Chrome for Android vulnerability Discovered by Researcher

Chinese Researcher Discovered Susceptibilities in Android Operating System

Google, over the past few months had been busy crushing security susceptibilities in its prevalent Android mobile operating system, though several tends to remain undiscovered and some could be easily misused. Guang Gong, a Chinese researcher from Qihoo 360, demonstrated at MobilPwn2Own at the PacSec conference in Tokyo on how an Android device running the latest version of the operating system could be hijacked by exploiting JavaScript v8 vulnerability through Chrome browser.

 Gong observed JavaScript v8 susceptibility in Chrome for Android enabled him to install a random application on the affected device, a BMX Bike game in this case, without the need of user interaction. Dragos Ruiu, PacSec organizer had explained in a Google+ post. V8 is Google’s open source JavaScript engine and V8 is written in C++, used in Google Chrome which is the open source browser from Google.

Google security engineer on site had received the bug. Spotpedia had informed that `a Google engineer instantly got in touch with Gong after his presentation and rumours were on that the Chrome team had already got it fixed. Gong had commented on 9to5Google that the exploit was created by someone whose job was to find vulnerabilities and not a hacker with malicious intentions.

Vulnerability in JavaScript Engine in Chrome

As long as Chrome is utilised in navigating to a malicious site an attacker has set up, the device could be infected.This was demonstrated on a Google Project Fi Nexus 6 operating the latest Android 6.0 Marshmallow build with all applications updated. The vulnerability was also demonstrated by the researcher which could provide an attacker with total control of the device and success of the exploitation does not need chaining in multiple susceptibilities.

Ruiu informs that this particular shot exploit had been exposed after three months of work, though the exact details on the security flaw had not been publicly known. The exploit had been tested on other devices too and worked on all of them, according to Ruiu.Considering that the vulnerability is in the JavaScript engine in Chrome, it is said to affect the entire Android version with the new version of the browser which is installed. Ruiu had announced through Twitter that the details on the vulnerability had been handed over to Chrome engineer at the conference.

Series of Critical Android Vulnerabilities Observed

However, unfortunately for Gong, his presentation at the conference did not gain him an immediate reward for his efforts though probably Google would reward him for the discovery of the vulnerability, since the company has a bug bounty program set up for Chrome and Chrome OS. According to The Register, Ruiu would fly Gong to the CanSecWest security conference next year.

Google would most probably handle this vulnerability soon, even though the details on the exploit have not been made public so far. A series of critical Android vulnerabilities have been discovered by security researchers this year comprising of the Stagefright flaw which has affected almost a billion devices and a Stagefright2issue alleged to have affected devices running all Android version, began with the initial release.

Zano Mini-Drone Project Shut Down by Torquing

Zano Mini-Drone Shut Down

The Zano mini-drone project, one of Europe’s most successful Kickstarter has been shut down by the company. Torquing Group had released a report to supporters of the project stating that it had decided to pursue a `creditors’ voluntary liquidation. The said project is said to be in distress inspite of raising over £2m. According to a message sent by Torquing, the creditors would be contacted by abankruptcyexpert.

The message states that on exploring all options known and after seeking professional advice, they have made the difficult decision to pursue a creditor’s voluntary liquidation. They have been greatly disappointed with the result of the Zano project and would like to take the opportunity of thanking all who supported them during the difficult period, particularly the loyal employees, whose commitment had exceeded all expectations.

Thousands of individuals who had invested in the project through Kickstarter would not be receiving the device for which they had paid to support.According to a comment left on a Zano forum, Ivan Reedman, chief executive of Torquing had resigned recently owing to personal health issues and conflicting differences. This was followed by another hitch in June when Torquing had missed a deadline in distributing drones to supporters waiting for the product.

Europe’s Most Successful Kickstarter Campaign Collapse

Zano drones were in production already and were created to be controlled through a smartphone app. Moreover, the device would also be capable of following users as they moved around outdoors but the function was not working completely when BBC had visited Torquing in August.

One of the supporters had informed BBC that he had invested around £164 in November 2014, in Zano and till a few weeks ago they had been receiving emails stating that the first 7,000 Zanos were almost ready to be dispatched.

He further commented that it was unfortunate to see Europe’s most successful Kickstarter campaign collapse so dramatically, especially when it was nearing shipping. Sandro Ruch another supporter informed that he had invested a couple of hundred dollars and was disappointed with Torquing’s communication with supporters of the project in recent months. He informed BBC that it was the main thing and the main point which was upsetting was that it was a question of investor expectation management.

Social Networks – New Met with Dismay by Supporters

The news was met with dismay by the supporters on social networks and one supporter had written on the Zano Facebook page that he wanted his money back. User on the Kickstarter page for the project had added that being furious seems to be an understatement.

 It was expected to arrive in June and it is now almost six months later that the decision has come up. In one of the statement, Kickstarter had stated that creators on Kickstarter have a remarkable track record though there are no guarantees that a project would work out.

If a developer is unable to complete a project as pledged, their contract with supporters need them to bring the project to the best possible conclusion as mentioned in the Terms of Use. Torquing refrained from responding to request for their comment.

Facebook Launches Notify News App

Notify – Released By Facebook – News/Entertainment Stories

An app for iPhone usersknown as Notify has been released by Facebook that tends to collect news and entertainment stories in one regularly updated feed. Among the 70 organisation that would be providing stories to the app are CNN, Fox News and the Washington Post.

Those who intend to install the app can choose their own mix of sources which will post notification their feed. This competes openly with Twitter’s Moments and Apple’s News services that produce feeds of breaking stories. Facebook has mentioned in a blogpost that the feed of stories can be adapted on choosing from the various categories which comprise of movies, sport, music, news and celebrities.

Besides these, there are also categories for daily meditation exercises together with Getty picture library portraying iconic images from the same day in history. Presently the Notify service is only made available to iPhone users with Facebook account in the United States.

 It has not been mentioned by Facebook as to when or if the service is likely to be extended to the other areas of the world or other operating systems. Notification with regards to new articles had been seen on the lock screen of an iPhone and can be shard from that display.

Facebook – Jumping Off Point in the Digital Lives

Managing director of Analyst Company, Midia Research, Mark Mulligan, stated that the move made sense since Facebook had become the `jumping off point in the digital lives and the better a job it could do of this, the better it locks users in’.

He adds that it has seen standout success with spinning out Messenger and recognises that more touch points could develop with its users; the more it could create greater loyalty. Notify comes soon after Facebook had unveiled its Instant Articles service in May. This ought to hasten up delivery of off-site content by hosting it in its individual data centres.

Articles which have been featured on the service are from BuzzFeed, National Geographicand the New York Times besides six other media organisations. Initially, Instant Articles is available only on iPhones but a test of Android version has already started.

A rival company which is identical known as the Accelerated Mobile Pages – AMP initiative had been launched by Google and several other web firms in October. The AMP tends to store slimmed down copies of stories from dozens of news organisation to permit them to load quickly on portable devices.

Useful to Publishers/Readers

Facebook, in its official blog post had described its stations of notifications for 11 paragraphs prior to mentioning that `if you want to see more’ than the sentence or two on your lock screen, you could tap the notification to load it (around eight seconds) inside an in-app browser or one could just sit back and rely on this evolving medium to get updates.

It is likely that Notify seems like an experiment and Facebook would be utilising what it learns to inform the way it tends to build notifications in the Flagship Facebook app. Moreover, it would also be more useful to publishers and readers to enable users to subscribe to push notification from brands within Facebook of different levels of granularity.

This would help to separate those who desire to see everything from a publisher and from those who only prefer top stories and breaking news. Notify would perhaps help Facebook there. Meanwhile, should the user be in need of more push notifications on the phone, there are several publishers who would be ready to oblige.

-o0o-

Gmail to Warn When Messages Take Unencrypted Routes

Security of User’s Data Vulnerable

Google has observed that the security of its user’s data has become more vulnerable when they received message sent through a different email provider. There is a possibility that most of the users would now begin to see the alerts coming, in a few months.

Google has plans of ramping up security at its free email service by enabling users to be aware when messages arrive through unencrypted connection which could be susceptible to snooping or tampering. These threats have urged Gmail to work on warning system which could alert users when they tend to receive unencrypted mail.

Elie Bursztein and Nicolas Lidzborski of Gmail security team had mentioned in a blog post this week that these warning would begin to roll out in the coming months and while these threats does not seem to affect Gmail to Gmail communication, they could affect messaging between providers.

This statement came with the result of the study indicating that email encryption has been increasing together with measures to prevent spam and fraud by improved authenticating messages. The good news is that more email providers have been offered email encryption along the board with the majority of them utilising a few type of authentication in order to decrease phishing.

Google/Yahoo/Others – Improve Encryption of Websites/Email

But Google has said that it discovered regions of the Internet wherein email encryption had been secretly thwarted as well as exposed malicious servers that were programmed to hijack Gmail message by providing them false routing information.

Bursztein and Lidzborski had indicated in the post that though this kind of attack seems rare, it was a matter of concern as it would enable attackers to censor or alter messages before they are relayed to the email recipient.

In an attempt to enhance privacy in the midst of concerns with regards to hacking and surveillance, Google, Yahoo together with other online firms has been moving to improve encryption of websites and email. Bloggers have confirmed that, to notify users of possible dangers, they have been developing in-product warnings for Gmail users which would display whenever they receive a message through a non-encrypted connection. The good news is that more email providers are providing email encryption on the board and most of them are using some types of authentication to lessen impersonation and phishing.

Most Providers do not Support STARTTLS

Though Gmail-to-Gmail messages are always encrypted, the company has revealed that around 57% of email that are sent from providers to Gmail is encrypted while 81% of outgoing Gmail to the other provider also. This would be great since unencrypted emails are good targets for the criminals.

Moreover the groups also found malicious DNS servers broadcasting false routing information to email servers on the lookout for Gmail. However simultaneously, these researchers also discovered that there were certain areas of the internet which were preventing message encryption by tampering with requests to start SSL connection.

 Most of providers do not support STARTTLS, which means that any email encrypted by the sender cannot be read when it is received on the other end. The focus of Google in warning Gmail users with regards to unencrypted connection is to caution them to such type of dangers.

-o0o-

In The Rearview Mirror Car Designer Warns On Google Game Changer

Automobile sector had long enjoyed the success of the traditional and affordable segment of cars, which includes the popular Honda Civic and Toyota Corolla. But the times are about to take a huge turnaround for the automobile sector as tech giants like Apple and Google are making foray in the automobile sector with their revolutionary products. Both companies are determined to change the way people own and drive cars in the upcoming years.

Reasons to fear upcoming self-driving technology

Celebrated high-end car designer of Japanese origin Ken Okuyama who is famously known for Ferrari F 60 Enzo and the Porsche Boxster has given out the warning signs for the Japnases automobile industry. He believes that the bringing of game-changing self-driving technology in the cars will bring direct to the Japanese position as a major car producer.

Okuyama has asked the Japanese automakers to up their ante by bringing similar or advanced kind of cars, which are soon to be offered by the tech companies. Otherwise, Japanese automakers will end being just suppliers for these companies.

Google game changing cars

Google is developing a fleet of its own self-driving cars which even includes a highly modified model of the Toyota Lexus sport utility vehicle. Google has also presented a pod like and completely driverless car as a prototype. Both of these are going through various rounds of extensive road tests to ensure more security and better driving for the users in US. Apple on other hand has revealed its plan for launching the first driverless car in 2019 and it has also been doing a large amount of research and testing in the past few years.
Honda on other hand is developing a new automatic setting for its cars, which can be really helpful tool in the congested traffic. This technology can easily pre-program the cars to drive automatically during such scenarios.

Automobile market is all set to split in future

Okumaya presents a future where soon the rise of self-automated cars will split the automobile market into two different camps. One will comprise of the vehicles fulfilling the public transportation need and other will consist of the super luxury cars. Automated cars will find itself in the first camp while high-end models will see themselves in the second camp. This would result in the annihilation of car ownership for the affordable traditional cars like Honda Civic models.

Okumaya is urging the Japanese automakers to focus towards finding the different kind of new technologies, which can bolster their cars prospect in future and can bring it on the same ground to compete against self-automated cars. Self-driving cars are bound become common place in upcoming future and it will eat upon the sales and popularity of the traditional cars. Even companies like Toyota and Mercedes are looking for way to counter the sudden challenge for the futuristic breed of cars but Google had already gained a huge lead against them.