Connect with us


July 2019 security patches are out for Google Pixel phones and Essential Phone



Today marks the first day of July and we are now already halfway through 2019. More importantly, a new month means it’s time for new Android security updates. The patches for this month have been released for the entire Pixel family and the trusty Essential Phone is following closely behind as usual.

There are a few important functional patches for the Pixel 3Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 2, and Pixel 2 XLthis month. Users should notice improved “OK Google” and music detection. The July Android security updates are also rolling out to the Google PixelPixel XL, and Essential Phone. One device that has reached the end of its Android security cycle is the Pixel C, which received its last update in June.

July’s security patches are now available for Open Market customers. Check your Essential Phone for the latest

— Essential (@essential) July 1, 2019

Pixel July 2019 ImprovementsDevices
HotwordImproves “OK Google” and music detectionPixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL
BootloaderFixes an issue for some devices getting stuck during bootPixel 3, Pixel 3 XL
BootloaderFixes an issue for some devices getting stuck in EDL mode with a blank screenPixel 3, Pixel 3, XL, Pixel 3a, Pixel 3a XL
UIImproves Unicode Japanese language supportPixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL
PerformanceImproves Titan M modulePixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL

The OTA files and factory images for the Pixel devices can be found at the links below. Find the Android security files for your device and click “Link” to start the download. To flash the update manually without losing all of your data, follow the steps outlined in this tutorial. The OTA Android security update for the Essential Phone has just started rolling out.

DeviceFactory ImageOTA Files
Pixel 3a XLLinkLink
Pixel 3aLinkLink
Pixel 3 XLLinkLink
Pixel 3LinkLink
Pixel 2 XLLinkLink
Pixel 2LinkLink
Pixel XLLinkLink
Essential PH-1N/ALink

Android Security Bulletin | Pixel Update Bulletin


Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.


New Android bug targets banking apps on Google Play store




Labeled “StrandHogg,” the vulnerability discovered by the mobile security vendor Promon could give hackers access to users’ photos, contacts, phone logs, and more.

Android apps in Google’s Play Store have frequently been the target of malware designed to infect mobile devices and steal personal information from users. 

Google is then put in the position of playing clean up to remove the malicious apps and then repeating the process the next time such fraudulent apps appear. 

The latest malware vulnerability is one that affects all Android devices by targeting banking apps in an attempt to compromise user data and gain access to financial accounts.

Powerful trends are pushing the global community to develop more smart cities and invest in connected technologies, as the world population increases and more people move to urban environments. This ebook looks at smart city growth from several angles…eBooks provided by TechRepublic Premium

Discovered by Promon, the vulnerability dubbed StrandHogg allows malicious apps to pose as legitimate ones, giving hackers access to private SMS messages and photos, steal login credentials, track the movements of users, record phone conversations, and spy on people through the phone’s camera and microphone, according to a Promon press release posted on Monday.

Security researchers at Promon analyzing real malware that exploited this vulnerability discovered that all of the top 500 most popular apps had been at risk, affecting all versions of Android, including Android 10. As ranked by the app intelligence company 42 Matters, the list of 100 includes mostly popular and general apps across all types of categories

Specifically, Promon’s partner and security firm, Lookout, confirmed 36 malicious apps that exploited the flaw. Among them were variants of the BankBot banking trojan, which has been seen as early as 2017 and is one of the most widespread banking trojans around.

In response to Promon’s findings, Google has since removed the identified malicious apps from its Play store, according to a statement sent to BBC News and TechRepublic.

“We appreciate the researchers work, and have suspended the potentially harmful apps they identified,” Google said in its statement. “Google Play Protect detects and blocks malicious apps, including ones using this technique. Additionally, we’re continuing to investigate in order to improve Google Play Protect’s ability to protect users against similar issues.” 

In an overview page, Promon provided details on the StrandHogg vulnerability, explaining its impact and the different ways that hackers can exploit it.

As Promon describes it, StrandHogg allows a malicious app masquerading as a legitimate one to ask for certain permissions, including access to SMS messages, photos, GPS, and the microphone.

Unsuspecting users approve the requests, thinking they’re granting permission to a legitimate app and not one that’s fraudulent and malicious. When the user enters the login credentials within the app, that information is immediately sent to the attacker, who can then sign in and control sensitive apps.

The vulnerability itself lies in the multitasking system of Android, Promon’s marketing and communication director, Lars Lunde Birkeland, said. The exploit is based on an Android control setting called “taskAffinity,” which allows any app, including malicious ones, to freely assume any identity in the multitasking system, Birkeland said.

A specific malware sample analyzed by Promon was not on Google Play but was instead installed through dropper apps and hostile downloaders available on Google’s mobile app store, according to Promon. Such apps either have or pretend to have the features of games, utilities, and other popular apps but actually install additional apps that can deploy malware or steal user data.

“We have tangible proof that attackers are exploiting StrandHogg in order to steal confidential information,” Promon’s chief technology officer, Tom Lysemose Hansen, said in a statement on the overview page. “The potential impact of this could be unprecedented in terms of scale and the amount of damage caused because most apps are vulnerable by default and all Android versions are affected.”

Though Google removed the 36 exploited apps, Birkeland said that to the best of Promon’s knowledge, the vulnerability itself has not been fixed in any version of Android, including Android 10. Google also tries to safeguard its app store through its Google Play Protect security suite, but dropper apps continue to appear on the store. Often slipping under the radar, these apps can be downloaded millions of times before they’re caught and removed.

“Google Play is usually considered a safe haven for downloading software,” Birkeland said. “Unfortunately, nothing is 100% safe, and from time to time malware distributors manage to sneak their apps into Google Play.”

Sam Bakken, a senior product marketing manager with the anti-fraud company OneSpan, also weighed in on the threat posed by such vulnerabilities as StrandHogg.

“As you might imagine, criminals salivate over the monetization potential in stolen mobile banking credentials and access to one-time-passwords sent via SMS,” Bakken said in a statement. 

“Promon’s recent findings make the vulnerability as severe as it’s ever been. Consumers and app developers alike were exposed to various types of fraud as a result for four year,” he continued. “In addition, now, at least 36 examples of malware attacking the vulnerability as far back as 2017 have been identified—some being variants of the notorious Bankbot Trojan. This goes to show you that attackers are aware of the vulnerability and actively exploiting it to steal banking credentials and money.”


Continue Reading


How to move Google Authenticator to your new phone for added security




You can move Google Authenticator to a new phone so that your new device can gain an additional level of security through two-step authentication.

Unlike the traditional method of using only a single password, two-step authentication provides greater security for your accounts by requiring two steps to log into your Google apps.

Google Authenticator is an app that assists in two-step authentication for your Google account, and allows you to use your phone as a second step in confirming your identity before accessing your account.

If you’ve used Google Authenticator before and recently got a new phone, you’ll need to move the Google Authenticator app to your new phone so that it can be used for two-step authentication. Follow the steps below to do so.

How to move Google Authenticator to your new phone

1. On your new Android or iPhone , download and install the Google Authenticator app.

How to move Google Authenticator to new phoneChrissy Montelli/Business Insider

2. Using a PC or Mac , open Google’s webpage for two-step authentication and log in. When it becomes an option, click on “Move to a different phone.”

3. Click on either “Android” or “iPhone” based on what kind of phone you are using, then click “Continue.” The next screen should show a barcode or QR code.

4. Open the Google Authenticator app on your new phone and follow the on-screen instructions. When you are prompted, tap on “Scan a barcode,” and scan the barcode/QR code shown on your computer screen.

How to move Google Authenticator to new phoneChrissy Montelli/Business Insider

5. After you scan the barcode, a six-digit code should appear on the Google Authenticator app. This code changes every few minutes for security purposes. Type the code into the corresponding field on your computer and click “Verify.”

How to move Google Authenticator to new phoneChrissy Montelli/Business Insider

Google Authenticator should now be set up on your new phone, enabling you to use it for two-step account verification.


Continue Reading


Advancing the checkpoint environment




The Transportation Security Administration (TSA) continues to experience record breaking travel volume, and as passenger loads continue to grow, TSA continuously seeks to improve security. Here, Austin Gould, TSA’s Assistant Administrator for Requirements and Capabilities Analysis, discusses how the organisation is looking for innovative ways to address the evolving transportation challenges of today – and prepare for the challenges of tomorrow.


WITH THE threat to aviation constantly evolving, TSA is focused on developing the next generation of state-of-the-art security technology, which will be used to revolutionise the way airports operate.

Computed Tomography (CT)

CT is the latest checkpoint X-ray scanning equipment to enhance threat detection capabilities for carry-on baggage. The technology is similar to CT technology used in the medical field and research shows that CT is the most consequential technology available today for airport checkpoints. CT technology applies sophisticated algorithms for the detection of explosives and other threats by creating a 3D image that can be viewed and rotated 360 degrees for a thorough analysis. If a bag requires further screening, TSA officers will inspect it to ensure there are no prohibited items inside.


With the rising use of biometrics for identity verification, TSA is evaluating the operational and security impacts of using passengers’ biometrics to verify their identities. Using biometrics will modernise aviation passenger identity verification over the coming years. TSA is actively evaluating facial recognition technology to automate the identity and boarding pass verification process. Facial recognition technology is currently being piloted at Hartsfield-Jackson Atlanta International Airport in conjunction with U.S. Customs and Border Protection.

Automated screening lanes (ASLs)

ASLs enhance security efficiency while decreasing the amount of time travellers spend during the security screening process. The ASLs are designed to improve the screening of passengers by automating many of the functions that were previously performed manually. The advanced screening system allows passengers to move faster and more efficiently through the security checkpoints. The automated conveyor belts draw bins into the X-ray machines and return the bins back to the front of the queue for passengers. Radio Frequency Identification (RFID) tags attached to each bin allow for additional accountability of a passenger’s items as they transit throughout the security process. Cameras capture photographic images of the contents of each bin, which are linked side-by-side to the X-ray image of a bag’s contents. Carry-on bags that trigger an alarm warning of a potential threat are automatically redirected to a separate area to allow bins behind them to continue through the screening process uninterrupted.

Enhanced advanced imaging technology (eAIT)

eAIT is a millimetre wave checkpoint passenger screening technology with enhanced detection capabilities that improve security and may help ease passenger experience. The AIT system has several benefits, but most noticeable to passengers is the relaxed stance, which means that instead of holding their arms over their heads, they can keep them down and close to their sides. The actual scan takes less than a second, and the addition of two screening stations allows those who need additional screening to move to a separate area until they are cleared by a TSA officer.

Credential authentication technology (CAT)

CAT units scan a passenger’s photo identification to verify the authenticity of the document. The system uses information from the photo identification to confirm a passenger’s flight status by cross-referencing it against the Secure Flight database. CAT enhances security by effectively verifying passenger identification to determine whether the documents presented at the checkpoint are authentic, fraudulent or expired, verifying the passenger’s Secure Flight vetting status in near real time. When CAT is in use, the TSA officer will not request the passenger’s boarding pass unless the system is not able to access the individual’s boarding information.

Innovation Task Force (ITF)

As TSA continues to raise the baseline for aviation security, we look to organisations who will help to advance capabilities, introduce new ways of thinking and bring creative solutions to travel challenges. TSA’s ITF was created to bring together key stakeholders to identify and demonstrate emerging technology solutions. ITF demonstrations allow vendors to test their solutions in a live environment, capture operational data and then refine their solution for potential future engagement with TSA.

Advancing the checkpoint environment (ACE)

ACE is a new, live checkpoint environment at LAS that serves as a ‘green space’ to assess multiple process and technology enhancements to the checkpoint environment. ACE enables ITF to test an entire network of unique capabilities at the same time without interrupting airport operations, and to assess the impact of innovative solutions on the ecosystem holistically, to ultimately inform requirements for future screening environments across TSA.

In partnership with McCarran International Airport as an ITF demonstration site, TSA can utilise a new checkpoint in Terminal 3 for assessment purposes as an ‘Innovation Checkpoint.’ This will showcase unique opportunities to modify and define the future aviation security process – beginning with ACE.

The ACE mission is to provide an environment that allows for the concurrent assessment of new technology and processes, enabling data-driven decision making.

ACE will accelerate learning, refine capabilities and gather requirements to better position TSA to make security decisions. ITF will share data with vendors to enable continuous refinement of their capabilities and share lessons learned to directly inform requirements generation for capabilities of interest to TSA.

ITF will also leverage the ACE checkpoint environment to assess strategies and process improvements to enhance the TSA officer experience.

Protecting the future

TSA is building a culture of innovation that anticipates and rapidly counters the changing threats across the transportation system. By establishing and promoting mechanisms to foster continuous improvement, TSA is positioned to best anticipate and counter the evolving threat to aviation. 


Continue Reading


%d bloggers like this: