gb doesn’t have have enough space after OS installation.

Something cheap would be great.

Location: Oldham

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Six new vulnerabilities in Android bootloaders uncovered

Researchers found six previously unknown vulnerabilities in Android bootloaders from some widely used manufacturers.

A team of nine computer scientists presented their findings at the USENIX conference in Vancouver, B.C., as well as the tool they developed to uncover these vulnerabilities. The tool is called BootStomp and is designed to search for vulnerable bootloaders.

“The goal of BootStomp is to automatically identify security vulnerabilities that are related to the [mis]use of attacker-controlled nonvolatile memory, trusted by the bootloader’s code,” the team explained in their paper, “BootStomp: On the Security of Bootloaders in Mobile Devices.”

“In particular, we envision using our system as an automatic system that, given a bootloader as input, outputs a number of alerts that could signal the presence of security vulnerabilities. Then, human analysts can analyze these alerts and quickly determine whether the highlighted functionality indeed constitute[s] a security threat.”

Bootloaders, they said, “help ensure the Chain of Trust (CoT),” which monitors the integrity of each stage of the boot process. Bootloaders are supposed to remain untouched even when attackers have control over the device’s OS and should protect the CoT.

With BootStomp, the experts found six new flaws and one already-known flaw in Android bootloaders from four different vendors. Of the six new flaws, five have been acknowledged and confirmed by the vendors. The five confirmed Android bootloaders are for the Huawei/HiSilicon chipset, the Nvidia Tegra chipset, the MediaTek chipset, Qualcomm’s new LK bootloader and Qualcomm’s old LK bootloader.

The already-known vulnerability, CVE-2014-9798, was on the old Qualcomm LK bootloader and helped the team confirm that BootStomp was working properly.

“Some of these vulnerabilities would allow an adversary with root privileges on the Android OS to execute arbitrary code as part of the bootloader,” wrote the research team. “This compromises the entire chain of trust, enabling malicious capabilities such as access to the code and storage normally restricted to TrustZone, and to perform permanent denial-of-service attacks (i.e., device bricking). Our tool also identified two bootloaders that can be unlocked by an attacker with root privileges on the OS.”

The researchers also offered some possible mitigation techniques in their paper for the vulnerable Android bootloaders, noting that some features already present in the hardware can be used to prevent an attacker from exploiting these vulnerabilities.

In other news:

  • Around 26,000 MongoDB databases were hacked and wiped over the weekend in a new round of ransomware attacks. Three groups of hackers are reportedly behind the attacks and have demanded 0.15 bitcoin — roughly $650 — from each victim. These attacks are being tracked by security researchers Victor Gevers and Niall Merrigan who discovered the first wave of attacks on MongoDB back in January 2017. The latest victims have received the same basic message that said, “We have your data. Your database is backed up to our servers. If you want to restore it, then send 0.15 [bitcoin] and text me to email just send your IP-address and payment info. Messages without payment info will be ignored.” The group sending this message has targeted over 22,000 MongoDB instances with this ransomware, while another group — asking for only 0.05 bitcoin — has wiped around 3,500 databases.
  • A group of Chinese researchers have developed inaudible voice control on devices that use speech recognition apps, like Apple’s Siri or Google Now. While methods to take over these devices and turn them into voice-controllable systems using hidden voice commands are already available, they are audible and not as stealthy. The team of six researchers from Zhejiang University in China have created a “completely inaudible” attack method called DolphinAttack that “modulates voice commands on ultrasonic carriers,” making the voice control impossible for humans to hear. “By leveraging the nonlinearity of the microphone circuits, the modulated low-frequency audio commands can be successfully demodulated, recovered, and more importantly interpreted by the speech recognition systems,” the researchers wrote in their paper, “DolphinAttack: Inaudible Voice Commands,” which they are due to present at the ACM Conference on Computer and Communications Security in October in Dallas. The team validated and tested DolphinAttack on speech recognition systems including Siri, Google Now, Samsung S Voice, Huawei HiVoice, Microsoft’s Cortana and Alexa. With DolphinAttack, the researchers were able to command smartphones to dial certain numbers, visit a specific website — which could be malicious — dim the screen brightness, lower the volume or put the phone in airplane mode.
  • Two more major data leaks caused by misconfigured AWS Simple Storage Service (S3) buckets have joined the growing list of recent incidents. Time Warner Cable, which used a third-party global communication software and service provider called BroadSoft, and a military contractor called TigerSwan, which used the third-party recruiting company TalentPen, are the latest victims. Time Warner Cable exposed 600 GB of files on two cloud repositories to the public. BroadSoft owned the exposed repositories, which contained SQL database dumps, code, access logs, customer billing addresses and phone numbers belonging to Time Warner Cable clients. In just one file, the records of more than 4 million clients were stored and exposed. The TigerSwan data leak exposed thousands of resumes and job applications — most containing sensitive personal information — of U.S. veterans and law enforcement officers. The data of government contractors was also exposed in the leak. Information like home addresses, phone numbers, work history and email addresses, as well as some security clearances, driver’s license numbers, passport numbers and partial Social Security numbers, were exposed to the public. These companies join the likes of Booz Allen Hamilton and the Republican National Committee, which also exposed data to the public because of a misconfigured AWS S3 bucket.

Announcing Project Rome iOS SDK

Project Rome is a platform for enabling seamless cross-device and cross-platform experiences. The philosophy behind Project Rome is simple. App experiences shouldn’t be tied to a single device any more than data should be tied to a single device. Your apps, like your data, should travel with you.

Previously, this meant switching between devices, while maintaining a single user experience, on a different Windows device. A few months ago, Project Rome features were extended to the Android platform, allowing you to start an app session on your Android phone and continue it on a Windows PC, an Xbox One or even a Surface Hub.

Now, Project Rome support is also being extended to the iOS platform. You can download the Project Rome SDK for iOS here.

Revisiting the Contoso music app

If you have been following the evolution of Project Rome, you’ll be familiar with our developer friend Paul and his example Contoso Music app. Paul was originally introduced in a blog post on Cross-device experiences to help us understand a typical Project Rome scenario.

He expanded his UWP music streaming app to run across multiple Windows devices tied to the same Microsoft Account (MSA). Using Project Rome, Paul changed how his app worked so a user streaming a song on a Windows PC could then transfer that song to his Xbox. Then, as he got ready to go out for a run, he could transfer the current playlist to his Windows Phone.

In the subsequent post, Paul developed an Android version of Contoso Music app and used the Project Rome Android SDK to allow a user to start playing a song on her Android phone and continue playing it on a Windows device when he or she got home. The Contoso Music app was now cross-platform, transferring smoothly from one platform to the next.

Extending to iOS

Let’s imagine that based on the success of his Windows and Android versions, Paul develops an iOS version of Contoso Music. When examining his telemetry after a few months, Paul sees that all his apps are doing well, like his Windows and Android versions. However, there is a common theme in the user feedback; users are finding it difficult handling device switching. So, Paul wants to enable a scenario in which a user can listen to music on the iPhone over headphones, then enter the living room and immediately switch to playing the same music over his Xbox, connected to quality speakers.

With the Project Rome iOS SDK, Paul can create a bridge between iOS devices and Windows devices in two stages:

  • The RemoteSystems API allows the app to discover Windows devices the user owns. The RemoteSystems API will allow the Contoso Music app to discover these devices on the same network or through the cloud.
  • Once discovered, the RemoteLauncher API will launch the Contoso Music app on another Windows device.

How Paul gets it done

In order for Paul’s user to switch from playing music on an iOS device to a Windows device, his app must find out about the other device. This action requires using MSA OAuth to get permission to query for devices and then attempting to discover additional devices, as shown in the diagram below.


// Asynchronously initialize the Rome Platform.
  // Pass in self as class implements the CDOAuthCodeProviderDelegate protocol.
  [CDPlatform startWithOAuthCodeProviderDelegate:self completion:^(NSError* clientError) {
                                              if (clientError)
                                              {
                                                  // Handle error
                                                  return;
                                              }

                                              // Handle success, show discovery screen
                                      }];

// Implementation of CDOAuthCodeProviderDelegate
// The Rome SDK calls this delegate method when it needs an OAuth Access Code from the application.
- (NSError*)getAccessCode:(NSString*)signinUrl completion: (void (^)(NSError* error, NSString* accessCode))completion {

// Stash away the callback the SDK gives us
_getTokenCallback = completion;

  // Show the interactive OAuth Web View flow.
  // Once the OAuth flow completes or fails, invoke this callback.
  ...

// Return nil as there was no error
  return nil;
}

Once initialized, Paul’s app can discover all devices in the user’s MSA device graph by initiating discovery using CDRemoteSystemDiscoveryManager. Information about discovered devices are raised through the CDRemoteSystemDiscoveryManagerDelegate protocol. In In our example, we store each discovered device within an NSMutableArray property called discoveredSystems.


// Create instance and pass ‘self’ as the delegate as it implements CDRemoteSystemDiscoveryManagerDelegate.
CDRemoteSystemDiscoveryManager* remoteSystemDiscoveryManager = [[CDRemoteSystemDiscoveryManager alloc] initWithDelegate:self];

// Start discovery.
[remoteSystemDiscoveryManager startDiscovery];

// CDRemoteSystemDiscoveryManagerDelegate implementation
- (void)remoteSystemDiscoveryManager:
            (CDRemoteSystemDiscoveryManager*)discoveryManager
                             didFind:(CDRemoteSystem*)remoteSystem {
  @synchronized(self) {
     [self.discoveredSystems addObject:remoteSystem];
      // Refresh UI based upon updated state in discoveredSystems e.g. populate table
   }
}

- (void)remoteSystemDiscoveryManager:
            (CDRemoteSystemDiscoveryManager*)discoveryManager
                           didUpdate:(CDRemoteSystem*)remoteSystem {
  NSString* id = remoteSystem.id;

// Loop through and update the Remote System instance if previously seen.
  @synchronized(self) {
    for (unsigned i = 0; i < self.discoveredSystems.count; i++) {
      CDRemoteSystem* currentRemoteSystem =
          [self.discoveredSystems objectAtIndex:i];
      NSString* currentId = currentRemoteSystem.id;

      if ([currentId isEqualToString:id]) {
        [self.discoveredSystems replaceObjectAtIndex:i withObject:remoteSystem];
        break;
      }
    }

       // Refresh UI based upon updated state in discoveredSystems e.g. populate table
  }
}

The user can now select the device he wants to transfer music to from the list of devices that have been discovered. From the selected CDRemoteSystem, an instance of CDRemoteSystemConnectionRequest is instantiated as shown in the sequence diagram below. Using CDRemoteLauncher, Paul is then able to remotely launch the app on the selected device while also including necessary additional contextual information, such as the song currently playing.

Here’s how to remote-launch http://www.bing.com to your device:


// Create a connection request using the CDRemoteSystem instance selected by the user
  CDRemoteSystemConnectionRequest* request =
       // Using the RemoteSystem above, [self.discoveredSystems addObject:remoteSystem];
      [[CDRemoteSystemConnectionRequest alloc] initWithRemoteSystem:system];

NSString* url = @”http://www.bing.com”;

  [CDRemoteLauncher
           launchUri:uri
           withRequest:request
           withCompletion:^(CDRemoteLauncherUriStatus status) {
            // Update UI on launch status
            }];

Voila! Paul has easily augmented his app with cross-device support for iOS.

Wrapping up

Project Rome breaks down barriers by changing notions about what an “app” is and focusing on the user no matter where they are working or what device they are using. An app no longer necessarily means something that is tied to a given device, instead it can be something that exists between your devices and is optimized for the right device at the right time. Today, Project Rome works on Windows 10, Android and iOS. Stay tuned to see what comes next.

To learn more about Project Rome, check out the links below.