Android Mediaserver vulnerability looks similar to the Stagefright bug.
Android owners may recall the Stagefright bug, the “worst ever Android vulnerability yet discovered”. That malware exposed a billion (that’s nearly every) Android device on the face of the earth to malware.
The latest critical bug has similarities to Stagefright, but exists in Android’s mediaserver. Google warns that an attacker could use the bug to remotely run malware hidden in video or audio.
In an announcement published in the Nexus Security Bulletin for January, Google said it has fixed 12 vulnerabilities affecting Android versions 4.4.4 to 6.0.1. Five are rated as critical security bugs. Partners were notified about and provided updates for the issues on December 7, 2015 or earlier, said the post.
“The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.”
How to protect yourself from the Android bug
Yesterday, we walked you through a set of our 2016 predictions in regards to home router security, wearables and the Internet of Things. In addition to these important topics, mobile threats are not something that should be ignored as we move into 2016.
“Most people don’t realize that mobile platforms are not really all that safer or immune from attack then desktop platforms,” said Ondřej Vlček, COO of Avast. “Most people use mobile devices in a more naive way then they use a PC because they just don’t understand that this is a full blown computer that requires caution.”
Hackers have done their homework to prepare for the new year
Over the course of this year, we’ve seen a list of notable mobile threats that jeopardized the privacy and security of individuals. Our own mobile malware analyst, Nikolaos Chrysaidos, has a few ideas about several issues that could crop up in the new year:
Avast Wi-Fi Finder saves your data and roaming fees by locating safe and reliable connections.
Everyone loves free Wi-Fi. You can surf the web, check your email or newsfeed, make Skype video calls across the world, or stream games, movies, and music – without eating up your data plan. That’s a great deal! Or is it?
The problem with free Wi-Fi hotspots is they can’t be trusted to be safe and keep your data secure. Cybercrooks can eavesdrop on your conversations and even break in to steal personal information.
When you need to find safe Wi-Fi, use Avast Wi-Fi Finder
Our new mobile app, Avast Wi-Fi Finder, lets you instantly search for available networks on the map or browse through a list. Wherever you are in the world, you can always find a safe connection, because after a successful beta test, we launched the app with nearly 800,000 networks in our database. The more people who use Avast Wi-Fi Finder, the bigger and better that database will become.
David Vávra is our team’s talented Google Developer Expert (GDE) for Android. Throughout this autumn, he attended a collection of valuable Android conferences. In this post, David walks us through his experiences and outlines his most interesting takeaways from the conferences.
Droidcon Stockholm (September 3-4)
Droidcon Stockholm was a two-day event held in Debaser Medis, a classic rock club in Stockholm. As you might imagine, it proved to be an interesting venue for a tech conference! The organization was a little more “punk” than most other conferences, but the conference was still jam-packed with talks containing strong content and served as a great opportunity to network with fellow industry professionals. Fun fact: Czech beers are quite popular in Stockholm. We visited a place where they served five different Czech beers on tap.
One talk that I found to be especially useful discussed building Android SDKs from Fabric, a platform for mobile developers from Twitter. It was also interesting to take a closer look at Spotify’s automated testing environment in a talk Sustainable test automation. As for me, my presentation at the conference dealt with Android TV development. All the Droidcon talks can be found here.
Avast simplifies how you protect your privacy with new products for 2016.
Count the number of devices you own. If you are like most modern digital-age people, you have a smartphone, half of you own a tablet, and most all of us have a desktop or laptop computer connected through a home router.
Now think about all the private information that you have on those devices. Bank account numbers, passwords, photos, messages and emails – all of them needing some form of protection to stay out of the wrong hands.
In a survey we did this year, 69% of you told us that your biggest fear is that the wrong person would see your personal information. In fact, Americans are so scared of having their financial information get into a bad guy’s possession, that 74% said they’d rather have nude photos of themselves leaked on the Internet! The problem is that most people are not doing anything to protect their privacy, for example, 40% of Americans don’t even lock their smartphones.
“While people are rightfully concerned about privacy, there is a disconnect between that concern and the steps they take to protect themselves,” said Vince Steckler, chief executive officer of Avast. “Users have a multitude of devices and passwords to keep track of, which can be overwhelming. When users feel overwhelmed, they tend to default to unsafe practices that put their privacy at risk.”
The new Avast 2016 for PC and Mac, the redesigned Avast Mobile Security, and the new kid on the block, Avast SecureMe, will all help reduce the complex task of protecting your private, personal information.
So time to face your fear and take steps to protect yourself. Here’s some tools that Avast is launching today to help you:
Twenty Android mobile phones were intentionally lost in The Lost Phones social experiment that Avast security analysts ran for 5 months.
The story is about how Avast Anti-Theft was able to track the phones and follow the journey that some of them took after being found. But four of those phones were returned to Avast because of good Samaritans who didn’t feel it was right to keep them.
We spoke to two of them; Quiana W., who found a phone on a park bench in Harlem, New York City and to Michael D. who found one in a public restroom in San Francisco. We asked what they thought when they first spotted the phones.
Quiana: I wanted to check it to see if it was on and see if I would be able to contact someone to return their phone. I know what it feels like to lose things, wallet or a phone, so I was just trying to pay it forward. It doesn’t necessarily have to happen back to me in this way, but it was just something that kind of took my heart.
Michael: My initial reaction was to leave the phone where it was. It seemed a little suspicious – how could someone not hear the phone drop onto the floor? I also thought that someone might mistake me for a thief if I walked out with the phone. But then, partially out of boredom and partially out of honesty, I decided to play detective and find the phone’s owner.
We trust our free app Avast Anti-Theft to track down lost phones, but we wanted to put it to the test in a real-world situation. So five months ago, we bought 20 Android smartphones and installed three security apps on all the phones: Our free Avast Anti-Theft app, Lookout Mobile Security, and Clean Master. Each phone was marked with contact information on where to return the device if found. After all was prepared, Avast security analysts traveled to New York City and San Francisco to randomly “lose” them in public places.
Here’s a video that shows what happened.
Over the months, the analysts used the Avast Anti-Theft app to track the lost devices and observed the following:
- 15 phones were wiped clean using the factory reset feature
- 11 phones stayed online for more than 24 hours after losing them
- 7 phones we were able to track for several months
- 4 phones were returned
- 4 phones are currently online and used
- 2 phones ended up abroad
- 1 phone was never factory data reset
The majority of lost devices were wiped clean using the factory reset feature, but only the Avast Anti-Theft app survived the factory reset.
You can track your missing mobile phones and tablets with Avast Anti-Theft. Get it for free from the Google Play Store.
Many of us have found ourselves in situations in which we need Wi-Fi connection and are unable to find it easily. Since we’ve become used to being connected to safe and steady Wi-Fi networks at home or in the office, it can become frustrating and inconvenient when we’re unable to establish a quick connection and gain secure online access.
For those seeking a fast, reliable and secure Wi-Fi connection, we’re happy to introduce you to Avast Wi-Fi Finder. Our new app gives you the opportunity to have a fast connection regardless of your location while continuously providing you with privacy and security. Whether you’re at the gym, a hotel, cafe, bus station or library, Avast Wi-Fi Finder has got you covered.
Have you ever served as a beta tester for one of our mobile apps? The release of the latest and greatest Avast Mobile Security is right around the corner, and we want YOU to help us make our mobile security app the very best it can be.
It’s important to emphasize that the beta version of Avast Mobile Security isn’t available to everyone quite yet – the latest version of the app will make its way onto your device as soon as it’s released.
Becoming a beta tester for Avast Mobile Security now only requires three easy steps
Getting the latest news and updates about our app is easy as pie. Here’s what you need to do:
1. Visit this link.
2. Click the “BECOME A BETA TESTER” button. Avast Mobile Security will automatically update itself upon its imminent launch. You simply have to wait until the new design appears on your phone.
3. Once you receive the update, we’d love it if you could share your thoughts about the app with us in our Google+ community.
Once you’ve opted to become a tester using the link above, you’re all set to go! Thanks for becoming one of our valued beta testers.
As Google Play tightens their security measures on mobile apps, hackers are moving to third party app stores. Fake apps imitating popular apps were found on the Windows Phone Store earlier this week. Now a new batch of infected Android apps imitating the real deal have been found on unofficial third-party Android app stores.
The new malicious adware, dubbed Kemoge, reported Wednesday by security researchers at FireEye, also disguises itself as popular applications. The apps trick the user into installing them through in-app ads and ads promoting the download links via websites. The legitimate appearing apps aggressively display unwanted advertisements which seem annoying, but in the FireEye blog researcher Yulong Zhong writes, ” it soon turns evil.”
The fake apps gain root access and gathers device information such as the phones IMEI, IMSI, and storage information, then sends the data to a remote server.
Infections have been discovered in more than 20 countries, including the United States, China, France, Russia, and the United Kingdom. Because of Chinese characters found in the code, it is believed that the malware was written by Chinese developers or controlled by Chinese hackers. The apps included Talking Tom 3, WiFi Enhancer, Assistive Touch, PinkyGirls, and Sex Cademy.
How to protect your Android device from infection
- Only install apps from trusted stores like Google Play
- Avoid clicking on links from ads, SMS, websites, or emails
- Keep your device and apps up up-to-date
- Install protection that scans apps like Avast Mobile Security