Google to Update Android Nougat Quarterly
As Google begins rolling out the next version of Android, called Nougat, to users this week, the company already is planning a new strategy for providing updates to the operating system more frequently. Traditionally, Google has updated Android essentially once a year, putting a new major release about every 12 months. But as the mobile […]
New Attacks Can Monitor Keystrokes, Steal Sensitive Data from Android Phones
Researchers from an Austrian university have developed techniques that allow them to perform cache attacks on non-rooted Android phones that can monitor the keystrokes, screen taps, and even observe code execution inside the ARM processor’s TrustZone secure execution environment. The attacks the team developed are complex and rely on a number of individual building blocks. […]
Oracle Looking Into Micros Data Breach
Oracle is in the process of investigating a data breach that affects customers of its MICROS point-of-sale systems. The breach apparently hit the software giant sometime last month, and it involves the customer portal for MICROS users. Oracle, which purchased MICROS in 2014, has sent a letter to affected customers, warning them that the company is doing […]
Critical Qualcomm Flaws Threaten 900 Million Android Devices
Researchers have detailed four vulnerabilities in Android, caused by bugs in Qualcomm chipset drivers, that allow an attacker to get complete control of a vulnerable device. Three of the vulnerabilities already have been patched in August’s Android security update, but the fourth one has not been fixed yet. Researchers at Check Point discovered the vulnerabilities […]
Lessons Learned From the Android Stagefright Bug
LAS VEGAS–Security engineers and developers typically view vulnerabilities as problems, things to be avoided. But they also can be valuable learning opportunities, especially for a the engineers on Google’s Android security team who are trying to protect more than a billion devices. Android is by far the most widely deployed mobile operating system, and its […]
Researchers Bypass EMV Card Protections
LAS VEGAS–Chip-and-pin or EMV cards have been touted as a more secure alternative to traditional cards, but security researchers have found several methods for bypassing the security of these systems by abusing flaws in the point of interaction devices. Nir Valtman and Patrick Watson demonstrated several techniques for getting around the security on pinpad devices, […]
Attack Can Steal Keystrokes From Hundreds of Feet Away
Wireless keyboards from several top manufacturers, including HP, Kensington, and Toshiba, are susceptible to an attack that allows anyone within range to eavesdrop and record every keystroke made on the devices. The vulnerability is a result of the manufacturers failing to implement encryption between the keyboard and the computer, and it allows an attacker to intercept […]
Peering Into the iPhone’s Security With an Introspection Engine
A new hardware device that’s in development promises to alert users when their phones are transmitting data without their knowledge, but some security researchers say the device looks like an overly complicated solution to a limited problem. Reporters often are targets of surveillance, both overt and covert, and that means that their laptops and phones are […]
Auto Group Pushes Best Practices for Vehicle Security
An auto industry group has released a set of best practices to help manufacturers design and build more secure vehicles. The document focuses on broad concepts, such as risk assessment and threat detection, rather than specific guidance. The release of the best practices by the Auto-ISAC comes at a time when security researchers are shining a […]