Microsoft is continuing to roll out new Windows 10 20H1 test builds with incremental new features regularly. On July 10, the company delivered Windows 10 Build 18936 to 20H1 testers in the Fast Ring.
Today’s test build adds a new “Make your device passwordless” sign-in option in Settings. By going to Settings > Accounts > Sign-in options and turning on the passwordless option, users will switch all Microsoft accounts on that Windows 10 device to use Windows Hello Face, Fingerprint, or PIN only. As Microsoft notes in its post on today’s test build, this feature is rolling out to a “small portion” of Insiders and will go to more within a week.
Speaking of passwordless, Microsoft also made available today a public preview of FIDO2 security keys support in Azure Active Directory, which means users can try out the ability to deliver at scale FIDO2 security keys authenticating a user on a Windows 10 Azure Active Directory-joined device.
Today’s build also adds a new option to create a quick event from the Taskbar by clicking on the date in the taskbar. Users will see a calendar flyout so they can pick their desired date and set a time and location more quickly this way.
Microsoft also is expanding the availability of the phone screen feature in its Your Phone companion app to more PCs. This feature will be available on Surface Laptop and Laptop 2; Surface Pro 4, 5 and 6; Surface Book and Surface Book 2 starting with Build 18936.
Bluetooth Flaw Lets Hackers Track Windows, macOS and iOS Devices
Bluetooth is found in nearly every modern gadget, which is why a newly discovered flaw in the communication protocol should be taken very seriously.
As ZDNet first reported, David Starobinski and Johannes Becker of Boston University outlined in a research paper how smartphones, laptops and wearables can be tracked through an exploit in Bluetooth technology.
According to the document, there is a flaw in the constantly changing, randomized MAC addresses that are designed to keep Bluetooth devices safe from tracking. This security approach could play into the hand of a bad actor, allowing them not only to track a device but also to gain information about its identity as well as user activity.
“The address-carryover algorithm exploits the asynchronous nature of address and payload change, and uses unchanged identifying tokens in the payload to trace a new incoming random address back to a known device,” the paper reads. “In doing so, the address-carryover algorithm neutralizes the goal of anonymity in broadcasting channels intended by frequent address randomization.”
Perhaps most frightening is that this algorithm doesn’t do any decrypting and is based completely on public, unencrypted advertising traffic, according to the paper. Also concerning is that the exploit was tested on the Bluetooth low-energy (BLE) specification, which is found in the latest Bluetooth 5 standard.
The exploit supposedly works on Windows 10, iOS and macOS devices, which includes iPhones, Surface devices and MacBooks. Android devices advertise their traffic in a completely different way (by scanning for nearby advertising; there is no active, continuous tracking) and are immune to the vulnerability.
Researchers who discovered the Bluetooth flaw listed several rules that could protect affected devices, the crux of which is to synchronize any changes to tracking information with changes to a device’s MAC address. Switching Bluetooth on and off on iOS and macOS devices (sorry Windows users, this won’t help you) is a temporary workaround, but it’s up to manufacturers to push out a more permanent solution. However, the Bluetooth exploit was first disclosed to Microsoft and Apple in November of 2018, suggesting it’s not a high priority to those companies.
“As Bluetooth adoption is projected to grow from 4.2 to 5.2 billion devices between 2019 and 2022, with over half a billion amongst them wearables and other data-focused connected devices, establishing tracking-resistant methods, especially on unencrypted communication channels, is of paramount importance,” the paper reads.
Although no known cases were cited, researchers warn that if the BLE vulnerability remains unchecked, adversaries could eventually combine purchase transactions, facial recognition and other sensitive info with tracking data to create a profile of an exposed user.
25 million Android devices hijacked by ‘Agent Smith’ malware
Agent Smith has taken over more than 25 million Android devices in newly found malware that is rampant
Some new information has come out of some security researchers, according to the researchers a new form of malware called ‘Agent Smith’ has hijacked over 25 million Android units. The security firm called Check Point has recently released a new press release that details the malware, saying that once the malware is installed it begins to look for common apps and replace them with malicious versions of them. The apps that are infected by Agent Smith begin to display crooked ads designed for financial manipulation and gain. According to Check Point’s Head of Mobile Threat Detection Research, Jonathan Shimonovich, “The malware attacks user-installed applications silently, making it challenging for common Android users to combat such threats on their own.” At the moment, most of the infected devices are located in India and surrounding counters, as the malware is distributed through 9Apps which as third-party app store that is popular within those countries. The origins of the malware have been linked back to China, and according to the security researchers the developers attempted to get some infected apps on the Google Play Store and actually successfully managed to get 11 apps on there. Since the discovery of Agent Smith, Google has removed these apps. Jonathan Shimonovich gave a statement on the malware, saying “This application was as malicious as they come. Combining advanced threat prevention and threat intelligence while adopting a ‘hygiene first’ approach to safeguard digital assets is the best protection against invasive mobile malware attacks like Agent Smith. In addition, users should only be downloading apps from trusted app stores to mitigate the risk of infection as third-party app stores often lack the security measures required to block adware loaded apps.”
July 2019 security patches are out for Google Pixel phones and Essential Phone
Today marks the first day of July and we are now already halfway through 2019. More importantly, a new month means it’s time for new Android security updates. The patches for this month have been released for the entire Pixel family and the trusty Essential Phone is following closely behind as usual.
There are a few important functional patches for the Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL, Pixel 2, and Pixel 2 XLthis month. Users should notice improved “OK Google” and music detection. The July Android security updates are also rolling out to the Google Pixel, Pixel XL, and Essential Phone. One device that has reached the end of its Android security cycle is the Pixel C, which received its last update in June.
July’s security patches are now available for Open Market customers. Check your Essential Phone for the latest pic.twitter.com/hc9WxrtFd8
— Essential (@essential) July 1, 2019
|Pixel July 2019 Improvements||Devices|
|Hotword||Improves “OK Google” and music detection||Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL|
|Bootloader||Fixes an issue for some devices getting stuck during boot||Pixel 3, Pixel 3 XL|
|Bootloader||Fixes an issue for some devices getting stuck in EDL mode with a blank screen||Pixel 3, Pixel 3, XL, Pixel 3a, Pixel 3a XL|
|UI||Improves Unicode Japanese language support||Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL|
|Performance||Improves Titan M module||Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL|
The OTA files and factory images for the Pixel devices can be found at the links below. Find the Android security files for your device and click “Link” to start the download. To flash the update manually without losing all of your data, follow the steps outlined in this tutorial. The OTA Android security update for the Essential Phone has just started rolling out.
|Device||Factory Image||OTA Files|
|Pixel 3a XL||Link||Link|
|Pixel 3 XL||Link||Link|
|Pixel 2 XL||Link||Link|
Samsung harps on picture quality, smart apps in new OLED TV
What Apple’s products could look like without Jony Ive leading design
For World Emoji Day, the Unicode Consortium redesigns its site to be more user-friendly
Instagram will now hide likes in 6 more countries
Twitter launches the ‘Hide Replies’ feature, in hopes of civilizing conversations
How Apple factory workers steal pieces of new iPhones — and sometimes get away
Microsoft wows Inspire crowd with language-translating HoloLens hologram
Microsoft is starting to force-update Windows 10 machines from version 1803 to 1903
iOS 13 and iPadOS 13 developer beta 4 are now available to download
Jeff Bezos: I spend my billions on space because we’re destroying Earth
Z10 Tips, Tricks and Shortcuts
FACEBOOK UNVEILS ANONYMOUS LOGIN
Mujjo reveals exclusive full-grain leather cases for the Galaxy S8/S8+, and they come with style
5 COMMON MISTAKES TO AVOID WHEN CHOOSING A WEB HOSTING SERVICE
THE ‘BRUSHED ONYX’ DELL XPS 15 2-IN-1 (9575) IS A MONOLITHIC BEAUTY WORTH THE EXTRA $50
SAMSUNG GALAXY NOTE 9: EVERYTHING YOU NEED TO KNOW ABOUT SAMSUNG’S LATEST PHONE
WANT TO MAKE LINUX MINT LOOK LIKE A MAC? THIS THEME CAN HELP
ISACA INSTALLS 2018-2019 BOARD OF DIRECTORS
3 HUGE WAYS ANDROID’S GESTURE NAVIGATION JUST GOT BETTER
THIS HANDMADE TESLA GUN IS SHOCKINGLY COOL
6 Stunning new co-working spaces around the globe
3 Ways to make your business presentation more relatable
5 Crowdfunded products that actually delivered on the hype
Startup adds beds and Wi-Fi to buses to turn them into ‘moving hotels’
The 9 worst mistakes you can ever make at work
15 Habits that could be hurting your business relationships
- Security1 week ago
25 million Android devices hijacked by ‘Agent Smith’ malware
- Research1 week ago
Samsung rolls out beta version of ethereum blockchain development kit
- The Motivator1 week ago
Instant camera translation in Google Translate is getting a lot better
- The Future1 week ago
Samsung Galaxy Note 10+ design confirmed via FCC photos
- Internet1 week ago
Twitter will let you pin your favorite lists in its app
- Tech News1 week ago
Google shuts down Nest app for Apple Watch and Wear OS
- Systems1 week ago
Hands-on with the new Apple MacBook Air and MacBook Pro
- Tech News1 week ago
Huawei looking to Russia for technology to cut reliance on US tech