News  Android
News  Android
Samsung Hacked Keyboard

Keyboard vulnerablility discovered back in December 2014

When you install a software keyboard in Android, you are warned it might be possible for hackers to steal your data. This is because the software running the keyboard is, well, software, and as we all know software in the hands of the bad guys can do whatever they bid it to. The nightmare scenario of a keyboard becoming infected without the users knowledge appears to be possible on certain Samsung customized versions of SwiftKey, which in total applies to 600 million devices. That's because these devices automatically query Samsung servers without the users knowledge - the keyboard app has been granted this privilege when installed at the factory.

The attack vector is the update mechanism which doesn't encrypt the updated keyboard app as it is sent to the device. This means hackers can intercept it, since it is in the clear, and replace it with their own. A man-in-the-middle exploit has been demonstrated at a recent Blackhat hacking conference in London.

News  Android
Android M

APKs to be inspected for missing files

Google has announced a change to the Android app installation process which suprised many observers because they thought it was doing it already. The change is to inspect the APK manifest of the file carrying the app to be installed, and make sure it isn't lying when it comes to describing which files it wants to install. This integrity check is useful because it can detect if the APK has been tinkered with, as is often the case with reverse-engineered packages. 

Without this check, it could be possible for "half installed" apps which would behave unpredictably., or even apps which had been repackaged having had some "phone home" security functionality removed.

News  Android
Nazi Eagle

Malware author arrested in Russia

In 2014, an estimated 350,000 Android devices were infected by a particularly nasty strain of malware known as Svpeng. Recently it was announced the Russians had arrested the 25-year old author and detained 4 of his suspected accomplices. The gang were said to be particularly fond of Nazi war symbols and memorabilia, leading to the "Nazi Zombie" virus infection tag.

This infection is serious because the gang has been esitmated to steal around $1 million to date, with over 90 percent of attacks targetting the US and the UK.

Svpeng adapts its technique

Utilising a worryingly advanced level of sophistication, the malware adapts itself over time. Originally it would pop up a window asking for credit card details when users went to Google Play, which is something every app user does all the time. Then it changed into a form of ransomware which threw up a fake but convicing FBI penalty notice demanding payment.

News  Android

DroppedIn: It's bad because it's in the SDK

A serious weakness in the Dropbox SDK for Android has been uncovered by IBM's X-Force Application Security Research Team. It's not a virus directly, but rather a security hole in the SDK for Dropbox, which is the Software Development Kit other legitimate software developers use to write apps. In other words, this hole is carried through into the apps which make use of it, and that means some big names including Microsoft Office Mobile have been affected.

Dropbox has announced it has already fixed this weakness, but of course this means all the other developers which used the compromised SDK must rebuild their apps using it, upload their fixed versions and urge their users to upgrade to them. They did stress that merely using the vulnerable SDK wasn't sufficient, the developer also had to use its OAuth/Sync functions.