Search the Community: Showing results for tags 'Android'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • ChainScriptz
    • News
    • Site Updates
    • Add Links
    • Feedback and Comments
  • Miscellaneous
    • Welcome Intro
    • Jokes
    • Chit Chat
    • Radio Stations
    • Hot Picks
    • Test Forum
  • IRC Help and News
    • Scripting Help
    • IRCd Snippets
    • IRCd Chat
    • Chat Networks
    • Eggdrop
    • Script Reviews
    • mIRC Chat
    • IRC Servers & Rooms
    • mIRC Tutorials
    • IRC Clients
  • Tutorials
    • IRC Network Tutorials
    • IRC Client Tutorials
  • Coding Corner
    • WebSite Corner
  • Archives
    • MSN Chat
    • Defunct Chat Networks
    • Gallery
  • Sparkpea
  • Oasiz Chat
  • Phreik Chat
  • Icons & Toolbars
  • Koach.com
  • MTS Themes
  • MSN Old Scriptz
  • New Downloads
  • Support Files & DLL's
  • Vibe SN
  • Maztal
  • Slovenain Scriptz
  • Italian Scriptz
  • Turkish IRC Scriptz
  • Greek Scriptz
  • Script Support Files & DLL's
  • Groups
  • Security Software - Daily Updates
  • Security Programs - Updates
  • General Software - Updates
  • Other Operating Systems - Updates
  • Social Networks
  • Software Reviews
  • Security News and Alerts
  • Virus, Spyware and Trojan Removal
  • Security Bulletins

Categories

  • Info Addons
  • Buzzen
    • Buzzen Addons
    • Buzzen Archives
  • Sparkpea (ircwx)
    • Sparkpea Scripts (ircwx)
    • Sparkpea Connections (ircwx)
  • Scriptz(IRC)
    • Addons
    • War Scriptz
  • International Scripts(IRC)
    • Greek IRC Scriptz
    • Italian Scriptz
    • Slovenain Scriptz
    • Turkish IRC Scriptz
    • Swedish Scripts
    • Russian Scriptz
    • French Scriptz
  • TCN
  • essential chat
  • Net4110
  • Script Support Files & DLL's
  • IRC Administration Resources
  • IRCd's
  • Server Clients
  • Phoenix Chat
  • Scripting Essentials
  • Phreik Chat
    • Addons
    • Games
  • MSN Archive Scripts
    • MSN Addons
  • Sparkpea Scripts
    • Sparkpea Connections
    • Sparkpea Addons
    • Sparkpea Vincula Scripts
    • sparkpea Trivia & Game scripts
  • Tutorials
  • EggDrop
    • Anti-Spam Scripts
    • Info Scripts
  • Dlls

Calendars

  • Community Calendar

Found 3 results

  1. Researchers devised a new side-channel attack in Qualcomm technology, widely used by most Android smartphones, that could expose private keys.Researchers have uncovered a new side-channel attack that could be exploited by attackers to extract sensitive data from Qualcomm secure keystore, including private keys, and passwords. The attack potentially impacts most of the modern Android devices that use Qualcomm chips,  including popular Snapdragon models 820, 835, 845 and 855 The attack leverages a flaw in the Qualcomm Secure Execution Environment (QSEE), designed to securely store cryptographic keys on devices. “A side-channel attack can extract private keys from certain versions of Qualcomm’s secure keystore. Recent Android devices include a hardware-backed keystore, which developers can use to protect their cryptographic keys with secure hardware.” reads a blog post published by NCC Group. “On some devices, Qualcomm’s TrustZone-based keystore leaks sensitive information through the branch predictor and memory caches, enabling recovery of 224 and 256-bit ECDSA keys. “ According to NCC, the Hardware-backed keystores rely on ARM TrustZone to protect sensitive data, it splits execution on many devices into a secure world (used to manage sensitive data) and a normal world (used by processes of the Android OS). Experts pointed out that the two worlds have the same underlying microarchitectural structures, meaning an attacker could carry out a side-channel attack to access protected memory. The experts used a memory cache analyzer called Cachegrab to carry out  side-channel attacks on TrustZone. The experts tested a rooted Nexus 5X device using the Qualcomm Snapdragon 808 and discovered that the QSEE that leaking data that could be used to recover 256-bit ECDSA keys. The attacker must have root access to the device to launch the attack. Qualcomm has released a security patch to address the flaw tracked as CVE-2018-11976, while Android disclosed a patch for the flaw in its April update. Below the timeline of the flaw: March 19, 2018: Contact Qualcomm Product Security with issue; receive confirmation of receiptApril, 2018: Request update on analysis of issueMay, 2018: Qualcomm confirms the issue and begins working on a fixJuly, 2018: Request update on the fix; Qualcomm responds that the fix is undergoing internal reviewNovember, 2018: Request update on the timeline for disclosure; Qualcomm responds that customers have been notified in October, beginning a six-month carrier recertification process. Agree to April 2019 disclosure date.March, 2019: Discuss publication plans for April 23April, 2019: Share draft of paper with QualcommApril 23, 2019: Public Disclosure“Providing technologies that support robust security and privacy is a priority for Qualcomm,” a Qualcomm spokesperson told Threatpost. “We commend the NCC Group for using responsible disclosure practices surrounding their security research. Qualcomm Technologies issued fixes to OEMs late last year, and we encourage end users to update their devices as patches become available from OEMs.”Technical details of the vulnerability are available in the paper published by the expert. Source: https://securityaffairs.co
  2. Already, Google provides several ways to help you log in to your accounts securely, including two-factor authentication on Android devices, its Titan Security Key dongle, and Google Prompt. The search giant admits, however, that attackers can still use advanced steps like fake login pages to bypass those security methods. As part of an effort to further beef up your account's security, Google has introduced a new way to let you turn your Android device into a physical security key. That means you don't have to purchase a separate dongle, you only need a phone running Android 7.0 Nougat and later. To start using this new security feature, sign in to your Google account on your Android phone (if you haven't already). Then open Chrome on your Bluetooth-supported Chrome OS, macOS, or Windows 10 PC and head over to the two-step verification settings where you'll be asked to click the "Add security key" option. See to it that Bluetooth is turned on for both your phone and PC before selecting your Android device from the list of available devices. It's worth noting that the method works like Google Prompt, which relies on an internet-based connection between an Android phone and a Google service. The main difference with the new security feature is that it uses a Bluetooth connection to facilitate a secure login, which means your phone needs to be in proximity to your PC. For now, the feature is in beta phase and it's available only to Android users who use Chrome. There's no word, though, on whether Google will bring support for web browsers other than Chrome. Source: neowin
  3. Folks using healthcare-related Android apps: after you've handed over your private details to that software, do you know where it is sending your data? If you don't, nobody should blame you. It turns out it can be a complicated and obfuscated affair. So much so, eggheads probing the data-sharing practices of mobile health applications have urged software developers to be more transparent regarding how they're handling people's personal info, after observing all sorts of records being passed on to third parties. Parent companies, adverting networks, analytics platforms, data brokers, and more, are seemingly getting their hands on at least some part of the pile, directly or indirectly. And while the studied applications could well be above board, at least within their fine print and terms of use, and sharing data carefully and with consent, the lack of transparency and the large emission of information may deal a blow to any trust you may have in them. Furthermore, even if the information is anonymized prior to sharing, the data tends to flow through the usual few suspects – Google, Facebook, etc – which could, in theory, piece together the identity of individual netizens using these apps, seeing as they capture so many data points. Report Academics hailing from universities in Canada, Australia, and the US, together studied 24 popular Android health and medicine-related apps, and found that nearly 80 per cent were passing on at least some of their users' data to third parties. Their findings were published this week in the British Medical Journal. Check it out for the full details; we'll summarize them here. "Sharing of user data is routine, yet far from transparent," the group concluded in their paper. "Clinicians should be conscious of privacy risks in their own use of apps and, when recommending apps, explain the potential for loss of privacy as part of informed consent. Privacy regulation should emphasise the accountabilities of those who control and process user data. Developers should disclose all data sharing practices and allow users to choose precisely what data are shared and with whom." We're told that 38 per cent of the studied apps shared browser activities, such as medicines looked up and pharmacy websites visited, with third parties; the same again passed on users' email addresses; 25 per cent handed over the list of drugs people are taking; 21 per cent the users' first and last names; 17 per cent the users' medical conditions; and so on. These stats were produced by studying the network traffic of the applications, which range in install bases of 500 devices to 10 million and are among the top 100 most-used in their sector. "Although most (20/24, 83%) appeared free to download, 30% (6/20) of the 'free' apps offered in-app purchases, and 30% (6/20) contained advertising as identified in the Google Play store," the academics noted. "Of the for-profit companies (n=19), 13 had a Crunchbase profile (68%)." https://www.theregister.co.uk/2019/03/21/medical_apps_personal_data/