Android Security Bug Found Bluebox Security

Android Security Bug Found: Hackers Gain System Access Posted: 08 Jul 2013 05:00 AM PDT Researchers in the security field at Bluebox Security, have found a bug in the Android operating system, which allows them to create malicious apps (appearing to be genuine with correct digital signatures).  Digital signatures allow any piece of data, including an app, to be checked to see that it is genuine.  But, because of this bug in Android, it is possible to create a fake app and digitally sign it so it looks like a real app from an author,  including massive companies such as Google, Samsung, HTC and Sony etc. Since the digital signatures of companies like Google and hardware manufacturers like Samsung, can be faked, it is possible to create a system app which has system access to the device in question. These system apps, which have what is known as 'System UID access' can perform any function on the phone including modifying system-level parameters and system-level software.  If such an app is installed on an Android mobile phone, the user would be totally vulnerable to a plethora of attacks including password sniffing and key logging. The researchers at Bluebox Security informed Google about the flaw called Android security bug 8219321 way back in February 2013 and they now plan to reveal details of the security issue at an upcoming security conference.  Theoretical security flaws exist in almost every piece of software including Microsoft Windows Phone, Android and iOS.  The change from theoretical to real can be a long but not impossible.  The question is, is there any real danger to current Android users.  The answer is in a grey area.  Bluebox Security says that the bug is present in 99% of all Android devices and they are correct. Until Google releases a patch and the manufacturers release updates then the majority of Android devices remain exposed!  However, the key with any vulnerability is how easy is it to exploit?  As always, users who download apps from third party sites including, but not limited to, torrents and media sharing sites are in the most danger as the most common way for hackers to spread malware is to upload a copy of  popular software that has been modified to include malicious code.   If hackers discover the secrets to the Bluebox Security method of altering an app without breaking its cryptographic signature, then apps with system level access could be installed on any version of Android from 1.6 to 4.2, (even those which have not been rooted).  For users who only use the official Google Play Store, then the chances of  malware infection in this manner are very small indeed. It is unlikely that hackers will be able to get one of these apps into Google Play and we can assume that since Google has known about this bug for five months, then it has already implemented safeguards into the app store upload process to block said apps from appearing online. As has been said countless times before, only download from Google Play or the Amazon App Store for security reasons if nothing else! .

Google to Shut Down Adult Blogger Sites Posted: 08 Jul 2013 04:00 AM PDT It looks like Google is doing some spring cleaning, although we’re in a totally different season now. Round about the time that people were gearing up to say their last goodbye to Google Reader, some bloggers using Blogger received an email to the effect that Google is going to shut down adult blogger sites. To be more specific, Google is targeting Blogger accounts that have links and advertising to sites that host adult content. If you’re thinking about Blogger’s content policy, you may have a point. The fact is that Blogger does not totally disallow adult content. In fact, the content policy allows adult content – nudity, sexual content, and all sorts of NSFW content – as long as the blog is labeled and categorized as such. That should serve as enough “warning” for people who may not want to see such things on the Internet. (No mean feat, judging by the state of the Interwebz.) What Google is targeting now are Blogger sites that monetize using adult content. Who was that who said that money is the root of all evil or something? Twitter user @violetblue shared the email she received. Without any equivocation – it’s the monetization of adult content that Google wants to stop. Naturally, this news was received with some dismay by some groups. For one, it is not totally clear what “adult content” means. There is no clear cut definition of that, and if your content is somewhere in between mildly NSFW and pornographic, you probably wouldn’t know where you stand. Additionally, blogs which may contain adult content – whatever Google’s definition of that is – but do not monetize via links and other ads (adult-themed as well) may also be in danger. If you’re still not sure, but your blog is still up and running, you may have been saved from the axe. The email clearly states June 30 as the deadline, but I wouldn’t be too cocky if I were you. I have a feeling this is not over yet.

PairASight: See Through Other People’s Eyes Posted: 08 Jul 2013 03:00 AM PDT At a loss for words when trying to depict what you're seeing? Imagine if you could show any of your friends what you're seeing in real time, and almost literally through your own eyes? The PairASight project is the answer to both these questions. With this system, that can be mounted on headgear such as a pair of glasses, you will no longer have to explain what you see or try to use your laptop or tablet as a camcorder. You will just have to look at it and the person at the other end of the line will see it like you do. PairASight consists of a two-way audio communication system and multiple cameras that can capture 1080p HD video content. The tiny cameras and the audio communication system can be easily mounted on eye-wear to offer a real first-person view. The captured audio and video content is streamed wirelessly to your smartphone or tablet and from there, it can be transmitted to anyone anywhere via the Internet, allowing them to see what you're seeing in real time. The technology is developed by a Michigan startup and is still in the prototype stage. The system has garnered a lot of praise and interest after being unveiled at the CES in January. It recently won a Technovation award at the recent CE Week in New York. PairASight creators expect to have the product ready and start selling eyeglasses-mounted versions later this year. The system can have multiple uses in various fields of activity, from medical diagnostics to automotive repairs and retail. It could also have interesting applications in law enforcement or the military, allowing police or soldiers to record and transmit what they're dealing with in real time. What do you think of the PairASight? Would you give it a try and what would you use it for?

Drone-It-Yourself Kit Makes Objects Fly Posted: 08 Jul 2013 02:00 AM PDT What if you could turn virtually anything you own into a flying object? Luckily for you, somebody has already thought of this and came up with a solution. The Drone-It-Yourself (get it?) kit, from Dutch designer Jasper van Loenen, allows you to turn almost any object into a drone.  The only condition is that the object you want to make fly is more or less flat, light and balanced enough to take off. The kit is easy to use and does not require any special technical knowledge to work. It consists of motors, clamps and a controller and all of the parts were 3D printed in ABS. The control unit is equipped with a Bluetooth module, a receiver, four electronic speed controls and an OpenPilot flight controller. To make any object fly, you just have to attach the motors to the clamps and the clamps to the object in question, along with the control unit. Drone-It-Yourself is not available for purchase as a kit, but anybody with access to a 3D printer can print the necessary parts, since the inventor has made his blueprints and lists of parts available online for free download. Moreover, van Loenen says on his website that more advanced users are welcome to alter the original designs and make their own custom parts, clamps or other add-ons, to suit their specific needs. What do you think of this DIY kit? What objects are you looking forward to making fly, if you had access to all the parts? The Drone-It-Yourself can be seen in action in the video below, which showcases how the kit turns several things, including a bike wheel, a computer keyboard, a book and a phone, into airborne objects.

Tech Beat Android Security Bug Found: Hackers Gain System Access Google to Shut Down Adult Blogger Sites PairASight: See Through Other People’s Eyes Drone-It-Yourself Kit Makes Objects Fly