Security Alerts & News
by Tymoteusz A. Góral

History
#1726 Android user locked out of Google after moving cities
An Android user has been locked out of his Google account apparently because he moved cities, according to a post on Reddit.

The explanation offered by Google support staff was that since his address details differed, billing information with Google wasn't current and hence the user's purchases could look fraudulent.

The user in question does not know for sure that this is the reason; during his interactions with Google support to find out why he had been locked out, he was told that "It is our policy to not discuss the specific reasons for an account closure."

This, apparently, is official Google policy.
#1725 Powerful backdoor/rootkit found preinstalled on 3 million Android phones
Almost three million Android phones, many of them used by people in the US, are vulnerable to code-execution attacks that remotely seize full control of the devices, researchers said Thursday.

Until recently, the flaw could have been exploited by anyone who took the time to obtain two Internet domains that remained unregistered despite being hardwired into the firmware that introduced the vulnerability. After discovering the vulnerability, researchers from security ratings firm BitSight Technologies registered the addresses and control them to this day. Even now, the failure of the buggy firmware to encrypt communications sent to a server located in China makes code-execution attacks possible when phones don't use virtual private networking software when connecting to public hotspots and other unsecured networks.
#1724 Second Chinese firm in a week found hiding backdoor in firmware of Android devices
Security researchers have discovered that third-party firmware included with over 2.8 million low-end Android smartphones allows attackers to compromise Over-the-Air (OTA) update operations and execute commands on the target's phone with root privileges.

Mobile experts from Anubis Networks discovered the problem this week. This is the second issue of its kind that came to light this week after researchers from Kryptowire discovered a similar secret backdoor in the firmware of Chinese firm Shanghai Adups Technology Co. Ltd..

This time around, the problem affected Android firmware created by another Chinese company named Ragentek Group.
#1723 iPhones vulnerable to yet another lockscreen bypass
iPhone aficionados at iDeviceHelp and EverythingApplePro have discovered yet another way for someone who has physical access to your phone to access your messages, photos, and contacts, even if the phone is locked with both a passcode and properly configured TouchID.

EverythingApplePro and iDeviceHelp published full proof-of-concept videos of this bypass on YouTube, in case you’d like to follow along at home.

The demonstration shows the bypass on an iPhone 7 using the iOS 10.2 beta 3, as well as an iPhone 4 using iOS 8 and even on an iPad, showing that this flaw affects any iDevice that can receive Facetime or phone calls.

This is not the first time (by a long shot) that clever iPhone users have found lock screen bypasses to access information that should be locked down, including photos, messages, and contacts. In fact, we’ve been covering flaws like this since at least 2013.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12