Category: Android

The versions of this cyber threat do not stop and after the great success reaped in the desktop computers the cyber criminals they are attacking users of mobile terminals and tablets with operating system Android. On this occasion, the Police virus Prevents the user from using the device normally.

Android / Koler.A was discovered last week and despite not being able to encrypt the terminal data, it is quite annoying and difficult to remove. The problem is that the message that is displayed is on top of the rest of the content and each time it is closed we only have 5 seconds to do what is required, being quite annoying and making it impossible to uninstall.

With almost no time to analyze this first version, they began to create a second version that connected to a different server. However, this time those who made the mistake were cybercriminals and, as reported in Panda, they were able to temporarily access the MySQL database in which they stored information related to the threat and its infections.

In total, there would be affected users spread over 31 countries of which 23 are European.

How can I remove the Police Virus from my Android device?

A priori the process seems relatively simple, since you can go to the Application Manager and select a call BaDoink. However, as we have mentioned, we only have 5 seconds to carry out this task that seems complicated. Therefore, the only solution left for us is to restart the phone in safe mode and proceed with its uninstallation. After carrying out this process we can restart our terminal and the malware it will have disappeared without leaving any trace.

We recommend the tutorial on what types of viruses can infect us and how to avoid them.

The most common ways to protect an Android smartphone are by a pattern, a PIN code or a password, from less to more complicated to guess. While a pattern can be easily guessed simply by looking at the device against the light to see the fingerprint on the screen, a password is very complex, being almost impossible to guess without a clue of it.

A group of security researchers have discovered a flaw in the Android lock screen that allows access to the entire system by skipping this lock screen when it is configured with an access password.

The way to exploit this flaw is very simple. From the lock screen protected with the password we must open the emergency call application. There we must type a code, as long as possible, that we will use to later force the unlocking. For this we can, for example, write 10 asterisks and copy / paste them several times until there are no more digits in the marker, to copy the resulting code.

Once we have the longest code, copy it to the clipboard, we return to the lock screen and open the camera application that, by default, we can use without the need for the password. From the camera we open the menu at the top to access the “System Settings” section, where it will automatically ask for the unlock password.

Here we must paste (probably several times) the asterisk code that we have previously saved. After two or three times that we paste the code (depending on how long we have copied it for the first time to the clipboard) Android will return an error, the camera and the lock screen will close and we will automatically be inside the system, with full access to all files and all applications on it.

In case of locking the device again (for example due to the passage of time) we simply have to repeat the process again to force the unlock again.

Here is a video where they show the process step by step.

https://www.youtube.com/watch?v=watch

From Google they have confirmed that they are aware of the failure and that they have already solved it, thus reaching the solution to Nexus devices through a conventional patch. Users of devices manufactured by other companies will have to wait for them to publish the corresponding patches in order to solve this vulnerability. Meanwhile, the using a PIN code as an unlocking method that, for the moment, seems the safest.

Do you think that Google should better review this type of action to guarantee the safety of its users?

You may be interested in:

Everything appears to indicate that after much work the beta version of this browser is already available to be downloaded from Google Play Store. The developers have thought of most of the users of this operating system and it will only be necessary to have at least Android 2.3 to enjoy this browser.

This decision confirms the ideas that had been used to create this browser in the beginning: lightweight and easy to use.

Among the data that have been known, the use of the same information compression system that the previous version had stands out. This implies that all the information travels through the Opera servers, which is where this process is actually carried out, helping the user to save on data consumption.

The definition of Opera Mini: minimalist and easy to use

This was already something that was known and that is not a novelty, at least for the first version of the browser, since the purpose of this was precisely that. However, many software that are born for this purpose later end up adopting greater complexity. For the peace of mind of all the faithful to this browser, it must be said that the new version is still as light and simple as the previous one, with the only difference being the presence of several functions that were missing.

One of them is private browsing, absent in the first version and which has been implemented in this one, being able to make use of it by clicking on the “+” button on the tabs.

The use of space is also something remarkable, since the user only has the tab bar and the address bar, maximizing the space available to display web pages.

Obviously it is a beta and it is likely that it has a bug that will be corrected, but the operation is very correct and fluid, therefore it should not take long to see the final version.

Source | ghacks

If you are concerned about the privacy and security of your communications, you are in luck. We introduce you Krypton Anonymous Browser, a browser for Android operating system which is specifically designed to keep our privacy and security safe. An important feature of this browser is that, for example, it does not store any cookies, history or any data from the visited website on the device.

This web browser offers a very neat interface but at the same time simple. Incorporates as default search engine to DuckDuckGo, widely known for being an alternative to Google, but that protects our data and does not store anything on its servers about us. This way, Krypton will not know anything about you, and it will help others to know nothing about you either.

One point that we must highlight is that it is compatible with the Tor network, we can hide our IP address in a really easy way and also force the HTTPS mode to navigate safely (HTTPS Everywhere). With the aim of increasing our security, each tab is managed through an individual process isolated in the system, to avoid communications between them.

This application is open source, in this way any security expert and programmer can see its source code to detect security flaws or incorporate more tools. In addition, this application is completely free and has no ads, you can download from Google Play but we must note that it is in beta mode, and therefore it is periodically updated with improvements in security and stability.

Source: The Free Android

Control and modify application permissions on Android

In previous versions of Android we had less control over the permissions we granted to applications. This luckily changed with the newer versions. Now we can see what permissions an app has or to which elements others can access.

First of all, you have to differentiate between two aspects. One of them is the possibility of seeing a list of allowed accesses (microphone, camera, etc.) and seeing which applications have access to it. On the other hand, we can see a particular application and check which ones we have granted.

If we start by looking at the types of permissions and which applications have access to them, we have to do the following:

• The first thing is to go to Setting. For this we can go to the menu or directly display the notifications and click on the configuration icon.
• Later we will Applications and inside, top right, click on the menu and we will Application permissions.
• This can vary by version that we have installed, but basically these are the steps. Once inside Application Permissions, we will see a list with different aspects: calendar, contacts, camera, location …
• Here, by pressing each one of them, it shows us the applications that have access. For example, if we have a program to check the weather, the normal thing is that it has access to our location. However, it does not make sense that, for example, this same program to check the weather wants to have access to our SMS.

If we see that an application has access to permissions that we do not like, we can deactivate it. To do so, we simply remove the marking that appears to the right of each of the applications and the corresponding permission.

What access does an application have

On the other hand, we can also see what permissions a specific application has. To do this we doing the next:

• Again we will Setting and we entered Applications.
• Once here we will see a list of all installed applications. If they do not all appear visually, click on “see all”.
• When selecting one of them we will find an option called Permissions. If we enter here it shows us all the permissions that can be accessed. It can be storage, contacts, SMS, location …

From here we can also remove permissions to a specific application so that it can access any of the options. Returning to the example of the weather application, we can enter and remove the permission to access our SMS and leave the location.

In short, in this way we can have greater control over the control that our Android applications have. A way to increase security and avoid problems.

ZeroPC features are:

• Secure connection. No password is stored by ZeroPC or its servers.
• Intuitive and easy to use.
• Global searches that allow us to search several servers at the same time.
• “Collections” or virtual folders in which we can associate several files independently of the original server.
• Options to share files safely.
• Strict privacy and security policy.

ZeroPC Cloud Navigator is available to download from the Play Store. Once installed we run it on our smartphone. The first thing you are going to ask us to do is log into your servers. We can register from the program itself or from your Web page.

If we click on “Sign Up” we will have to enter the data requested by the service (email and password) to complete the registration.

Once registered we access the main window of the application.

By default we have the entry “My Storage” which is a storage space on ZeroPC’s own servers. If we click on “Add connection” we can add the servers we want manually.

In our case we are going to add a Box server and a DropBox server. We click on each of them and they will ask us for the login details of the corresponding service.

Once the different services have been added, they will appear in the main window of the application.

By clicking on the server we want we can access its files quickly.

If we click on a file we can see the different actions that we can perform such as copying, deleting, sharing, downloading, etc.

We can also upload files to the cloud from ZeroPC.

ZeroPC is a complete tool for Android that will allow us to manage several clouds simultaneously with great efficiency.

Have you tried ZeroPC? How do you manage multiple accounts in the cloud at the same time?

Buckynet, one of the members of Wireless Security, has developed an application for mobile devices with Android operating system that provides us with a dictionary of WEP, WPA and WPA2 keys used by Arcadyan routers by default. Some time ago the algorithm that allows obtaining the keys was discovered, now we will have these keys in the palm of our hand thanks to Android and this application.

Arcadyan equipment is used by different Internet service providers, the best known with Yacom and also Vodafone Spain. To put this dictionary into operation, we have two methods (depending on the information we obtain from the access point in question):

Short dictionary:

• It is necessary to define the ESSID together with its final 6 characters or 4 characters in the case of Vodafone networks.
• You need to define the last 8 characters of the BSSID.

This short dictionary has the 10 possible default keys that the router will have.

Long dictionary:

• It is necessary to define the last 8 characters of the BSSID
• This dictionary is specifically designed for users who have changed the name of the network and therefore do not have this data.

This long dictionary has 10,000 default keys that the router will have.

This program needs an Internet connection for the advertising to appear, and once we have clicked on it, the dictionary is generated in the root of the SDCard with the name “Dic_ESSID.txt” according to the type of network chosen. You can download the application from this link or visiting the official blog of Wlan4xx where there are other methods of downloading the application.

The paid version of this application not only generates the dictionary but also test the keys against the wireless network to connect correctly, all this automatically.

The paid version costs less than € 1, you have more information in the Wlan4xx official blog.

New version of Samsung’s browser

It is true that in browsers today there is no rival and Google Chrome is the most used on different platforms. However for many users security and speed can play a very important point. Samsung is no stranger to this and has worked hard to develop Samsung Internet Browser 7.2 with interesting improvements in terms of speed and also security.

For this it uses an updated engine, Chromium M59. Among the improvements are speed, as we have mentioned, but also other aspects such as graphics. With this we obtain a considerable improvement when playing online.

But if there is something that users are very interested in, it is the security. Even more so if we talk about mobile terminals. As we know, cybercriminals set their sights on what has the most use, the most possible victims. Mobile phones are increasingly used for different actions that in other times we carried out from the computer.

Hence the emergence of banking Trojans, hidden cryptocurrency miners, etc. All this has been taken into account by Samsung in the update of its browser.

More security

Among these security measures included in the new version, it has a protected browsing. This means that it alerts users when they visit sites that are not safe. For example, those that can introduce malware into devices or that steal information. Ultimately, much of the malware comes to us through browsing.

As well its use has been optimized. Now it works better in low-end terminals that have 1 GB of RAM or even less. They have achieved this with improvements in the consumption of eyelashes and it is more efficient.

An important piece of information must be added. At the moment these speed and security improvements are only available in the Beta version of the browser. Therefore, those users who have the Samsung browser installed may not see these changes, unless they install the Beta version.

In any case, they will soon reach the normal version of the browser and it will be available for download.

Available for any device

On the other hand, although it is the Samsung browser, it is not exclusive for users of this brand. Anyone who has Android 5.0 or higherRegardless of the model, they will be able to download the browser.

As we know, one of the most interesting options to maintain security on our devices is to download from official sources. We have to avoid, therefore, downloading applications that are not in official stores such as Google play.

In short, with the new version of Samsung Internet Browser we can find a more efficient, faster and safer browser. Aspects that will undoubtedly be well received by users.

Several users are reporting problems on their mobile terminals, and it is that daily data consumption shows that a 600-second video has been downloaded, and day after day, the download of this video causes us to consume our data rate.

As we can read on HTCMania, the user in question owns an LG G2, and even if I restore it from the factory the problem persists. This user, when calling Orange customer service (it is a 902) and spending more than 40 minutes, the operator informs him that the culprit is the mobile terminal and that the billing is correct. However, the user does not give up and installs a Firewall on the terminal that allows him to know which applications are consuming data and the details of the exact time the connection is made.

Below you can see a screenshot of “Apps Orange” making a connection at 21:13:03 to a specific server.

The destination IP can be seen as 194.250.131.72 and according to this web page, belongs to France Telecom (Orange).

Later, when looking at the consumption detail from the Mi Orange application, this data consumption is reflected:

Judging by the data that it exposes in the forum thread, and the Lookup of the IP address that the application indicates, It seems that it is the Orange application itself that performs these downloads of videos and for this reason the user consumes a large amount of data daily, this problem of excessive data consumption could lead to hiring an additional data bonus. You can follow all the news on this topic at this HTCMania forum thread.

Are you from Orange and something similar has happened to you?

Upgrade

Orange has contacted us and indicated the following:

• In some forums it is said that the My Orange application consumes extra data associated with a video download, which is not true. The data associated with the Mi Orange application appears with the concept “AppMiOrange”. Confusion has been generated between Orange Updates (which appears as Apps Orange on the terminals) and My Orange.
• In any case, it is false also that the Apps Orange application consumes customer data.
• This application connects once a day to detect if there are updates to the Orange applications that the user has installed on their terminal. The confusion has been generated because in the log of connections that the user sees in his client area it appears with the concept “video0”, but this is a concept that Orange uses to identify the apps that have to be treated differently for pricing, that is, it identifies that this app should not consume data from the customer’s voucher.
• We understand that is why the confusion has occurred and we are working to fix it.

At the moment it is only affecting devices with operating system Android, but it is not ruled out that despite the non-existence of versions for other operating systems they will appear in the not too distant future. However, this shows once again that the eyes of cybercriminals are once again focused on Google’s operating system, which is the one that brings together the most users, which is directly associated with a very large market share.

Along with this fake version of WeChat, a malware bank whose purpose is to steal the credentials and other data related to the online banking services that the user makes use of.

More than 100,000 devices affected

Those responsible for Kaspersky have been in charge of warning about the presence of this new threat that can be found in unofficial application stores and on different web pages whose sole purpose is to distribute fake applications that contain malware.

When the user downloads it, at first the appearance is totally identical to the official one. However, later the application begins to distance itself from the operation of the official one, asking the user for much more information that does not make sense, such as the email address and password, the credit card number and the PIN, as well like other bank details pertaining to online banking services.

However, and despite the fact that the module that is responsible for doing this was encrypted, those responsible for the Kaspersky company have managed to decrypt this module and they have found a surprise.

The access credentials to the email account where the data is sent can be found in the code

The cybercriminals had included the access credentials of the Outlook account to which the emails containing the data collected from each user were sent. After logging in using these in Kaspersky they have been able to verify that today there could be more than 100,000 users affected by the malware.

To try to avoid this type of problem, it is best to look at where you have accessed and what is being downloaded. In this way you can avoid downloading fake applications that may lead malware to our team.

Source | The Hacker News