security Archives – My Blog

Samsung’s Galaxy S7 and Galaxy S7 Edge are receiving December security updates. The update is being rolled out in India as well. The size of the update varies depending upon your current version and it brings the Android December security update as well as other stability improvements and bug fixes.

The Samsung Galaxy S7 is receiving software version G930XXU1BPL2 while the Galaxy S7 Edge is getting version G935XXU1BPL2. Galaxy S7 and Galaxy S7 Edge users can manually check to see if the update has arrived by going to Settings > About Device > Download updates manually.

The update also suggests some new features, but it is unknown at the moment as to exactly what those features might be.

Google earlier in December began rolling out the Android 7.1.1 Nougat update, which includes the December security patch, to Pixel, Nexus, and Android One users.

Samsung last month rolled out its ‘Galaxy Beta Program’ for Galaxy S7 and Galaxy S7 Edge users to test Android 7.0 Nougat on their devices. However, Samsung recently confirmed in a response to a user query that it will skip the Android 7.0 Nougat roll out for the devices altogether and jump directly to Android 7.1.1 Nougat.

 
[“source-ndtv”]

The Samsung Galaxy S7 is receiving software version G930XXU1BPL2 while the Galaxy S7 Edge is getting version G935XXU1BPL2. Galaxy S7 and Galaxy S7 Edge users can manually check to see if the update has arrived by going to Settings > About Device > Download updates manually.

The update also suggests some new features, but it is unknown at the moment as to exactly what those features might be.

Google earlier in December began rolling out the Android 7.1.1 Nougat update, which includes the December security patch, to Pixel, Nexus, and Android One users.Samsung last month rolled out its ‘Galaxy Beta Program’ for Galaxy S7 and Galaxy S7 Edge users to test Android 7.0 Nougat on their devices. However, Samsung recently confirmed in a response to a user query that it will skip the Android 7.0 Nougat roll out for the devices altogether and jump directly to Android 7.1.1 Nougat.

[“source-ndtv”]


Canadian mobile company BlackBerry on Friday launched a cloud-enabled mobile security platform for “Enterprise of Things” that will address entire businesses from endpoint to endpoint.

“Enterprise of Things” is defined as the network of intelligent connections and endpoints within the enterprise that enable products to move from sketch to scale.

It is a collection of devices, computers, sensors, trackers, equipment and other things that communicate with each other to enable smart product development, distribution, marketing and sales.
“Businesses must be able to confidentially and reliably transmit sensitive data between endpoints to keep people, information and goods safe,” John Chen, Executive Chairman and Chief Executive Officer, BlackBerry, said in a statement.

The platform completes the integration of the BlackBerry’s prior acquisitions of key technologies such as Good Technology, WatchDox, AtHoc and Encription, the company said.

[“source-ndtv”]


In October, Linux security researcher discovered that a nine-year old Linux kernel flaw (CVE-2016-5195) was witnessing active exploits in the wild. The flaw was dubbed “Dirty COW”, an acronym for the duplication technique called copy-on-write, and could potentially give root access of a device to the attacker within a matter of seconds. Now, Google has finally patched the critical flaw on Linux with its latest Android security update, and the patch is available for OEMs to implement on their Android devices.

The latest security update from the search giant, released alongside the Android 7.1.1. Nougat update on Monday, fixes over 50 security flaws including 11 with critical severity – including Dirty Cow. “The exploit in the wild is trivial to execute, never fails and has probably been around for years – the version I obtained was compiled with gcc 4.8,” Oester said in October. The bug was initially patched 11 years ago but the fix was later undone in another code commit.

Last month, Google was expected to patch the flaw with its security update for November but the company couldn’t patch the flaw at the time. However, Google released a supplemental fix for Pixel and Nexus devices. Kaspersky Lab’s Threatpost reported that Samsung also released a fix for its mobile devices. Google had said that the company will introduce the Android-wide patch for Dirty COW in the December Android security update. As per the dedicated page for this flaw, exploitation of this bug doesn’t leave any traces behind. This nature of the flaw makes it even more dangerous as the users will not be made aware even when their security has been compromised.

Apart from this critical flaw, the search giant also patched another critical kernel memory flaw, CVE-2016-4794, which also allows attackers to gain root privileges of users’ device. The security update comes with a patch for critical privilege escalation flaws regarding Nvidia’s video and camera drivers.

The critical vulnerabilities concerning Qualcomm components was also fixed with company’s latest security update.


After releasing Android 7.1 Nougat Developer Preview 2 for Nexus and Pixel devices, Google has started rolling out the final Android 7.1.1 Nougat update for compatible devices. The new Android 7.1.1 update also includes the company’s monthly security update for December.

The new Android 7.1.1 is being touted as “an update to Nougat” by Google. This Android 7.1.1 update will be available over the next several weeks to the Nexus 6, Nexus 5X, Nexus 6P, Nexus 9, Pixel, Pixel XL, Nexus Player, Pixel C and General Mobile 4G (Android One) devices. The company says that the Android 7.1.1 update will be rolled out over-the-air (OTA) and the devices enrolled in the Android Beta Program will also receive this final version.

Google has also released Android 7.1.1 factory images and OTA files for compatible devices.
The Android 7.1.1 Nougat update will add new emojis that will reflect gender equality. Notably, Google had previously announced to add a slew of female emoji characters. With the Android 7.1.1 Nougat update, Google has added gender counterparts for emoji characters that previously only had male or female representation. Additionally, Google’s new set of emojis that launched with the Pixel phones will now be available to all compatible devices running Android Nougat.

Apart from emojis, Google is also adding support for GIF images directly from keyboard on supported apps. Some of the apps that will support GIF images through Google Allo, Google Messenger, and Hangouts. The Android 7.1.1 Nougat update also brings app shortcuts directly from home screen. Users can launch actions on any apps by simply long pressing the app icon.

“When we launched Android Nougat, we were excited to deliver even more ways to make Android your own. Today we’re rolling out Android 7.1.1, an update to Nougat that showcases more ways to express yourself, along with a handful of other sweet features and improvements to stability and performance. Android 7.1.1 brings many of the cool features of Pixel to everyone,” wrote Agustin Fonts, Product Manager, Android in a blog post.

The company has also bundled its monthly security patch with Android 7.1.1 Nougat – for the month of December – bringing fixes for critical security vulnerabilities in device-specific code that could enable arbitrary code execution within the context of the kernel and can lead to the possibility of a local permanent device compromise.

Google clarifies, “Supported Google devices will receive a single OTA update with the December 05, 2016 security patch level.”

 
[“source-ndtv”]

Last month, Linux security researcher Phil Oester discovered that a nine-year-old Linux kernel flaw (CVE-2016-5195) dubbed ‘Dirty COW’ is seeing active exploits in the wild. Google was expected to patch this flaw – after all, Android uses the Linux kernel – with its latest security update but as it turns out, the search giant has left out this dated flaw with its security update for November.

The November Android security update fixes 15 critical vulnerabilities associated with the platform, but surprisingly, this vulnerability discovered by Oester has still not found a fix. The extent of the danger posed by this vulnerability can be understood from the fact that Oester claims that on exploitation, it can give root access of a device to the attacker within five seconds.

“The exploit in the wild is trivial to execute, never fails and has probably been around for years – the version I obtained was compiled with gcc 4.8,” Oester said last month. The bug was initially patched 11 years ago but the fix was later undone in another code commit.
Kaspersky Lab’s Threatpost reports that while the main Android security update for the month of November did not contain a fix for the Dirty COW flaw, Google released a supplemental fix for Pixel and Nexus devices. It adds that Samsung also released a fix for its mobile devices. Google will introduce the Android-wide patch for Dirty COW in the December Android security update, the company told Threatpost.

As per the dedicated page for this flaw, exploitation of this bug doesn’t leave any traces behind. This nature of the flaw makes it even more dangerous as the users will not be made aware even when their security has been compromised.

Further details about the latest Android security update can be found over here.

 
[“source-ndtv”]

Sticking to tradition, Google has begun the rollout of the November Android security update for compatible devices. For the first time, Pixel devices also receive the security patches alongside the Nexus devices. The company has made available factory and OTA images for installation.

Google rolls out security patches first Monday of every month, and November is no different. The patches can be downloaded by Google Pixel, Google Pixel XL, Verizon Pixel, Verizon Pixel XL, Pixel C, Nexus 6P, Nexus 5X, Nexus 6, Nexus 9 (Wi-Fi only), and Nexus Player users. Factory images can be found here, while OTA images can be found here.
We recommend you to do the easy OTA install, as it doesn’t require you to flash your device and erase all memory. However, it is advised to back up all your data before installing through any method. Also, ensure that you have good Wi-Fi strength and battery life. Needless to say, this security patch can only be downloaded by compatible devices running on Android 7.0 Nougat and Android 7.1 Nougat.

Google has a very scarce changelog for this security patch, but does mention in the bulletin, “The most severe of these issues is a critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.”

Pixel’s exclusive carrier Verizon has, as promised, released the security patch at the same time. It’s worth noting that the build number for Verizon Pixel and Pixel XL is NDE63X. The NDE63U build number is for European devices, and NDE63V is for all other devices. The changelog provided by the carrier states that the patch adds message notifications while connected to vehicle Bluetooth systems, improves Daydream View performance, and adds New Mexico as a state option during Wi-Fi calling setup.

 
[“source-ndtv”]

When it comes to security, most experts and tech geeks bet their money on iOS over Android. However, Adrian Ludwig, Director, Android Security at Google, stresses that Android is at par with iOS and the iPhone, and even thinks that it will become better than its rival in the future.

At the O’Reilly Security conference in Manhattan, Ludwig spoke to Vice’s Motherbard about how Android’s open source nature will put it in a much better place, in the long run. Even now, he doesn’t think that the iPhone is any better than Android. “For almost all threat models, they are nearly identical in terms of their platform-level capabilities,” Ludwig said.

Ludwig asserted that the Google Pixel phones are at par with iPhones when it comes to security. The platform as a whole would improve and even beat iOS in the future, he added, pointing to the open nature of the ecosystem. “”In the long term, the open ecosystem of Android is going to put it in a much better place,” he said.
Speaking at the conference, Ludwig also stated that even though Android-based threats are reported regularly, an actual real-world exploit is seldom ever recorded.

As an example, he took the infamous Stagefright bug that plagued mindsets last year, and said, “At this point we still don’t have any confirmed instances of exploitation in the wild.” During his speech, Ludwig pressed mostly on how secure Android is, and even said that it is practically impossible for anyone to target a large number of people at the same time.

Furthermore, he spoke about an Android security product called Safety Net, which scans 400 million devices per day and checks 6 billion apps per day for potential malware threats. Ludwig claims that these checks, combined with Android’s built-in exploit mitigation, ensure that very small number of Android devices actually contain malware – less than 1 percent.

While most of his speech was focused on defending Android’s security protocol, he also touched upon how OEMs and carrier networks have to move faster in providing updates and security patches to their customers, “We got quite a bit of work left to do to get to a point where that actually happens on a regular basis across the whole the ecosystem.”

 
[“source-ndtv”]

The Samsung Galaxy Note 7 has been in the news for all the wrong reasons, and the company this week finally announced a halt to production and global sales of the smartphone due to safety concerns. Samsung further warned buyers to “power down and stop using the device (including replacements)” immediately, as they were fire hazards. However, not everyone has taken heed of that warning yet, and a new home security camera video has popped up on the Internet showing a Galaxy Note 7 catching fire and billowing smoke in a house in Honolulu.

The video footage, posted by Associated Press, shows a woman named Dee Decasa handling a smoking Galaxy Note 7 device with a great deal of composure and calm. However, due to the shock caused by this incident, she fainted in her living room near her sofa. Ironically, Dee Decasa had reportedly visited Samsung’s own website before the device started smoking.

Even though this event did not result in any serious injuries, it should serve as a wake-up call for those consumers who have not responded to the company’s request to stop using and power down their Samsung Galaxy Note 7 smartphones.

The South Korean company is currently trying to contain the damage that has been caused to its brand of smartphones but reports suggest that the second recall of the Galaxy Note 7 might end up costing the company as much as much as $17 billion.

[“source-ndtv”]

When Google decided to roll out the Android 7.0 Nougat update in August, the Nexus 6 and Nexus 9 LTE were left out of the mix. A month later, Google apologised for the delay in rolling out the update for the two Nexus devices. Earlier this week, Nexus 6 users started receiving the update along with the October Android security patch. Now, Nexus 9 LTE users have also started to receive the Android 7.0 Nougat update, however this time, only the September Android security patch is bundled with it.

Once the rollout process is complete, it would mean all eligible Nexus devices have now officially received the Android 7.0 Nougat update. Notably, at the Made by Google event earlier this week, Android 7.1 Nougat was unveiled alongside the two Pixel smartphones, and Google claims that Nexus and Pixel C tablet will receive the developer preview before the end of the year. Just which Nexus devices will receive the update however has not been clarified. Google confirmed that even though the Nexus series is dead with the launch of Google Pixel and Google Pixel XL smartphones, it will continue to support Nexus devices.

The update is rolling out over-the-air, but if you can’t wait Google has also uploaded factory and OTA images. As mentioned, the Nexus 6 update earlier came with the October Android security patch, but the Nexus 9 LTE update bundles the old September patch.

Google, at its Made By Google event, killed old practices of launching Nexus devices by partnering with OEMs. Instead, Google now has a new hardware team lead by Rick Osterloh, which will now take care of Google-branded products – though HTC is responsible for “assembling” the current crop of Pixel phones. At the event, Google also launched the new Chromecast Ultra, Google Home speaker, Google Wi-Fi router, and the new Daydream View.

The Pixel and Pixel XL smartphones are coming to India this month, and the pre-sale will start on October 13. The smartphones will be made available in 32GB and 128GB variants, and are priced at starting Rs. 57,000.

[“source-ndtv”]