#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
AI Security

Search results for Android | Breaking Cybersecurity News | The Hacker News

Google 'Android Things' — An Operating System for the Internet of Things

Google 'Android Things' — An Operating System for the Internet of Things

Dec 21, 2016
Google announced a Developers Preview of " Android Things " — an Android-based operating system platform for smart devices and Internet of Things (IoT) products. The Android-based Internet of Things OS is designed to make it easier for developers to build a smart appliance since they will be able to work with Android APIs and Google Services they're already familiar with. As the Developers page of Android Things says: " If you can build an app, you can build a device ." The Android-based Internet of Things operating system is supposed to run on products like security cameras, connected speakers, and routers. Android Things is a rebranded version Google Brillo , an Android-based IoT OS that Google announced in 2015, with added tools like Android Studio, the Android Software Development Kit (SDK), Google Play Services, and Google Cloud Platform. Unlike Brillo, development on Android Things can be achieved with " the same developer tools as stan
Fortnite for Android Released, But Make Sure You Don't Download Malware

Fortnite for Android Released, But Make Sure You Don't Download Malware

Oct 12, 2018
Yes, it is official. The massively popular battle royale video game from Epic Games, Fortnite: Battle Royale is finally available for Android devices. Epic announced Thursday that the Android version of Fortnite is now available for everyone to download for free, so you no longer require an invite to play the most popular battle royale game on your phone. Epic Games have provided a list of supported Android phones on its official website, from where you can directly download Fortnite for your compatible device. Initially available for a brief period as a Samsung Galaxy Note 9 exclusive title, Fortnite: Battle Royale for Android was later opened up to other Android devices, but users still needed an invitation for the beta to play. Thankfully, you no longer need an invitation. Now all Android users can download Fortnite, provided they have a compatible device. Fortnite for Android Not Available on Google App Store For those unaware, Fortnite is not available for download
10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit

10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit

Jul 15, 2024Cyber Crime / Data Protection
Imagine you could gain access to any Fortune 100 company for $10 or less, or even for free. Terrifying thought, isn't it? Or exciting, depending on which side of the cybersecurity barricade you are on. Well, that's basically the state of things today. Welcome to the infostealer garden of low-hanging fruit. Over the last few years, the problem has grown bigger and bigger, and only now are we slowly learning its full destructive potential. In this article, we will describe how the entire cybercriminal ecosystem operates, the ways various threat actors exploit data originating from it, and most importantly, what you can do about it. Let's start with what infostealer malware actually is. As the name suggests, it's malware that... steals data. Depending on the specific type, the information it extracts might differ slightly, but most will try to extract the following: Cryptocurrency wallets Bank account information and saved credit card details Saved passwords from various apps Bro
Android Privilege Escalation Flaws leave Billions of Devices vulnerable to Malware Infection

Android Privilege Escalation Flaws leave Billions of Devices vulnerable to Malware Infection

Mar 24, 2014
Android -  a widely used Smartphone platform offered by Google is once again suspected to affect its users with malicious software that puts their android devices at risk. This time the vulnerabilities occur in the way Android handle the updates to add new flavors to your device. Researchers from Indiana University and Microsoft have discovered [ Paper PDF ] a new set of Android vulnerabilities that is capable to carry out privilege escalation attacks because of the weakness in its Package Management Service (PMS) that puts more than one billion Android devices at risk. The researchers dubbed the new set of security-critical vulnerabilities as Pileup flaws which is a short for privilege escalation through updating, that waylays inside the Android PMS and intensifies the permissions offered to malicious apps whenever an android update occurs, without informing users. The research was carried out by Indiana University Bloomington researchers, Luyi Xing, Xiaorui Pan, Ka
cyber security

Top 4 Security Risks of GenAI

websiteWizGenAI Security / Technology
Gain a competitive edge and unlock the top 4 major emerging risks within GenAI. This report from Gartner provides insights and recommended actions for security and product leaders.
How to Run Two WhatsApp Accounts in One Phone | Dual WhatsApp

How to Run Two WhatsApp Accounts in One Phone | Dual WhatsApp

Apr 09, 2015
Are you looking for methods on how to run two WhatsApp accounts in one phone, or how to use 2 WhatsApp in 1 phone? In this tutorial, we have shared various techniques that allow mobile users to run multiple or dual WhatsApp accounts in one single phone. WhatsApp is one of the most popular and commonly used Instant messaging apps these days, and due to its simplicity and easy-to-use interface, users are able to use it without any hassle. WhatsApp lets its users send and receive messages that are end-to-end encrypted so that only you and the person you're communicating with can read the content of the message, and nobody in between, not even WhatsApp. Each and everything on WhatsApp comes quite handy, but what is the most disturbing part that you come across? For me it is... How to install 2 WhatsApp accounts in 1 Android smartphone? If you have a dual SIM smartphone, you might be willing to enjoy two separate WhatsApp accounts for your two different phone number. Is
Fortnite APK Download for Android Won't Be Available on Google Play Store

Fortnite APK Download for Android Won't Be Available on Google Play Store

Aug 06, 2018
There's both good news and bad news for Fortnite game lovers. Fortnite, one of the most popular games in the world right now, is coming to Android devices very soon, but players would not be able to download Fortnite APK from the Google Play Store. Instead, Epic Games software development company has confirmed the Fortnite APK for Android will be available for download exclusively only through its official website, bypassing the Google Play Store. Why Fortnite for Android Bypassing Google Play Store? Epic Games CEO Tim Sweeney cites two main reasons for this decision. First, offering Fortnite APK downloads directly from its official website will allow the company to "have a direct relationship" with its consumers. Second, since Google takes a 30 percent cut of revenue each time a user makes an in-app purchase through its Play Store, the decision will allow the company to save millions. This should not be shocking as Fortnite on iOS made $15 million in j
Android 11 — 5 New Security and Privacy Features You Need to Know

Android 11 — 5 New Security and Privacy Features You Need to Know

Sep 18, 2020
After a long wait and months of beta testing, Google last week finally released Android 11 , the latest version of the Android mobile operating system—with features offering billions of its users more control over their data security and privacy. Android security is always a hot topic and almost always for the wrong reason, including Google's failure to prevent malicious apps from being distributed through the Play Store, over-claim of permissions by apps, and privacy leakages. Though most of such issues can be avoided as long as users take advantage of already available features and a little common sense, most users are still not aware of or following basic security practices. According to Google's latest announcement, the latest Android 11 OS includes a few new built-in measures designed to keep users' data secure by default, increase transparency, and offer better control. Instead of diving deep into smaller or more extensive changes, we have summarized some critica
Yet another Android vulnerability Discovered; Affects 55% Users

Yet another Android vulnerability Discovered; Affects 55% Users

Aug 11, 2015
It seems like there isn't any end to Android security flaws. After the discovery of the Stagefright vulnerability that allowed hackers to infect Millions of Android devices with just a maliciously-crafted message… Researchers have now warned of another critical security hole in Google's Android mobile operating system platform that impacts over 55 percent of all Android users . Security researchers at IBM have discovered a new privilege escalation vulnerability in the Android platform that could allow " a malicious app with no privileges the ability to become a 'super app' and help the cybercriminals own the device. " Dubbed the Android serialization vulnerability, assigned CVE-2015-3825 , affects Android versions 4.3 and above, including the latest build of Android M. The vulnerability resides in a component of Android's platform called OpenSSLX509Certificate , which can be exploited by an Android app to compromise the system_server process and gain powerful syste
Android 4.3 and Earlier versions Vulnerable to Critical Code-Execution Flaw

Android 4.3 and Earlier versions Vulnerable to Critical Code-Execution Flaw

Jun 27, 2014
A critical code-execution vulnerability almost affecting everyone those are not running the most updated version of Google Android , i.e. Android version 4.4 also known as KitKat. After nine months of vulnerability disclosure to the Android security team, researchers of the Application Security team at IBM have finally revealed all the possible details of a serious code-execution vulnerability that still affects the Android devices running versions 4.3 and earlier, which could allow attackers to exfiltrate sensitive information from the vulnerable devices. " Considering Android's fragmented nature and the fact that this was a code-execution vulnerability, we decided to wait a bit with the public disclosure ," said Roee Hay, a security research group leader at IBM. The researchers found the stack buffer overflow vulnerability that resides in the Android's KeyStore storage service, which according to the Android developers' website is the service code running in Androi
Simple Text Message to Hack Any Android Phone Remotely

Simple Text Message to Hack Any Android Phone Remotely

Jul 27, 2015
Own an Android phone? Beware, Your Android smartphones can be hacked by just a malformed text message. Security researchers have found that 95% of Android devices running version 2.2 to 5.1 of operating system, which includes Lollipop and KitKat, are vulnerable to a security bug, affecting more than 950 Million Android smartphones and tablets. Almost all Android smart devices available today are open to attack that could allow hackers to access the vulnerable device without the owners being aware of it, according to Joshua Drake, vice president of platform research and exploitation at security firm Zimperium. The vulnerability actually resides in a core Android component called " Stagefright ," a multimedia playback library used by Android to process, record and play multimedia files such as PDFs. A Text Message Received...Your Game is Over The sad news for most of the Android users is that the fix will not help Millions of Android users that owned o
Google Makes 2 Years of Android Security Updates Mandatory for Device Makers

Google Makes 2 Years of Android Security Updates Mandatory for Device Makers

Oct 25, 2018
When it comes to security updates, Android is a real mess. Even after Google timely rolls out security patches for its Android platform, a major part of the Android ecosystem remains exposed to hackers because device manufacturers do not deliver patches regularly and on a timely basis to their customers. To deal with this issue, Google at its I/O Developer Conference May 2018 revealed the company's plan to update its OEM agreements that would require Android device manufacturers to roll out at least security updates regularly. Now, a leaked, unverified copy of a new contract between Google and OEMs obtained by The Verge reveals some terms of the agreement that device manufacturers have to comply with or otherwise they have to lose their Google certification for upcoming Android devices. Google's New Terms for Android Security Updates According to the leaked contract, Android OEMs will now be required to regularly roll out security updates for popular devices—lau
Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures

Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures

Dec 09, 2017
Millions of Android devices are at serious risk of a newly disclosed critical vulnerability that allows attackers to secretly overwrite legitimate applications installed on your smartphone with their malicious versions. Dubbed Janus , the vulnerability allows attackers to modify the code of Android apps without affecting their signature verification certificates, eventually allowing them to distribute malicious update for the legitimate apps, which looks and works same as the original apps. The vulnerability ( CVE-2017-13156 ) was discovered and reported to Google by security researchers from mobile security firm GuardSquare this summer and has been patched by Google, among four dozen vulnerabilities, as part of its December Android Security Bulletin . However, the worrisome part is that majority of Android users would not receive these patches for next few month, until their device manufacturers (OEMs) release custom updates for them, apparently leaving a large number of sma
New Android Browser Vulnerability Is a “Privacy Disaster” for 70% Of Android Users

New Android Browser Vulnerability Is a "Privacy Disaster" for 70% Of Android Users

Sep 17, 2014
A Serious vulnerability has been discovered in the Web browser installed by default on a large number (Approximately 70%) of Android devices, that could allow an attacker to hijack users' open websites, and there is now a Metasploit module available to easily exploit this dangerous flaw. The exploit targets vulnerability ( CVE-2014-6041 ) in Android versions 4.2.1 and all older versions and was first disclosed right at the start of September by an independent security researcher Rafay Baloch, but there has not been much public discussion on it. The Android bug has been called a " privacy disaster " by Tod Beardsley, a developer for the Metasploit security toolkit, and in order to explain you why, he has promised to post a video that is " sufficiently shocking ." " By malforming a javascript: URL handler with a prepended null byte, the AOSP, or Android Open Source Platform (AOSP) Browser) fails to enforce the Same-Origin Policy (SOP) browser secur
Next 'Android L' To Enable Full Disk Encryption By Default

Next 'Android L' To Enable Full Disk Encryption By Default

Sep 22, 2014
The search engine giant Google will soon come up with its next version of Android operating system, dubbed as Android L , with full-disk encryption enabled by default, Google confirmed Thursday. This will be for the first time that Google's Android OS will be encrypting your information, preventing both hackers and law enforcement agencies from gaining access to users' personal and highly sensitive data on their devices running the Android operating system. While Android has been offering data encryption options for some Android devices since 2011. However the options are not enabled by default, so users have had to activate the functionality manually. But Android L will have new activation procedures that will encrypt data automatically. Although Google is yet to provide more details about Android L, which is set to be released next month. But the move by the web giant will surely provide an extra layer of security on the personal data that users typically have on t
Billions of Android Devices Vulnerable to Privilege Escalation Except Android 5.0 Lollipop

Billions of Android Devices Vulnerable to Privilege Escalation Except Android 5.0 Lollipop

Nov 20, 2014
A security weakness in Android mobile operating system versions below 5.0 that puts potentially every Android device at risk for privilege escalation attacks, has been patched in  Android 5.0 Lollipop  – the latest version of the mobile operating system. The security vulnerability ( CVE-2014-7911 ), discovered by a security researcher named Jann Horn , could allow any potential attacker to bypass the Address Space Layout Randomization (ASLR) defense and execute arbitrary code of their choice on a target device under certain circumstances. ASLR is a technique involved in protection from buffer overflow attacks. The flaw resides in java.io.ObjectInputStream , which fails to check whether an Object that is being deserialized is actually a serializable object. The vulnerability was reported by the researcher to Google security team earlier this year. According to the security researcher, android apps can communicate with system_service, which runs under admin privileges
Chainfire's SuHide — Now You Can Hide Your Android Root Status On Per-App Basis

Chainfire's SuHide — Now You Can Hide Your Android Root Status On Per-App Basis

Aug 30, 2016
Famous Android developer Chainfire released an experimental hack with a new app, called " Suhide ," that allows users to hide the root status of their rooted Android devices on an app-by-app basis. Rooting your Android device can bring a lot of benefits by giving you access to a wide variety of apps and deeper access to the Android system...But at what cost? One of the major drawbacks of rooting your device is losing access to certain apps, which includes banking, payment and corporate security apps that work with financial and confidential data, such as your bank details. Such apps don't work on rooted devices. A great example for this is Google's Android Pay . Since its launch, developers has been working hard to get Android Pay working for rooted devices, but unfortunately, they have not gotten much success. But Why Rooted Devices? It's because Google cares about your security. SafetyNet — That's How Google Detects Tampered Devices Google
Cybersecurity
Expert Insights
Cybersecurity Resources