SternisheFan writes: Samsung has acknowledged the vulnerability reported earlier this week in kernel of some Samsung Exynos chipsets and claimed that a fix is coming soon. Samsung issued the following statement to Android Central: Samsung is aware of the potential security issue related to the Exyno and plans to provide a software update to address it as quickly as po The issue may arise only when a malicious application is operated on devices; however, this does not affect most devices operating credible authenticated applications. Samsung will continue to closely monitor the situation until the softw been made available to all affected mobile devices. The exploit was revealed earlier this week by user alephzain over at XDA who claimed that any user application could access all physical memory available to the device. The exploit affects the Exynos 4210 and 4412 chips, which power some of Samsung's most popular devices including Galaxy S II, Galaxy S III, Galaxy Note, Galaxy Note II and Galaxy Note 10.1.
SternisheFan writes: "Google Play is about to become a safer place to download apps. It sounds weird to say that after all this time, but it's not terribly uncommon to find malware laying in wait --just ask the 80,000+ users who downloaded a fake copy of Bad Piggies. With the latest update to Google Play, it's been discovered that Google has introduced a built-in malware scanner. The folks at Android Police tore apart the APK update to 3.9.16 and here's the code they uncovered: App Check "Allow Google to check all apps installed to this device for harmful behavior? To learn more, go to Settings > Security." Installing this app may harm your device Installation has been blocked Google recommends that you do not install this app. To protect you, Google has blocked the installation of this app. App name: "%s" I understand that this app may be dangerous. Verify apps? The "App Check" portion allows Google to examine apps you've already downloaded, while a blocker function will issue a warning if an app looks shady. For people who don't want Google to scan for malware, there will be an option to turn it off. However, all this scanning goodness won't be rolled out immediately.
"Our examination of the new code in Google Play suggests that the company is building an API framework for virus-scanning in the future, and that the functionality will not be available until at least API level 17 (which will be supported in the version of the Android operating system after Android 4.1 (Jelly bean)," security firm Sophos stated in a blog post. In the meantime, there are numerous free antivirus scanners available in Google Play, including one from Sophos."
SternisheFan writes: ". Military researcher Robert Templeman from the Naval Surface Warfare Center in Crane, Indiana, and a team from Indiana University, created a super creepy Android app called PlaceRaider; it runs in the background on the Android 2.3, Gingerbread operating system. The sensory malware covertly taps into the phone’s camera to capture photos which attackers can stitched together to recreate a 3D image of the victim’s surroundings and then steal any sensitive information in view. This new “threat to the privacy and physical security of smartphone users” was dubbed “virtual theft.”
Through completely opportunistic use of the camera on the phone and other sensors, PlaceRaider constructs rich, three dimensional models of indoor environments. Remote burglars can thus download the physical space, study the environment carefully, and steal virtual objects from the environment (such as financial documents, information on computer monitors, and personally identifiable information). Through two human subject studies we demonstrate the effectiveness of using mobile devices as powerful surveillance and virtual theft platforms, and we suggest several possible defenses against visual malware.
Malware such as PlaceRaider could be wrapped and hidden away within another otherwise legitimate app. “These remote services can run in the background, independent of applications and with no user interface.” Although the researchers used the Android platform for the visual malware, they said, “we expect such malware to generalize to other platforms such as iOS and Windows Phone.”"