Recently Browsing 0 members
No registered users viewing this page.
By Abhay V
Google announces a bunch of new Android features
by Abhay Venkatesh
Google today announced a few new features coming to Android, both via updates to select apps and the OS itself. The features related to security, accessibility, and more, and the rollout is similar to how the company introduced added capabilities to older Android versions late last year.
The first on the list today is the addition of the Password Checkup tool natively to Android, something that first debuted as an extension and then made it to the Chrome browser itself. As the name suggests, the feature helps users keep a tab on the integrity of their saved passwords by notifying them if their credentials have been exposed. This allows users to act on compromised credentials and avoid using passwords that might have been exposed on the web.
Now, the feature integrates with Autofill on Android 9 and newer, notifying users of any potential password exposures and a guide to reset them. Additionally, Autofill can also generate unique passwords and secure that information via biometric authentication, making it a great overall tool for password management.
Next up is a nifty new update to the Messages app that brings the ability to schedule messages to be sent later. Long pressing the send button will now provide an option to set the date and time to deliver the text message. The option to schedule messages has been present for users on Samsung devices via the default Messages app that ships with those devices. Alternatively, users have had to rely on third-party offerings such as Pulse SMS for the feature. The updated Messages app is now rolling out to users on Android 7 and newer.
As for accessibility improvements, the search giant announced a new update to TalkBack, its screen reader for those with impaired vision. The updates include new multi-finger gestures on Pixel and Samsung phones that can be used to perform preset commands like selecting and editing text. There are also new swipe commands for reading through just the headlines or through entire paragraphs. The firm is also adding 25 voice commands to help with actions such as finding particular text on the screen and more. Lastly, there are two new languages for the Braille keyboard.
Google assistant is also receiving some updates that let users interact with it better on the lock screen. The company is adding a new card layout to review Assistant commands right from the lock screen, including alarm and timer options, sending messaging using voice, and more. The firm adds that users can “get things done on [their] phone without needing to be right next to it”.
Another highly awaited feature announced today is the rollout of a dark theme for Maps. While Maps automatically switches to a darker theme when navigating, a proper dark mode has been teased for a while. Users will finally be able to switch to the darker side permanently from the settings, a welcome addition for those that prefer the theming option to conserve battery on AMOLED displays, or just as a matter of preference.
Lastly, the Mountain View company announced new Android Auto features such as “car-inspired backgrounds” and Assistant actions – features that began rolling out earlier this month. For long journeys, the in-car system is also adding voice-activated trivia games. Other new features include a split-screen view of Maps and audio controls – like on Apple CarPlay – on wide screens and a new privacy screen to “control when Android Auto appears on your car display”. These Android Auto features are rolling out to users running Android 6 or newer.
Samsung now promises four years of security updates for Galaxy devices
by João Carrasqueira
Longer-lasting software support has long been one of the factors pointed out when talking about the advantages of iOS compared to Android. In recent years, we've seen an increasing amount of effort from some companies to keep devices updated, with Google itself offering three years of feature and security updates for its Pixel devices.
Now, Samsung is trying to take things a step further by offering a minimum of four years of security updates for its Galaxy devices. Depending on the device you have and how old it is, security updates may be rolled out on a monthly or quarterly basis, but either way, getting security updates for four years is a welcome boon if you want your devices to last longer.
This isn't just a benefit for the latest devices coming out this year, either, nor does it target just flagships. Samsung provides a decently long list of devices that will be eligible for the extended security update period, going back to the Galaxy S10 and Note10 families, the Galaxy A series, and a wide range of tablets. Here's the full list provided by Samsung:
It's worth noting that this support period is even longer than what Google promises for its own Pixel phones - though it should be remembered that these are minimum support periods, and Google has supported some of its phones for longer than the minimum. Either way, if you happen to own or you're considering getting one of these devices, you may rest assured your phone or tablet will be kept safe for a while longer. This doesn't, however, include new Android feature updates, so you won't necessarily getting Android 12 or 13 when those versions are released.
By Usama Jawad96
Clubhouse confirms security breach, deploys new safeguards
by Usama Jawad
Private social app Clubhouse allows users to engage in informal conversations. The invite-only iOS application is used by Elon Musk with Facebook also looking to clone the chat service. However, concerns were raised around Clubhouse a couple of weeks ago with the Stanford Internet Observatory (SIO) citing numerous potential security weaknesses in the service. Today, Clubhouse has confirmed a security breach and placed new safeguards to prevent similar incidents in the future.
This situation feeds into the security concerns raised by the SIO a few days ago. One of these was Clubhouse user and chatroom IDs were being transmitted over the internet in plaintext instead of being encrypted.
Furthermore, SIO also revealed that the backend of the platform is handled by a Shanghai-based startup called Agora Inc. The Chinese company states that it "temporarily" stores raw audio data for processing in its servers but it is currently unknown how long this time period is and where the servers are situated. In a statement to The Verge, the firm confirmed that it does not route traffic produced by non-Chinese users through China. However, Agora declined to go into details about the security mechanisms and protocols in place to prevent security breaches, such as the one that took place over the weekend.
Source: Bloomberg | Image via Walk the Chat
By Usama Jawad96
Apple starts taking countermeasures against new macOS malware strain
by Usama Jawad
A recently discovered macOS malware has caught the attention of the security community due to its highly sophisticated nature and the mystery surrounding its missing payload. Dubbed "Silver Sparrow", the malware was discovered a few days ago and is known to have infected 30,000 Intel and M1 Mac devices spread across 153 countries. Now, it appears that Apple is taking steps to mitigate potential threats posed by Silver Sparrow.
Apple has reached out to Apple Insider to confirm that it has revoked the certificates of the developer accounts that were used to sign the malicious package. While this restricts the spread of this particular Silver Sparrow variant, it still leaves the door open for similar packages signed with a different certificate.
Furthermore, Apple has noted that it has many security measures in place at both hardware and software level. Furthermore, the company also releases software updates regularly which contain patches against potential threats such as Silver Sparrow.
That said, Apple as well as the cybersecurity community will likely be keeping an eye on this particular strain and its potential offshoots, given that it is seemingly in development by an advanced malicious actor. On infected machines, Silver Sparrow communicates with control servers once every 24 hours, awaiting binaries to receive and execute. It also has ephemeral self-destruct mechanisms in place that remove any trace of your machine being infected, even if your machine has already been attacked.
Source: Apple Insider
By Usama Jawad96
30,000 Macs are at threat from mysterious malware
by Usama Jawad
News of Macs getting infected with malware is relatively uncommon. However, a new threat that has currently infected almost 30,000 Mac devices has security researchers worried due to its sophisticated nature and lack of available information.
Researchers at Red Canary have discovered a new strain of macOS malware which they have dubbed "Silver Sparrow". The malware is strange in numerous ways, with the major one being that it has remained mostly dormant so far. Despite the fact that it communicates with control servers once an hour awaiting potentially malicious binaries to execute, it has deployed no malicious payload as of yet.
Furthermore, apart from the Intel x86_64 variant, it also has an Apple M1 counterpart. Both variants also contain "bystander binaries", which when executed print "Hello World!" on the former's screen and "You did it!" on the Apple M1.
While have these messages printed on the display isn't a major concern on its own, it clearly points to a bigger issue where these placeholder binaries eventually start executing malicious payload they receive from the control servers. Red Canary highlighted that the complex infrastructure efficiently makes use of AWS and Akamai CDNs, making it very difficult to track and take down.
Another concerning fact about Silver Sparrow is that it contains self-destruct mechanisms which remove all traces of the malware from infected devices. What's even more mysterious is that this mechanism hasn't been observed by default on infected machines, which means that it was downloaded ad hoc based on meeting currently unknown conditions.
Furthermore, the distribution techniques of Silver Sparrow are unknown as well. Red Canary researchers stated that:
The findings of the report are reasonable cause for alarm. Much about Silver Sparrow is not known yet, and its sophisticated and stealthy nature points to a very advanced malicious actor. Red Canary has indicated that 29,139 macOS endpoints were infected as of February 17, 2021 with users spread across 153 countries. The figures of infected machines also seem to be concentrated in the US, UK, Canada, France, and Germany. The security researchers have included a list of indicators that you can use to determine whether your Mac is infected or not under the "Detection opportunities" heading near the bottom of this page.
Source: Red Canary via Ars Technica | Image via biz-tec.mx