An article at Internet Storm Center published yesterday warns of Malware on the HTC Hagic. Panda Security came across the infection when one of their employees baught a brand new Vodafone Android device and plugged it into their Windows based computer. Analysis of the malware revealed that it was a Mariposa bot client. In a blog post at Panda Security, researcher Pedro Bustamante said, “Here is yet another example of a company distributing malware to its userbase. Unfortunately it probably won’t be the last”.
Bustamante noted that when a colleague/friend of his hooked up the Vodafone HTC Magic to her PC, their Panda based AV software detected both an [...]
Uh oh, a security flaw that allows unauthorized access to a locked Motorola DROID has been discovered rather haphazardly by desperate folks who were locked out of their phone. After 20 incorrect tries at entering the proper unlock sequence, an Android handset will lock itself, requiring the user to enter their Google account information. Sounds nice and easy, except there is a bug in older Android phones – even when you enter the proper credentials, the phone remains locked. This desperate situation led people to try all sorts of procedures to access the phone and turn off or change the unlock sequence. Astonishingly, someone realized that you could hit the back button during a [...]
In an interesting piece at CNNMoney.com, Janice Chaffin (head of Symantec’s consumer-security software division) has speculated that the world’s largest security software maker could develop antivirus and antispyware software for Android.
“Today we’re on Windows,” Chaffin said. “We’re going to evaluate things like [ Android] as it goes forward.”
Obviously, a few boxes have to be ticked first, however. For example, Symantec are currently only “evaluating” whether to get involved and the outcome of this decision primarily rests upon whether there is a sufficient uptake of Android on more traditional laptop/computer-style devices. [...]
We’ve been hearing buzz that T-Mobile UK has released another firmware update that addresses a security hole found in the recently released Android 1.5 “Cupcake” update for the T-Mobile G1.
Phandroid.com has posted a list of user reports that appear to back that up.
We have no other information at this time, but this certainly would help explain why T-Mobile USA chose to delay its own Cupcake update.
Over at Google Code a new application has shed its covert cover and made its way into the lime light. Secrets For Android is a new way to store and manage sensitive information such as password, social security numbers and, well, secrets. Apart from offering Android users all of the above, the application servers another function too; all of the source code is available on the Apache 2.0 licence, so you can examine the code yourself, or modify it to your needs. Specifically, the source code illustrates how “applications can perform file I/O, use the crypto APIs, and do some simple 3-D view animation”.
When you install and start Secrets for the first time, you are [...]
ReadWriteWeb’s Sarah Perez points out a Forbes story about a security hole in the Android OS platform that is so severe, multiple security experts are claiming that the Android web browser had best be avoided until a fix is sent out to users.
A fix that, Sarah Perez claims, has been available for some time, sitting in Google’s source tree repository since February 7th.
According to the original Forbes piece, the security flaw is supposedly found in code that Packet Video contributed to the Android project’s web browser. The flaw would allow a malicious website and hacker to take over the Android browser to the extent that login IDs and passwords could [...]
Mocana, one of the top 100 privately-held technology companies in North America, have released NanoPhone suite for the Android. NanoPhone is the “most comprehensive open standards-based security suite for developers building to the Open Handset Alliance’s Android specifications”. In short, this product tightens Androids loose skin, especially in and around the area of Internet connectivity.
A secure browser and malware/virus protection are just two of the features included in the suite for Android. However, perhaps the most important aspect of the product (especially for enterprise consumers) is the inclusion of a VPN client.
Mocana state that Android has [...]
Apparently, a bunch of users at Android Community are experiencing a hack that redirects them from the Yahoo! homepage to a site that sells anti-virus software. Are you experiencing this as well? Leave a comment below!
One of the main concerns of Android being open-source is the security. In the future, we hope that Google will be able to identify and deal with these issues before these exploits become widespread and cause any real damage.
[via Android Community]
A team of security researchers that includes former NSA computer security specialist Charles A. Miller have found a flaw in the Android platform’s Webkit based web browser.
The security flaw would allow a malicious website to install an application within the browser that could do things such as monitor keyboard input for login IDs and passwords when the user visits other websites. Google was quick to point out that all applications in Android operate inside a security sandbox that keeps a breach in one app from providing access to other parts of the phone. As such, the browser flaw could not be used to directly tamper with another part of the smartphone.