Security Alerts & News
by Tymoteusz A. Góral

#1078 Encryption bypass vulnerability impacts half of Android devices
A flaw in chipmaker Qualcomm’s mobile processor, used in 60 percent of Android mobiles, allows attackers to crack full disk encryption on the device. Only 10 percent of Android devices running Qualcomm processors are not vulnerable to this type of attack.

Researchers at Duo Labs said the vulnerability is tied to Android’s problem-plagued mediaserver component coupled with a security hole in Qualcomm’s Secure Execution Environment (QSEE). Together, these vulnerabilities could allow someone with physical access to the phone to bypass the full disk encryption (FDE).

The vulnerability, discovered by Gal Beniamini last week, builds off of earlier research by Beniamini and Duo Labs published in May. That’s when both highlighted a previously unpatched vulnerability (CVE-2016-2431) in Google’s mediaserver component. Google has since patched that vulnerability, but a large percentage of Android phones have yet to receive that update.
Read more
#1078 Encryption bypass vulnerability impacts half of Android devices
#1077 TPLINK loses control of two device configuration domains
#1076 MRI software bugs could upend years of research
#1075 Scope of ThinkPwn UEFI zero-day expands
#1074 Android Nougat prevents ransomware from resetting device passwords
#1073 This Android malware has infected 85 million devices and makes its creators $300,000 a month
#1072 Identity fraud up by 57% as thieves target social media
#1071 Tor Privacy settings coming to Firefox
#1070 Satana ransomware – threat coming soon?
#1069 Don’t pay the Ransom! AVG releases six free decryption tools to retrieve your files
#1068 How to detect most malicious macros without an antivirus
#1067 MIT's Swarm chip architecture boosts multi-core CPUs
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12