Connect with us

Security

July 2019 security patches are out for Google Pixel phones and Essential Phone

Published

on

Today marks the first day of July and we are now already halfway through 2019. More importantly, a new month means it’s time for new Android security updates. The patches for this month have been released for the entire Pixel family and the trusty Essential Phone is following closely behind as usual.

There are a few important functional patches for the Pixel 3Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 2, and Pixel 2 XLthis month. Users should notice improved “OK Google” and music detection. The July Android security updates are also rolling out to the Google PixelPixel XL, and Essential Phone. One device that has reached the end of its Android security cycle is the Pixel C, which received its last update in June.

July’s security patches are now available for Open Market customers. Check your Essential Phone for the latest pic.twitter.com/hc9WxrtFd8

— Essential (@essential) July 1, 2019

Pixel July 2019 ImprovementsDevices
HotwordImproves “OK Google” and music detectionPixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL
BootloaderFixes an issue for some devices getting stuck during bootPixel 3, Pixel 3 XL
BootloaderFixes an issue for some devices getting stuck in EDL mode with a blank screenPixel 3, Pixel 3, XL, Pixel 3a, Pixel 3a XL
UIImproves Unicode Japanese language supportPixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL
PerformanceImproves Titan M modulePixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL

The OTA files and factory images for the Pixel devices can be found at the links below. Find the Android security files for your device and click “Link” to start the download. To flash the update manually without losing all of your data, follow the steps outlined in this tutorial. The OTA Android security update for the Essential Phone has just started rolling out.

DeviceFactory ImageOTA Files
Pixel 3a XLLinkLink
Pixel 3aLinkLink
Pixel 3 XLLinkLink
Pixel 3LinkLink
Pixel 2 XLLinkLink
Pixel 2LinkLink
Pixel XLLinkLink
PixelLinkLink
Essential PH-1N/ALink

Android Security Bulletin | Pixel Update Bulletin

Source: https://www.xda-developers.com/july-2019-security-patches-are-out-for-google-pixel-phones-and-essential-phone/

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Security

Bluetooth Flaw Lets Hackers Track Windows, macOS and iOS Devices

Published

on

By

Bluetooth is found in nearly every modern gadget, which is why a newly discovered flaw in the communication protocol should be taken very seriously.

As ZDNet first reported, David Starobinski and Johannes Becker of Boston University outlined in a research paper how smartphones, laptops and wearables can be tracked through an exploit in Bluetooth technology.

According to the document, there is a flaw in the constantly changing, randomized MAC addresses that are designed to keep Bluetooth devices safe from tracking. This security approach could play into the hand of a bad actor, allowing them not only to track a device but also to gain information about its identity as well as user activity.

“The address-carryover algorithm exploits the asynchronous nature of address and payload change, and uses unchanged identifying tokens in the payload to trace a new incoming random address back to a known device,” the paper reads. “In doing so, the address-carryover algorithm neutralizes the goal of anonymity in broadcasting channels intended by frequent address randomization.”

Perhaps most frightening is that this algorithm doesn’t do any decrypting and is based completely on public, unencrypted advertising traffic, according to the paper. Also concerning is that the exploit was tested on the Bluetooth low-energy (BLE) specification, which is found in the latest Bluetooth 5 standard.

The exploit supposedly works on Windows 10, iOS and macOS devices, which includes iPhones, Surface devices and MacBooks. Android devices advertise their traffic in a completely different way (by scanning for nearby advertising; there is no active, continuous tracking) and are immune to the vulnerability.

Researchers who discovered the Bluetooth flaw listed several rules that could protect affected devices, the crux of which is to synchronize any changes to tracking information with changes to a device’s MAC address. Switching Bluetooth on and off on iOS and macOS devices (sorry Windows users, this won’t help you) is a temporary workaround, but it’s up to manufacturers to push out a more permanent solution. However, the Bluetooth exploit was first disclosed to Microsoft and Apple in November of 2018, suggesting it’s not a high priority to those companies. 

“As Bluetooth adoption is projected to grow from 4.2 to 5.2 billion devices between 2019 and 2022, with over half a billion amongst them wearables and other data-focused connected devices, establishing tracking-resistant methods, especially on unencrypted communication channels, is of paramount importance,” the paper reads.

Although no known cases were cited, researchers warn that if the BLE vulnerability remains unchecked, adversaries could eventually combine purchase transactions, facial recognition and other sensitive info with tracking data to create a profile of an exposed user. 

Source: https://www.tomsguide.com/news/bluetooth-flaw-lets-hackers-track-windows-macos-and-ios-devices

Continue Reading

Security

25 million Android devices hijacked by ‘Agent Smith’ malware

Published

on

By

Agent Smith has taken over more than 25 million Android devices in newly found malware that is rampant

Some new information has come out of some security researchers, according to the researchers a new form of malware called ‘Agent Smith’ has hijacked over 25 million Android units.     The security firm called Check Point has recently released a new press release that details the malware, saying that once the malware is installed it begins to look for common apps and replace them with malicious versions of them. The apps that are infected by Agent Smith begin to display crooked ads designed for financial manipulation and gain.   According to Check Point’s Head of Mobile Threat Detection Research, Jonathan Shimonovich, “The malware attacks user-installed applications silently, making it challenging for common Android users to combat such threats on their own.” At the moment, most of the infected devices are located in India and surrounding counters, as the malware is distributed through 9Apps which as third-party app store that is popular within those countries.     The origins of the malware have been linked back to China, and according to the security researchers the developers attempted to get some infected apps on the Google Play Store and actually successfully managed to get 11 apps on there. Since the discovery of Agent Smith, Google has removed these apps.   Jonathan Shimonovich gave a statement on the malware, saying “This application was as malicious as they come. Combining advanced threat prevention and threat intelligence while adopting a ‘hygiene first’ approach to safeguard digital assets is the best protection against invasive mobile malware attacks like Agent Smith. In addition, users should only be downloading apps from trusted app stores to mitigate the risk of infection as third-party app stores often lack the security measures required to block adware loaded apps.”

Read more: https://www.tweaktown.com/news/66572/25-million-android-devices-hijacked-agent-smith-malware/index.html

Continue Reading

Security

Microsoft adds new ‘passwordless’ sign-in option with latest Windows 10 20H1 test build

Published

on

By

Microsoft is continuing to roll out new Windows 10 20H1 test builds with incremental new features regularly. On July 10, the company delivered Windows 10 Build 18936 to 20H1 testers in the Fast Ring

Today’s test build adds a new “Make your device passwordless” sign-in option in Settings. By going to Settings > Accounts > Sign-in options and turning on the passwordless option, users will switch all Microsoft accounts on that Windows 10 device to use Windows Hello Face, Fingerprint, or PIN only. As Microsoft notes in its post on today’s test build, this feature is rolling out to a “small portion” of Insiders and will go to more within a week. 

Speaking of passwordless, Microsoft also made available today a public preview of FIDO2 security keys support in Azure Active Directory, which means users can try out the ability to deliver at scale FIDO2 security keys authenticating a user on a Windows 10 Azure Active Directory-joined device.  

Today’s build also adds a new option to create a quick event from the Taskbar by clicking on the date in the taskbar. Users will see a calendar flyout so they can pick their desired date and set a time and location more quickly this way. 

Microsoft also is expanding the availability of the phone screen feature in its Your Phone companion app to more PCs. This feature will be available on Surface Laptop and Laptop 2; Surface Pro 4, 5 and 6; Surface Book and Surface Book 2 starting with Build 18936. 

Source: https://www.zdnet.com/article/microsoft-adds-new-passwordless-sign-in-option-with-latest-windows-10-20h1-test-build/

Continue Reading
Advertisement

Trending

%d bloggers like this: