Category Archives: Android

Broadcom Wi-Fi Chipset in Recent Devices Vulnerable to Attack

There is a proof-of-concept example code that shows a vulnerability in the firmware of two wireless chips produced by Broadcom, the BCM4325 and the BCM4329.

Some of the recent devices that have these Broadcom wireless chips are:

    • iPhone 4,
    • iPad
    • iPad 2
    • HTC Droid
    • Incredible 2
    • Motorola Droid X2
    • Some Edge model cars manufactured by Ford with built-in Wi-Fi

When executing the vulnerability the attack renders the Wi-Fi connection unusable for the duration of the attack. Once the attack is over, the device will work normally. Other features of the device are unaffected by the Wi-Fi disruption.

According to Andrés Blanco, a researcher from Core Security told Ars Technica, “The only requirement to exploit the vulnerability is to have a wireless card that supports raw inject of 802.11 frames,”

Andrés Blanco did say, “We are not sure that we could retrieve private user data but we are going to look into this,” which does make this vulnerability seem less threatening.

Android Apps Expose Personal Data Because of Flaws in SSL Implementations

German researchers analyzed a sample of 13,000 Android applications and found that more than 1,000 contained serious flaws in their SSL implementations.

The researchers from Leibniz University in Hannover and Philipps University of Marburg published this paper (PDF), showing their findings. They found that 17 percent of the SSL-using apps in their sample suffered from implementations that potentially made them vulnerable to man-in-the-middle MITM attacks.

The researchers claim they were “able to capture credentials from American Express, Diners Club PayPal, bank accounts, Facebook, Twitter, Google, Yahoo, Microsoft Live ID, Box, WordPress, remote control servers, arbitrary e-mail accounts, and IBM Sametime”.

In addition, since virus software also uses SSL, “We were able to inject virus signatures into an anti-virus app to detect arbitrary apps as a virus or disable virus detection completely.”

This issue has come about because of developers misusing the SSL settings the Android API offers.

Examples given by the researchers including apps that are instructed to trust all certificates presented to them. (There were 21 of 100 apps selected for a MITM test) of that 20 of the MITM-tested apps were configured to accepts certificates regardless of its associated hostname (for example, an app connecting to PayPal would accept a certificate from another domain). Other issues included SSL stripping and “lazy” SSL implementations by developers.

The researchers also noted that a number of apps provided insufficient feedback to users, for example, failing to tell the user whether or not it was using SSL to transmit user credentials.

ANZ to Launch NFC Payments Service in 2013

Australian banking group ANZ has begun an NFC payments trial and announced plans to launch a commercial service in 2013.

ANZ is using the Samsung Galaxy S III Android phones to conduct it’s payment trial. Last year the bank tested a microSD-based NFC solution.

According to the bank, “ANZ has selected Android based on customer feedback that their preference is for built-in NFC support rather than requiring an additional component such as an NFC-enabled cover or memory card”.

“Customers who use multiple payment cards and who would prefer to live in a cashless world will enjoy the benefits of the ANZ mobile wallet,”, according to ANZ.

“No PIN code will be required for transactions under A$100 (US$101.80), payments will be charged directly to customers’ accounts, and customers will see an electronic receipt on their mobile phone screen immediately following their transactions.”

Google Wins ‘Face-to-Unlock’ for Multiple Users Patent

Google has won a patent that will enable a user to unlock their device by pointing their face at the built-in camera, also allowing the user access to their personal profile. This “face-to-unlock” patent lets multiple users share one “computing device.”

This technology would be great on Android devices, and would be cool to see along with the support for multiple users on Android devices.

Google has recently won a few pretty cool patents that will probably be used in Android devices before too long. Read about the “Seeing With Your Hand Patent” that Google was recently granted and the “Patent for Eye Tracking-Based Unlock System”.

Eye Tracking-Based Unlock System

Eye Tracking-Based Unlock System

Android-Powered Nexus One & Nexus S to Command Small Scale Spacecraft

NASA’s Research Center, Ames, is working on a new project designed to lower the cost of launching and operating small satellites. These specific satellites are Low Earth Orbit (LEO). This will use the Android-powered phones the Nexus One and the Nexus S to command the spacecraft.

The project is know as PhoneSat, and it will launch two different satellites into LEO orbit, both with different goals.

First there is PhoneSat 1.0 and it is based on the Nexus One. The one and only primary goal for PhoneSat 1.0 is to stay alive, meaning it is designed to test if the smartphone can operate for a reasonable amount of time while in space. The Nexus One is to use it’s camera to take pictures and send them back to Earth with other general information about the spacecraft. There will be an external radio beacon in place to indicate the satellite itself is ok and intact. This also is because if the signal is being received from the beacon and no signal is being received from the Nexus, then the problem is with the Nexus and not the spacecraft, there is also an external device that monitors the Nexus One and reboots it if the flow of data stops.

Google Nexus One

Google Nexus One

Second there is PhoneSat 2.0 which will be based on the Nexus S. Phone 2.0 will also feature additional hardware over PhoneSat 1.0. It will have solar panels so it will operates for a longer period of time, and scientist will be able to send commands to PhoneSat 2.0 because it has a two way radio. The last feature is PhoneSat 2.0 will have magnetorquer coils and reactions wheels, these are devices that will allow the satellite to orient itself and maintain proper position using electricity from the solar panels.

Google Nexus S

Google Nexus S

PhoneSat is part of a larger NASA program, the Small Spacecraft Technology Program, which has a goal to leverage the incredible technological advances in consumer technology to create cheaper spacecraft.

According to Ames engineer Chris Boshuizen “Your cellphone is really a $500 robot in your pocket that can’t get around. A lot of the real innovation now happens in entertainment and cellphone technology, and NASA should be going forward with their stuff.”

The hardware that these devices contain does make sense why they are perfect for this kind of project. They have GPS, cameras, compass, gyroscope, microphone and so on. To save weight the screens and cases will be removed and the batteries replaced with something more powerful and designed for the adventures.

Another reason why this makes sense to use Google’s Android OS is because it is open source and can be configured however NASA desires. NASA can modify the source code of the OS they want on the devices and then flash it to their satellite.

In 2010 a group of engineers put two Nexus One devices into high altitude rockets to see if they could handle the extreme forces of launching. One of the Nexus One devices was destroyed when its parachute did not deploy, but the other Nexus One landed and was in perfect working condition. Both devices recorded data during the entire ride.

Watch this Youtube Video Here

Android-Powered Smart TV From Tencent and TCL

The above image is a 26-inch Android-powered Smart TV From companies Tencent and TCL. It is called the “Ice Screen”and it is the first large screen mobile entertainment smart cloud product in the world.

Some major features included are:

    • Large portable screen
    • High-definition video communications
    • Stylish music and photo album
    • High-speed video player

It is powered by a dual-core Cortex A9 1GHz processor with a Mali 400 GPU for graphics, 4GB of RAM, a microSD slot, USB and HDMI connectivity, 1366 x 768 resolution Wi-Fi and a 3.5mm headphone jack.

The launch date is September 3rd, it is going for roughly $315. You can read the press release Here.

Source: Ubergizmo

Android Malware Becoming a ‘Big Problem’, But How Big?

The amount of malware creeping onto Google’s Android devices is bad any way you look at it, and it is only getting worse and increasing. Especially with new users activating Android devices everyday there’s no way cybercriminals are going to slow down there attacks on the mobile platform anytime soon.

So just how bad has the malware become on Android devices? In a “Q2 IT Threat Evolution” report by Kaspersky Lab, a Russian security firm, this is a really big problem.

According to their report the amount of Android Malware has gone up threefold in the second quarter of the year. During that quarter “over 14,900 new malicious programs targeting this platform were added to Kaspersky Lab’s database”.

“In the near future, we expect not only more malware, but more effective and dangerous malware targeting Android. Judging from existing trends, we should expect that cybercriminals will soon shift to more personalized attacks. This is primarily about malware hunting for confidential data with which to steal money from users’ credit cards”, said Yuri Namestnikov, Senior Malware Analyst at Kaspersky Lab.

On the other hand, there is Finnish security firm F-Secure that believes the problem is not has bad as they see it at Kaspersky Lab. According to F-Secures’ latest report, the company only found 40 new malicious Android application packages, or a 64% increase over the previous quarter.

“We received a total of 5033 malicious Android application package files (APKs), most of which are coming from third-party Android markets,” claims the report. “This amount is a 64% increase compared to the number in the previous quarter. Out of this amount, we identified 19 new families and 21 new variants of existing families”.

So regardless of the actual amount of malware that is making it’s way onto Android devices, the number is still too high. Most people really need to be more cautious when downloading applications from third-party marketplaces, and even when they are in the Google Play Store at times. Now that Google has stated they will tighten up the security on these malicious apps getting on the Google Play Store maybe we will see a decrease somewhat in the amount of malware Android users get on their devices.

Source: Forbes

Kaspersky Lab's Database Chart for Q3 2011 - Q2 2012

Kaspersky Lab’s Database Chart for Q3 2011 – Q2 2012

Dodge Ram Gets Google Nexus 7 as Entertainment System

The Google Nexus 7 Android tablet has been put into the dashboard of a Dodge Ram by the guys at Sonic Electronix.

The head unit was removed from the vehicle and the Nexus 7 replaced it and works as an entertainment center. Since the Nexus 7 is a Wifi only device there really isn’t much else you can do with the tablet other than to control music and other entertainment features. Though if you have a Wifi hotspot or if you can use your smartphone as a Wifi hotspot and your carrier allows it, you can certainly connect the Nexus 7 to the hotspot and have access to the internet, games etc.

Here is a Youtube Video of the Nexus 7 being used as a dashboard entertainment center.