A Twitter group called “@Our_Mine” have taken down top You Tubers in celebration of there 100K follower.
In 2014 large amount of Tech news was reported, from new devices to hacking and security fails. Lets take a look at what got you reading.
Change, this year has seen a lot of it. Technology has changed, the focus is continuing to push towards the wearable market, the next-gen consoles don’t seem too next-gen now and lets not forget extreme market turbulence (looking at you Apple and Samsung). Gadget Nibble hasn’t been immune from such transitions either – with the last of our beloved mascots, Boog, departing us. As we go into 2015, things are going to keep changing.
But now there’s good news…
Researchers have discovered a disturbing flaw to the popular open source platform that is found on most smart phones today. Mobile security company, Bluebox said they discovered a flaw in Android security and has begun to warn Google and customers. The flaw affects any Android device released and bought within the last 4 years and allows them to access data such as your passwords, and reach phone features like texts, camera and phone calls. Oops…
There are now an estimated 900 million Android devices that will be affected.
“A Trojan application … has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, It can essentially take over the normal functioning of the phone and control any function.” CTO Jeff Forristal Said.
The flaw relates to how Android apps are approved and verified on the system and can allow hackers to tamper with the code of the application without changing the cryptographic signatures. Basically that means any app, any can look pleasant and safe to engineers and quality control but actually house malicious software. What could be more worrying is that Google was informed of the flaw back in February and has since not made any announcement.
Forristal had commented on the matter and said that Androids fragmentation doesn’t help:
“The availability of these updates will widely vary depending upon the manufacturer and model in question.”
Android fragmentation has previously been a problem for consumers own personal preference, but now it seems their security is at stake as well. The problem lies with how Android updates are dealt with. Instead of them being rolled out on mass to every device such as with Apple, Google will release the update and leave it up to carriers to decide when and even if users will ever receive it. Users will instead face a confusing and complicated task of finding out if they will get the update.
The problem gets even worse when we look at the available Android App Stores, in Asia there are over 500+ different places to download apps from and many dot have any verification or authentication. It seems there are pros and cons to every ecosystem. Android is a brilliant platform, customisation at its core. But it seems that some of its cons maybe a little darker than we think.
Google refused to comment but is now preparing a fix.
‘In the likely event of everyone in the world being hacked please use the emergency exits – here and – here’. Well we haven’t reached that stage as of yet but everyday it seems another firm falls foul to malicious hacking and cyber attacks. The most famous in recent history, sorry to keep reminding you, being the attack on Sony’s Playstation Network in 2011 that took the network out for over a month.
Now we have moved on, 2 years down the line and we would have expected companies to have realises the world is big and bad. But yet we still are victims of the form of criminal activity known as “hacking”. Today Ubisoft is the latest victim in the vicious circle and has announced that its online services, passwords and account details have been compromised.
The publisher said that names, email address and encrypted passwords had been “illegally accessed” but thought no credit card or financial data was in question. As of the attack Ubisoft had 58 million registered users, nevertheless the firm believes the attacks are unrelated to prior breaches.
Oh no Ubisoft…
Last year the firm had been run around the mill with security breaches and attacks – their UPlay web browser addon allowed criminals to run malicious software on users PC’s. Then in April it halted PC game sales as gamers found a way to download titles free of charge from their online store.
Ubisoft make popular titles such as Assassins Creed, Just Dance, Far Cry and Splinter Cell.
Following the normal procedure Ubisoft recommended: “all our users change their passwords”. The company has fallen into gne same trap many a time and is now being accused of not taking threats seriously. Following the Sony attack the Japanese business was fined £250,000 by the UK Information Commissioner for failing to have up to date security software.
“Ubisoft’s security teams are exploring all available means to expand and strengthen our security measures in order to better protect our customers. Unfortunately, no company or organisation is completely immune to these kinds of criminal attacks.”
It is understandable the high paced and fast moving world that firms operate in and the restraints many face but companies have a duty of care to our data and need to do all they can to protect it. Although they may have done so in Ubisoft’s case, unlike Sony, firms need to come together. The industry needs to join to collaborate to protect user data for the benefit of everyone, not just snigger at each other when their competitors get hacked. Otherwise one day it could be big.
iPhones around the world are now being caught off guard, their backs turned and their charging ports exposed. Apple iPhones have reportedly fallen victim to a horrible vulnerability that means the device can be controlled through its charging port if a ‘bogus’ charger is used.
Using a custom built charger – the iPhone’s security is bypassed and the phone left defenseless to the horrific attack! The team at the Georgia Institute of Technology managed to condemn the phone an infected the device in under a minute with a complex virus. But don’t let your iPads or iPods touch’s feel they can sleep safely at night – you don’t know what lurks around the corner… The fault is been proven to affect not just iPhones but any iOS device – therefore bolt the shutters and take your iDevices to safety, a virus could be on route…
Worrying that your iPhone or iPad is going to become the next ‘living’ dead? A virus production factory? A useless brick? Well I might not be able to help you with the last one (joking of course) but the problem, highlighted by the Georgia Institute of Technology does seem to show the issue lies around a pre made custom ‘unofficial’ charger that can implement the virus. The Institute will be talking more about the discovery at the Black Hat USA hacker conference. The details of the flaw have only been discussed to other developers, so again – don’t worry that every cybercriminal has the details of this kryptonite-like charger. Researchers, Billy Lau, Yeongjin Jang and Chengyu Song, have spent a long time delving into iPhone security and have said via this back door they could install any software they’d have liked.
“All users are affected, as our approach requires neither a jailbroken device nor user interaction,” they said.
The team manufacured their iPhone killing charger from a tiny computer called a BeagleBoard, the device only costs £30 ($30), and demonstrated the ease of use that USB chargers can be made for malicious purpose.
The hack is simple, communicating with the PC and the phone software the phone is infected and becomes a victim of Apples impregnable security. The malicious virus hid its location using the same system Apple uses to hide the location of their own iOS applications.
Apple had previously states their iOS devices to be a fortress – Apple has has several prior breaches and will work hard to rectify the issue. The problem will be presented to Apple to allow them to overcome the flaw.
For the well being of all the iDevices around the world lets hope Apple has time to fix it. Or else…