Connect with us

Security

July 2019 security patches are out for Google Pixel phones and Essential Phone

Published

on

Today marks the first day of July and we are now already halfway through 2019. More importantly, a new month means it’s time for new Android security updates. The patches for this month have been released for the entire Pixel family and the trusty Essential Phone is following closely behind as usual.

There are a few important functional patches for the Pixel 3Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 2, and Pixel 2 XLthis month. Users should notice improved “OK Google” and music detection. The July Android security updates are also rolling out to the Google PixelPixel XL, and Essential Phone. One device that has reached the end of its Android security cycle is the Pixel C, which received its last update in June.

July’s security patches are now available for Open Market customers. Check your Essential Phone for the latest pic.twitter.com/hc9WxrtFd8

— Essential (@essential) July 1, 2019

Pixel July 2019 ImprovementsDevices
HotwordImproves “OK Google” and music detectionPixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL
BootloaderFixes an issue for some devices getting stuck during bootPixel 3, Pixel 3 XL
BootloaderFixes an issue for some devices getting stuck in EDL mode with a blank screenPixel 3, Pixel 3, XL, Pixel 3a, Pixel 3a XL
UIImproves Unicode Japanese language supportPixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL
PerformanceImproves Titan M modulePixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL

The OTA files and factory images for the Pixel devices can be found at the links below. Find the Android security files for your device and click “Link” to start the download. To flash the update manually without losing all of your data, follow the steps outlined in this tutorial. The OTA Android security update for the Essential Phone has just started rolling out.

DeviceFactory ImageOTA Files
Pixel 3a XLLinkLink
Pixel 3aLinkLink
Pixel 3 XLLinkLink
Pixel 3LinkLink
Pixel 2 XLLinkLink
Pixel 2LinkLink
Pixel XLLinkLink
PixelLinkLink
Essential PH-1N/ALink

Android Security Bulletin | Pixel Update Bulletin

Source: https://www.xda-developers.com/july-2019-security-patches-are-out-for-google-pixel-phones-and-essential-phone/

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Security

Samsung: Anyone’s thumbprint can unlock Galaxy S10 phone

Published

on

By

A flaw that means any fingerprint can unlock a Galaxy S10 phone has been acknowledged by Samsung. It promised a software patch that would fix the problem.

The issue was spotted by a British woman whose husband was able to unlock her phone with his thumbprint just by adding a cheap screen protector.

When the S10 was launched, in March, Samsung described the fingerprint authentication system as “revolutionary”.

Air gap

The scanner sends ultrasounds to detect 3D ridges of fingerprints in order to recognise users.

Samsung said it was “aware of the case of S10’s malfunctioning fingerprint recognition and will soon issue a software patch”.

South Korea’s online-only KaKao Bank told customers to switch off the fingerprint-recognition option to log in to its services until the issue was fixed.

Previous reports suggested some screen protectors were incompatible with Samsung’s reader because they left a small air gap that interfered with the scanning.

Thumb print

The British couple who discovered the security issue told the Sun newspaper it was a “real concern”.

After buying a £2.70 gel screen protector on eBay, Lisa Neilson found her left thumbprint, which was not registered, could unlock the phone.

She then asked her husband to try and both his thumbs also unlocked it.

And when the screen protector was added to another relative’s phone, the same thing happened.

Source: https://www.bbc.com/news/technology-50080586

Continue Reading

Security

Without Naming Huawei, E.U. Warns Against 5G Firms From ‘Hostile’ Powers

Published

on

By

A 5G supplier from a “hostile” country could be forced by its home government to wreak havoc by causing cyberattacks, a European Union report warned on Wednesday, but the bloc stopped short of naming the Chinese giant Huawei, which the United States blacklisted after the White House labeled it a tool for espionage by Beijing.

The advisory report, drafted with input from all 28 European Union members, laid out the types of major security failures that 5G networks could be vulnerable to.

It said that putting all functions of a 5G network — including hardware and software, operations and maintenance — in the hands of a single company could leave entire countries at risk.

In May, the United States Commerce Department put Huawei on a so-called entity list of firms that need special permission to buy American components and technology because they have been deemed security threats.

President Trump has called on the European Union to follow his lead in barring the company from its market.

The European Union report, intended to provide advice to member states, said a “strong link” between a 5G technology supplier and a government “where there are no legislative or democratic checks and balances in place” could prove a major source of vulnerability.

The language appears to point to Huawei. The company has vehemently denied all allegations of being under the control of the Chinese government, stressing that it is owned by its employees and that only about 1 percent of the company is held by its founder.

In a statement that brushed aside any implied criticism, Huawei said it welcomed the report and would “work with European partners” to develop a cybersecurity framework “and deliver safe and fast connectivity for Europe’s future needs.”

The idea behind 5G, a major leap from the 3G and 4G telecommunications technology used currently, is that it will become ubiquitous, connecting almost everything, from defense systems to domestic devices like refrigerators and coffee machines, to an ultrafast wireless network.

Huawei is thought to be ahead of other 5G equipment providers around the world, including European Union companies such as Ericsson and Nokia, in being able to install networks. Also, it has traditionally been a cheaper provider of technology.

Mr. Trump and other critics contend that a 2017 Chinese law could be used to force Huawei to hack its customers through preinstalled “back doors” into the network’s software, on behalf of Beijing.

The European report sounded some related concerns. “In particular, as 5G networks will be largely based on software, major security flaws, such as those deriving from poor software development processes within equipment suppliers, could make it easier for actors to maliciously insert intentional back doors into products and make them also harder to detect,” it found.

Abraham Liu, Huawei’s vice president for Europe, has said his company does not and will not use back doors to spy on customers.

“In the past, we have never planted any back door, and we are committed not to do anything like this, forced by any government, including U.S. government, Chinese government or any other government. We are committed to this,” he said in a recent interview.

The report presented on Wednesday could pave the way for the European Commission, the executive arm of the European Union, to recommend that its member states take additional security measures when procuring 5G networks.

The commission is expected to publish a “toolbox” of measures that countries can take to mitigate the risks, but it can’t force them to comply. Officials hope that by publicizing the risks and proposing ways to address them, countries that take a lax approach to security will be pushed into action by their citizens.

But when it comes to Huawei, neither the European Commission nor the majority of national cybersecurity agencies in member states have shown much interest in complying with Mr. Trump’s demand that they bar it.

In part, this is down to practical concerns.

No single company, experts say, will be able to handle all the demand for 5G work once network operators begin making the transition. Therefore, unless Huawei is barred from the European Union or by individual countries, it will most likely play some part in the Continent’s 5G future.

And in Europe, Huawei already has a deep and long presence in countries like Britain and Germany, which other nations look to for expertise and guidance.

A Nokia spokesman said that “it is vital that all parties commit to the highest levels of security and resilience of 5G networks, and realize that 5G will only deliver on its promise if the networks that underpin it are and remain secure.”

“There can be no exceptions,” he added.

Source: https://www.nytimes.com/2019/10/09/world/europe/eu-huawei-report.html

Continue Reading

Security

Using Cyber Security As A Competitive Advantage

Published

on

By

Do you always wonder why your information technology person drones on and on about cybersecurity while you’re just hoping they don’t notice your eyes starting to glaze over?

As the president of an IT firm, I’ve witnessed this firsthand. But don’t worry, I’ve developed a breakdown of what leaders need to know when it comes to cybersecurity and how you can use it as a real competitive advantage:

Productivity: Many small-business owners, in my experience, envision cybersecurity as “nice to have” in comparison to a must. But cybersecurity should be thought of as a form of business continuity. This gives you the upper-hand when it comes to production. Prepare for hackers with fail-safes, like image-based backups, to set your company up for disaster recovery and misbehaving employees.

Public relations: Not having a real cybersecurity framework can also turn into a PR business killer. Let’s look at this through the eyes of a small-business-level company: Think about how others would perceive your lack of care for their data. To use your cybersecurity as a competitive advantage when it comes to public relations, show your clients how seriously you take the security of their data. And if your competitors’ clients start leaving because of a breach on their end, you will be ready for them.

Gaining and retaining employees: Cybersecurity can help you lock down your most important information not only from evil-doers but also from competitors. For example, if a salesperson leaves your organization and joins a competitor’s, they might try to take your company’s intellectual property along with them. To avoid this, you can implement IT policies, software and configurations. Even if you try to enforce a non-disclosure agreement, having these types of components in place can help supply proof if (or when) malicious activity has occurred.

Getting Started With A Base Framework

As a business leader, it is your responsibility to think about the future, but cybersecurity is changing faster than summer blowing through Chicago. The question has become, “How do you stay ahead of the next wave?” I recommend you start with a base framework.

Start by shoring up the protection for your edge, email and endpoints. When someone wants to add something malicious to your system, they are generally coming in through one of those ways. Ask your IT provider what they are doing to protect each of those areas.

To make their answers a little more palpable, there are a few things you can ask about specifically. For the edge, for example, you might ask about next-generation firewalls or universal threat management devices. And for your endpoints, you can ask for solutions beyond just antivirus software, such as deep learning.

With email, you want tools in place that allow for spam filtering and click protection. Even more importantly, inquire about training for your users. Corporate-sponsored or internal phishing attacks are one example. These attacks allow your company to test its users’ ability to spot a phishing email without being really attacked.

After you have your ports of entry secure, you should also have a business continuity and disaster recovery plan in place. It’s imperative for every business to have the ability to reverse time (at least in regards to its data). If you don’t have a way to turn back the clock on your entire system quickly and easily, you are just asking to burn money.

To ensure you are not in the burning-money category, consider using an image-based backup that takes hourly snapshots of your system and backs up in two completely separate locations with a different operating system than the one you use every day. A number of companies, my own included, provide this type of service. Viruses spread using the same operating system, so having a different one back up your system is another layer of protection. The devil is in the details, and the details are your people’s time. A backup as described can have you up and working in an hour, whereas a traditional backup would take you at least a week to get your people working again.

Preparing For Challenges Along The Way

However, there are challenges to consider when you implement cybersecurity systems into your company. For example, does your system adhere to compliance laws? Your business might not be under any compliance laws yet, but I believe it’s only a matter of time until it will be.

The General Data Protection Regulation from the EU has already caused a stir in the U.S. In fact, Arizona has already adopted a similar compliance law, and California’s consumer privacy act will go into effect in January 2020, according to CNBC. Considering Arizona’s law includes fines up to $500,000, it could be wise to get out in front of these changes to the law.

Doing so allows you to become the receptacle for all the clients who no longer have a provider because your competitors have been fined to death. Start looking at the National Insititute of Standards and Technology Cybersecurity Framework as your advance cybersecurity framework. Compliancy laws will model themselves after this. This standard defines how to protect the access to your data at rest and in motion.

Final Thoughts

A company’s competitive advantage comes from realizing the time gained for its employees in comparison to the capital investment in cybersecurity. This lines ups with one of my favorite old adages, “An ounce of prevention beats a pound of cure.” The companies I have seen be successful in this area know cybersecurity is not a “nice to have” but as a must.

Additionally, when budgeting IT infrastructure and cybersecurity, they should be seen as two separate line items. It is true they work together for your business, but IT infrastructure is for operating and cybersecurity is for protecting. They have completely different goals like gas and brake pedals.

Source: https://www.forbes.com/sites/forbesbusinesscouncil/2019/10/09/using-cyber-security-as-a-competitive-advantage/#6559ad827ff7

Continue Reading
Advertisement

Trending

%d bloggers like this: