Wednesday, 25 April, 2018

Android Smartphone Makers Have Been Misleading Users About Security Patches!

SnoopSnitch - Android Apps on Google Play Researchers say some Android phone makers hide missed updates
Terence Owen | 13 April, 2018, 15:17

An undisclosed list of Android phone makers have been actively deceiving customers about their devices' security against malware and hacking vulnerabilities, according to Wired, which spoke with researchers at the Security Research Lab (SRL) based in Germany.

These smartphone makers have created a false sense of security among their users. An app called SnoopSnitch enables users to check if smartphone is running the security patches which it claims.

The patch gaps and bugs are found in the chips rather than in its operating system. Most other major Android phone makers fall somewhere in between. This is incredibly simple to fake-even you or I could do it on a rooted device by modifying ro.build.version.security_patch in build.prop. The security research scanned 1200 firmware samples of over dozen Android vendors that include Sony, Samsung, Google, TCL, ZTE, and few other.

Device fragmentation has always been a challenge for Google when releasing updates for its Android platform, which is by far and away the most popular mobile software on the planet. One of the lowest performing brands were TCL and ZTE, all of whose phones had on average over four patches that they claimed to have installed, but had not. These OEMs have just been changing the date of the security patches on the device without actually installing the associated patches an have been misleading their users.

"We find that there's a gap between patching claims and the actual patches installed on a device". At times it was found that vendors didn't even install a single patch, but only changed the date of the update by forwarding it by several months.

Russian Federation rejects Skripal attack findings report by chemical weapons watchdog
Britain says scientific analysis of the poison is only one of the factors that has led it to blame Russian Federation . British Foreign Secretary Boris Johnson reacted to the OPCW findings saying: "The Kremlin must give answers".

While criminals typically rely on social engineering to attempt to steal data from users, through malicious apps and the like, state-sponsored actors are more likely to exploit missed patches as part of their attacks using previously unknown methods, the researchers say.

Nohl and researcher Jakob Lell found that companies like Sony and Samsung missed a few patches on average, but HTC, Huawei, LG, and Motorola had between three and four skipped patches. Lesser known manufacturers, on the other hand, missed out on many more.

Google's Android product security lead, Scott Roberts, said: "We're working with [SRL] to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google-suggested security update".

The company has moved towards encrypting all data that leave and enter Android devices with the industry-standard Transport Layer Security (TLS) protocol, and is further tightening the requirements in Android P, which is now in developer preview. "That's deliberate deception, and it's not very common". Built-in platform protections, such as application sandboxing, and security services, such as Google Play Protect, are just as important.

Recommended

Fox Network Group UK Offices Raided By European Commission In Antitrust Probe Fox Network Group UK Offices Raided By European Commission In Antitrust Probe The European Commission statement also said its inspections did not mean that companies are guilty of anti-competitive behavior. A Fox Networks Group spokesperson was cited in British media as saying they are fully cooperating with the Commission.

Bayern v Real Madrid and Liverpool v Roma in Champions League semis Bayern v Real Madrid and Liverpool v Roma in Champions League semis Tabloids Bild and Sport Bild also report Bayern has settled on its former defensive midfielder as coach. The reports said Kovac would be presented by Bayern before the end of April.

Whalen to lead Gophers women's hoops, still play for Lynx Whalen to lead Gophers women's hoops, still play for Lynx The 35-year-old Minnesota native will replace Marlene Stollings, who left earlier this week to become head coach at Texas Tech . She has been playing professionally in Minnesota the last seven seasons with the Lynx and helped them capture 4 WNBA titles.

The Launch of Reliance Jio 4G Laptops The Launch of Reliance Jio 4G Laptops Reliance Jio's entry into the ailing PC market is being hailed as a huge deal and could rejuvenate the lost interest in laptops. Last year, Microsoft launched always-connected PCs from Asus and HP with Snapdragon 835 chipset and Windows 10 under the hood.

One more warm day before rain this weekend One more warm day before rain this weekend In addition to the warm up, the wind will also be responsible for another high fire danger threat for much of KAKEland. A cold front could bring a chance of storms Friday night into Saturday , and showers on Saturday night into Sunday .

CBI registers 3 cases in Unnao gangrape case; detains MLA CBI registers 3 cases in Unnao gangrape case; detains MLA Late on Wednesday night, the Yogi Adityanath government made a decision to hand over the probe to the investigative agency. On June 11, her family lodged a complaint with the local police.

Just one alcoholic drink a day could shorten your life, study says Just one alcoholic drink a day could shorten your life, study says Another patron, Jaussi Ruotsalainen, a tourist from Finland, said he rarely drinks because he has two young kids at home. They made a point of excluding people who had a known history of heart problems at the time they had entered a study.

Warm today, weekend storms Warm today, weekend storms The breezy south wind won't back down throughout the night tonight , as sustained winds will range from 15 to 25 miles per hour . Lows on Sunday will drop down to 16 degrees in northern Taiwan, 18 degrees in central Taiwan and 21 degrees in southern Taiwan.

Amazon.com, Inc. (AMZN) Receives $1504.90 Average Price Target from Analysts Amazon.com, Inc. (AMZN) Receives $1504.90 Average Price Target from Analysts As it's announced in Securities and Exchange form the stake in Amgen Inc (NASDAQ:AMGN) is upped by 44,671 shares to 9.79M shares. The Meag Munich Ergo Kapitalanlagegesellschaft Mbh holds 80,900 shares with $14.02 million value, down from 99,500 last quarter.

Deaths of pop, daughter, youngster, completely different man tied to incest case Deaths of pop, daughter, youngster, completely different man tied to incest case A Knightdale father and daughter, who were charged with incest earlier this year, along with their 7-month-old baby, are dead. Not long afterwards, Steven and Katie's biological mother, Alyssa, separated and Katie and Steven started an affair.

'Broad City' Set to End After Show's Fifth and Final Season 'Broad City' Set to End After Show's Fifth and Final Season It's important to note that just because Broad City is ending after season 5 doesn't mean that the series was canceled. Brian Steinberg and Electric Avenue's Will Arnett and Marc Forman will also exec produce.

Bruins vs. Maple Leafs Game 1: Full highlights, final score and more Bruins vs. Maple Leafs Game 1: Full highlights, final score and more Led by their top line, the Bruins applied some pressure the other way after Toronto fired off the first five shots of the period. That seemingly innocuous loss could be the death blow for the Bruins but either way this series is going to be must-see TV.

Elneny: We're ready to face any team in semi-final Elneny: We're ready to face any team in semi-final But a two-week time frame would put him in contention to feature in Arsenal's two semi-final legs, with the first on April 26 and the return a week later on May 3.

PM Modi greeted with black flags in Chennai over Cauvery row PM Modi greeted with black flags in Chennai over Cauvery row He presented a memorandum to Modi, who was on a whirlwind visit to inaugurate the DefExpo and a function at the Cancer Institute. Similarly, Stalin, his sister Kanimozhi and second rung leaders including former Chennai Mayor Subramanian sported black attire.

Trump to Pardon Scooter Libby Trump to Pardon Scooter Libby Trump pardoned Joe Arpaio , the former sheriff of Maricopa County who defied a court order to stop racially profiling Latinos. Then-President George Bush commuted Libby's 30-month sentence, sparing him prison time, but didn't pardon him.