close

Internet Security

AppsInternet Security

How to Uninstall All Types of Bloatware on Any Android Device with This Trick

How to Uninstall All Types of Bloatware on Any Android Device with This Trick

Are you striving to learn about how to remove all the bloatware from your android device? But struggling to find out how to uninstall all types of bloatware on any android device.

Then don’t worry, in this post, I will help you out by providing a new tactic to remove bloatware on any android device. With this process, you can easily uninstall all types of bloatware on any android device.

In general, when we buy a brand new phone, the last thing you don’t want to see is the ton of waste & preinstalled programs staring at you. But, in reality, you will find a bunch of programs staring at you. These do not only act like clutter but there are not useful for most of the users as well. So, keeping them on your phone is just a waste of storage. In some case, these apps could drain your battery life as well.

How to uninstall all types of bloatware on any Android Device Tips and Tricks

Now, to get rid of these irritating apps you have to truly uninstall them but they really can’t be uninstalled. Even if we root the device also you’ll find it hard sometimes to remove these apps.

Its because these days, preinstalled apps are generally scattered across several different partitions. But, this is a traditional tactic in new versions all these preloaded apps are combined into a private app directory with some elevated permissions.

So, to hunt down all unnecessary apps in all these places you have to be a real techie. But, luckily we have a new trick which can help you remove all the bloatware. It’s a new magisk module which is developed by Val mandates for totally eradicating all apps you feel you really don’t need. The cool part, is regardless of which partition they are stored on they can be removed with this cool trick.

How to uninstall all types of bloatware on any Android Device:

To quickly uninstall all the bloatware from any android phone. You should fulfil some requirements and those requirements given below.

Requirements:

Magisk Installed

Root Access

These are the two requirements you need to fulfil in order to begin this process. Now, let’s get into the process of How to uninstall all types of bloatware on any Android Device.

Step 1: Quickly Install Debloater Module:

  • The first step you have to do is open up the Magisk Manage app and click on the menu button which is on the left-hand side.
  • After that head over to the Downloads section.
  • Click on the search icon in the top right-hand corner and search for “Debloater”
  • Then you will get one module popup – you should open that popup.
  • After that click on the download button and then click on “Install”.
  • Once the installation is completed then you can click on the “Close” option which is hovering at the bottom left.

Step 2: Install the BusyBox Module:

Right after installing the debloater module you have to work on installing the busybox module. In general the debloater module often users special root access command know as Busybox. If you want to make sure your app is fully functional you need to download the busybox additional module for sure.

  • So, just as you have installed the debloater module you have to download and install busybox. For that, you need to go the Downloads section in Magisk Manager to find out the busybox module.
  • You can click on the search bar and type in “Busybox” then click enter.
  • After that you will get a popup when you have to download and install the module same as previous one.
  • Once the installation is completed you have to click on the “Reboot” option which is right at the bottom of the page.
  • Restarting device can start killing that bloatware

Caution: But always remember busybox is a set of root commands which are needed in the terminal environment just to run the Debloater Magisk Module.

If you plan for using command line magisk module then you are going to be making good use of busybox. This is crucial step in this post How to uninstall all types of bloatware on any Android Device.

Step 3: Install Terminal App:

After completing the above two steps you have install the terminal app. It depends on what device you have, some of you may already have installed the terminal application by default through the developer options. The universal method across all the devices will download the termux apps from Android’s Google Play store.

But when it comes to the command line situations, no app is not widely recommended as termux. Make Sure you do follow this step in order to learn How to uninstall all types of bloatware on any Android Device

Step 4: Run the Commands:

After installing the two modules and termux app. All you have to do is open the termux app to the main screen.

Stay typing the below command and click on enter.

su

when you have entered this you will be prompted to do so, then click on “Grant” on the root access popup just to grant the appropriate administrator or superuser rights for the terminal app.

Once you got the superuser permission you have to type in the next command which is given below and click on enter.

debloat

This command will initiate the immediate launch of Debloat Magisk Module interface. So, that you can start removing all the bloatware from your Android Device.

Step 5: Uninstall Bloatware and Enjoy:

After completing the above process all you have to do is uninstall the bloatware. This is the best part most of the users were searching for. So, finally you can look over your entire systems bloatware and you can remove anything you really don’t want to use. On the main menu you will find out the debloater module, you will have multiple options to pick in this phase. But the main focus should be on the choice number one for this process.

How to uninstall all types of bloatware on any Android Device ShortCut

  • Now, go ahead and type “1” and click on the Enter to scan your device for all the system install apps.
  • Once you have completed the scan you will be presented with a list of all system apps which are installed on your internal storage.
  • Now, you have to go through the list in detail and you can uninstall any app you want just by typing the specific number of the app and hit enter. Ex: if you want to remove 3rd app then click on “3” and hit enter.
  • If you want to uninstall multiple apps at a time like batch uninstall then you have to type each number but always ensure you have to add a space in between each one of the number. Ex: 3 4  5 etc.

After having a look at the list and making your choice you have to press enter. Then the list of apps will appear with the information and then you will get a confirmation input as well.

  • If you check everything out then you have to type “Y” to proceed with the uninstall of bloatware from your system.
  • Once you are finished and you find no changes means you can input the command “n” when it asks if you want to return to the main menu.

Final Step How to uninstall all types of bloatware on any Android Device

Now, to uninstall carrier or OEM bloat, you have to repeat the above process, but you can choose “3” from the main menu to select the vendor’s apps. This special section will not have many apps in it but it may contain some obnoxious bloatware mainly depending on the device.

So, if you want to scrub the bloatware at a higher level from your Android device. You have to select the “System private – Apps” which is the option number 2 on the Debloater main menu.

Always be careful here since these apps are sensitive and it could easily mess things up if you don’t do the process perfectly or if you don’t know what to remove.

Soon after completing everything, the final thing you should do is reboot your device. That’s it everything is done!

Once your system reboots you should now have noticed that all your apps are uninstalled through the Debloater Module and you can find there is more bloatware on your phone.

This is all about How to uninstall all types of bloatware on any Android Device. If you have any queries regarding this topic then comment us below.

 

read more
Internet Security

Tips to Stay Away from the SQL Injection Attacks

Tips to Stay Away from the SQL Injection Attacks

Let us acknowledge the definition of SQL injection attacks before indulging into the matter. Well, the SQL injection attack can be defined as the code injection technique, which is used to attack the applications that are driven by data. With the help of SQL injection attacks, the attackers establish numerous cyber destructions like spoofing of the identity, causing repudiation, destroying data and numerous other things. Thus, it is very important for us to protect ourselves from the SQL injection attacks, if we want to ensure the protection of our data. Here are some tips to help you:

Make use of prepared statements to protect from SQL injection Attacks

Let us acknowledge the definition of SQL injection attacks before indulging into the matter. Well, the SQL injection attack can be defined as the code injection technique, which is used to attack the applications that are driven by data. With the help of SQL injection attack, the attackers establish numerous cyber destructions like spoofing of the identity, causing repudiation, destroying data and numerous other things. Thus, it is very important for us to protect ourselves from the SQL injection attack, if we want to ensure the protection of our data. Here are some tips to help you:

Make use of prepared statements

Using prepared statements is considered to be one of the finest ways to protect ourselves from the SQL injection attacks. Also, compared to the dynamic SQL series, it is pretty easy to understand. This is the time, when the SQL command utilizes the parameters rather than the direct insertion of the values in the command. By doing this, it is preventing the backend to go through the malevolent queries, which are severely harmful for the database. Thus, if the user is entering 12345 or 1=1 as its input, parameterized query will search the entire string 12345 or 1=1.

Stored procedures can be utilized as well to protect from SQL injection attacks

In addition to using the prepared statements, if you use a stored procedure, it will provide you with an extra layer of security. It will perform the essential escaping, which is required, thus the app treats the input to be functioned instead of the SQL code, which was about to executed. Well, the basic difference between the stored procedures and the prepared statements is that, in case of stored procedure, SQL is code is written and also, stored in database of the server and after that, it is called from the web app.

Validating the input of the user

Another way of fighting the SQL injection attacks is to validate the user input. Even if you are utilizing a prepared statement, make sure to validate an input at first to determine that the value is one of the accepted types, format, length or any other things. The input that can pass the validation can only be allowed to process towards the database. So, this is one of the methods to protect you from the SQL injection attack. You can consider this method as asking who is on the door before opening the door.

Limit the privileges

Limiting the privileges can be the other way of protecting one from the SQL injection attack. Well, it is recommended that do not connect to your database with an account that has root access. Well, emergency is the exceptional case. If you use an account that has the root access, there are numerous chances of SQL injection attacks. Thus, use an account that has limited privileges.

So, these are some of the tips, which you can use if you want to protect your data from SQL injection attacks.

 

read more
Internet Security

Writing an Internet Security Research Paper: Sources to Turn To

Writing an Internet Security Research Paper: Sources to Turn To

Writing can be difficult at the best of times and if you’re writing for a purpose i.e. you’re writing a report or a research paper, you will need to make sure that the message that you are trying to get across in your writing is received, with the accuracy which you intend it to have. The problem with writing is that you need to make sure that you have enough information to write about. Using the correct sources, with the right amount of information can be tricky.  For example, if you are writing a research paper about Internet security you need to know where the best places to look for information so. Only by knowing this can you complete a research paper effectively, accurately and successfully? Let’s now take a look at some of the sources that you could turn to, to make sure that your research paper about Internet security hits the spot.

The Internet

The Internet is obviously a great source for information, but within the Internet, there are also some sub informational centers that you could look at in order to be sure that you focus your research and obtain your source information correctly. The first and foremost aspect that you must look at is the type of website that you have come across. If you are writing about Internet security, you need to find information sources that have facts and figures about Internet security. Try to avoid blogs and sites that are not bona fide as these sites could be providing misleading information. How knowledgeable a site is about Internet security should be obvious, as they will have a large amount of information that matches up with other sites that have a high authority ranking. The trick is to look at more than one source on the Internet and this way you can see how the information compares.

The Library

In this day and age, the library may seem like an out-dated source for information. However, libraries will not only give you full Internet access, but they will also give you access to books and journals that could provide you a background on the subject you are writing about. The good thing about libraries is that they will give you access to journals that may have been written by professionals. Journals that are written in this way will give provide you with other bits of research and information that you may not necessarily be able to access by the web. Also in a library, there are a number of primary and secondary sources you can use.

Internet Security Companies

So as we have mentioned above, if you are writing a research paper on Internet security it might be advisable to contact Internet security companies. There are a number of ways in which Internet security companies can be used and these companies will be able to give you an idea of what they are all about. Also, on a company’s website, there will be an ‘about us’ page and maybe even a ‘latest information’ page which may give you an insight into Internet security. You have to remember the Internet and the library, as sources, will give you accurate information about the subject in general. Going to an individual company will give you an individual company’s opinion about what they are doing which you be able to discuss in your research paper. This would also mean you could compare and contrast each individual company is doing.

Doing your Own Research

Doing your own research is also a very good way of making sure that your research paper stands out from the rest. You can obviously reference other research so that your paper looks more accurate, but conducting your own research will also give your research paper an individual tone which will make it engaging and more interesting.

Television and Radio

Television and radio have also become areas where you are able to get a lot of information. Gone are the days where you had to watch a program, at a particular time or you will miss it. We now have interactive television, so if there is a program on a particular subject that you want to watch, you can save the programme and watch it at a time that is convenient for you. If you were doing a research paper on Internet Security you could search for any programmes related to this subject and reference them in your research paper. Doing this will not only give your paper a wider source base, but it also will give you more information if your research paper is lacking quantity. Not all subjects are easy to write about, but Internet security is big business and as many companies fight about Internet security breaches, more and more information is becoming readily available.

We have covered a number of areas above, which highlight how to write a research paper about Internet security and we have discussed the main ways in which you can gain information. Both will show you how to add depth to your research paper, as there are numerous ways to gain different sources. Not all sources offer the same kind of information, for example, Internet and library sources will be more academic, where television and radio sources are more for the masses and therefore have a mixture of information which will help with a research paper which could be accessible to the masses.

 

read more
Internet Security

Researchers See Rowhammer based Exploits Still Possible in Android

Researchers See Rowhammer based Exploits Still Possible in Android

Rowhmmer-Based threat: a new threat for Phones

With Technology you get threats of hacking and exploiting too. It is just a one for one thing, no system is completely free form bugs, threats of hacking or other compromise of data. When one threat is removed another crops up in its place and the same goes for this one too. An upgraded version of rowhammer has been discovered called RAMpage.

This new version of rowhammer takes advantage of the data in a phone and gives malicious applications full control of a device’s data. On a normal basis no two apps can take data from one and another without the user’s permission but in this case that rule does not apply.

More about Rowhammer variant:

As mentioned earlier apps cannot get access to data that is present on other apps without permission but in this rowhammer case, bad apps use a rampage exploit to get access to information stored in other apps on the device such as your passwords and other personal information that is supposed to be confidential.

Researchers are beginning to call this new version of rowhammer, rampage and for good reason too. This exploit involves ramming memory pages in order to gain temporary access to data.

Rampage stems from Rowhammer which is not an exploit in and of itself. Rowhammer was basically a hardware problem where by an issue of the hardware used to affect a computer’s RAM. It was first discovered by researchers in 2015.

What really is Rowhammer?

Rowhammer is an unconscious side-effect that affects a system’s dynamic random access memory or DRAM for short. It causes the memory cells to leak charges and interact between themselves.

The name comes from the exploit which involves hammering at a row of memory cells to get an electromagnetic interference from adjacent rows thus gaining access to data that was not previously intended.

When the memory rows are hammered a thousand times a second, the bits flip making 0s 1s and vice versa.

What Action was taken regarding Rowhammer:

Google acted on this problem by making changes to ION memory manager which is a universal memory management system which Google added to android. The changes made to ION restricted access to physical contiguous kernel memory.

Coming back to Rampage:

Rampage involves someone exploiting ION by using a write and refresh request on the device’s RAM to flip a bit in a nearby memory row. This then allows an app to gain access to other data in other apps.

What devices are affected?

Android devices shipped with LPDDR2, LPDDR3,LPPDR4 memory are susceptible to the Rampage exploit.

What steps are taken to take control of the Rampage situation?

Researchers at VrijeUniversiteit in Amsterdam are working closely with Google to come out with a solution to rowhammer’s variant- Rampage.

According to Google they are working with the researchers and believe that this problem won’t affect the majority of their users but in spite of that, are determined to protect the users that are affected by the issue.

read more
AppsInternet SecurityTechnology News

Can Keep Data Fresh for Wireless Networks With New Algorithm

Can Keep Data Fresh for Wireless Networks With New Algorithm

Keeping Data Fresh with new form of Wireless Networks

Today’s day and age requires information to be transferred not only fast but also that the data should be the most current or the most freshest that is out there and often this does not happen. In order to avoid overloading wireless networks every bit of data does not get transferred on time and that means what you end up viewing may not be the most- freshest or most updated data that is out there.

It is not the question of how fast data can be transmitted in the wireless networks but that the data being transmitted over wireless networks do not get transmitted as often meaning that you are not seeing the most current version of data that is there. Take for example a car and it’s sensors, now it does not take much time for the sensors within the car to transmit data to a central processor but the age of that data will not only depend on the speed at which that data is being transmitted across channels but also on the frequency with which that data is being sent by the sensors.

How to keep information fresh on a wireless networks?

The question then arises as to how to increase the frequency of data being transferred to a central processing unit without completely overwhelming the network?

Engineers at MIT seem to have come up with an answer to this question. At present researchers at MIT say that they can apply their system to a simple wireless networks but hope that in the future they will be able to apply their findings to a much complex wireless network.

The process of keeping data fresh in a wireless networks:

In the course of their research, engineers at MIT made a simple network consisting of a central control station that would receive information from multiple nodes or in their case drones.

Using the assumption that only one node or drone could transmit data at any given time, researchers then began to decide which drone should send data at which time.

This question was answered by the team coming up with an algorithm, which calculated an index for each node, which in turn took into account factors such as the age of data, the reliability of the channel relaying information and the overall importance of that node in the wireless networks.

Nodes that are more reliable and faster are given a higher index as compared to nodes of lesser reliability and which are slower. But the index assigned to each node is not a fixed factor, this index keeps on changing and at any given time the node with the highest index relays data first.

The research team calculated a bound rate- the average age of information in a wireless network, which is the least time that has ever been achieved by any of the wireless networks elsewhere.

The researchers found that their data came very close to this bound rate and gave the freshest data possible as compared to any wireless networks that is out there.

read more
Internet Security

Spectre Next Generation Flaws: Eight New Spectre Variants Affecting Intel Chips

Spectre Next Generation Flaws: Eight New Spectre Variants Affecting Intel Chips

Spectre Next Generation Flaws could potentially affect your CPU

After Spectre and Meltdown bugs shook the computing world, there are new reports saying that bugs originating from the same, could also affect CPUs. This new type of bug is come to be known as Spectre next generation flaws. Researchers have recently found bugs that resemble the spectre and meltdown bugs, which could potentially affect CPUs.

Meltdown and Spectre bugs reveal the details of CPUs either by crossing over hardware or by tricking applications on the computer into giving vital information. Researchers have recently found that a new strain of these bugs could also affect CPUs. It is unsure as of now whether any hackers have taken advantage of these flaws or not.

More about Spectre Next Generation Flaws:

Researchers found a total of 8 flaws of spectre next generation that could affect CPUs. There are also reports that ARM chips could be affected. As of now no company is willing to give any details until a patch for the spectre next generation bug is found.

The researchers who discovered the spectre next generation flaws are working under responsible disclosure requirements in which they contact companies vulnerable to the spectre next generation Flaws and agree to delay their findings until a suitable patch is discovered to fix the spectre next generation issue.

Google Project Zero, the team that initially discovered the spectre and meltdown flaws have also discovered one of the spectre next generation flaws and have gone on a 90- day embargo on releasing any details to the public. This 90- day embargo will end on May 7th.

Companies reaction to the Spectre next Generation Flaws:

Intel is saying that they are working closely with customers, partners, chip makers and researchers to mitigate any issues that are discovered on their chips. The company believes in full disclosure with all parties concerned and they believe with the sharing of this information only can they better solve the problem.

AMD said it was aware of the spectre next generation flaws and that the media were reporting on the issue, other than this they declined further comment. Google and ARM have not yet commented on the spectre next generation issue.

As of now,no further details regarding the spectre next generation flaws have come to light and that everything is kept under wraps, but the research team that initially discovered the spectre and meltdown flaws said that additional flaws of the same variety could also arise and that they too would require patches.

The Patches and Updates for the spectre next generation flaws:

Companies are racing against time to come up with a patch for the spectre next generation flaw;this may begin a seemingly endless cycle of updates and patches that could also result in stability and performance issues in computers.

As of now there are no reports on hackers using the spectre and meltdown bugs to their advantage, but similar ways of hacking have become a hot topic when it comes to research and it could also mean that hackers are just biding their time until they come up with a new form of attack.

read more
Internet Security

Apple Is Struggling To Stop A Skeleton Key Hack On Home Wi-Fi

Apple Is Struggling To Stop A Skeleton Key Hack On Home Wi-Fi

New Skeleton Key Hack with Apple iOS?

Nothing on the net is free from the threat of hacking. Even with the best of security and the best of hardware and software that is out there, you aren’t completely free from getting hacked, the same goes with Apple’s products too. The Cupertino company is known for their tech and the quality that goes behind all their products but are they free from the threat of hacking or are they too susceptible to a crisis that affects literally the whole net? The answer is yes, they too can be hacked and a recent threat these days seems to be with regards to a skeleton key.

Apple has invested a lot in cyber security and expertise but is that enough? Some threats seem to be so difficult to manage that even with millions of dollars spent on them and a lot of time invested into removing those threats, they are still not fully eradicated. One such threat uses a skeleton key. The basics of this threat is that the hack exploits the trust of iOS devices in IoT devices for example connected toasters or smart TV’s.

How does the skeleton key hack work?

Discovered by founder of Lab Mouse Security, this skeleton key hack works much like this, a hacker would first have to gain access to anIoT device available on the internet and exposed to outsiders, such as a smart toaster. Again doing this, as stated by the founder is no difficult feat as IoT devices are known not to have strong security on them.

For the skeleton hack to work, these IoT devices would have to have an MFi chip- which is a chip that Apple designs that it then lends out to other manufacturers to get their devices hooked up to iOS products. Once the hackers have taken control of the IoT devices they can then exploit the trust of iOS products and get them to hand over private network keys.

Once the hacker gets on to the IoT device and has access to the MFi chip, they can then pose as any smart device and then exploit the iOS device and get them to hand over private network security keys and there is also no way for Apple to actually verify whether they are giving the network security details to a smart device or a hacker manipulating device. So unknowingly the iOS device does this without knowing about the hack.

The next element to this hack is that after the network security details are given then the hacker can use them to join the network and then it becomes useful for further attacks.

This MFi chip then becomes the skeleton key to get access to one’s private network keys.

Will the Skeleton Key Hack work:

As said by the founder of Lab Mouse Security, this skeleton key hack is not only possible on paper but is also completely possible in real life too, but that is not to say that hackers will use this technique. There are other simpler methods out there than the skeleton key hack that targets the Wi- Fi router directly and it is probable that hackers would prefer this hack than the skeleton key one.

read more
InternetInternet Security

Everything You Need to Know About HTTP/2?

Everything You Need to Know About HTTP/2?

Hypertext Transfer Protocol – HTTP/2

To get an understanding of HTTP/2, one needs to have a fast and apparent conception regarding protocol considering the context the Hypertext Transfer Protocol – HTTP.  It is said to be a mechanism utilised by Internet browsers to demand information from the web server which tends to display the pages on the screen of the device which is utilised.

HTTP/2 is considered to be an auxiliary in expressing HTTP on the wire though is not a ground-up alteration of the protocol.  The methods of HTTP, status code and semantics tends to be equal and the same should be possible to use APIs as HTTP/1 x for representing the protocol.

Emphasis of the protocol is based on performance, end-user perceived latency, server resource usage and network. The main objective is to enable the use of an individual link from browsers to a Website.   HTTP/2 earlier known as HTTP/2.0 is said to be a main revision of the HTTP network protocol which is utilised by the World Wide Webresulting from the former new SPDY protocol.

This had been established by Google. The working group http is, of Hypertext Transfer Protocol, wherein `bis’ is considered as `second’ of the Internet engineering Task force.  HTTP/2 is considered to be the first latest version of HTTP as HTTP1.1 standardized in RFC 2068 in 1997.

Applications – Quicker/Simpler/Strong

HTTP/2 is inclined to make our applications quicker, simpler as well as strong.  Moreover it also tends to open various completely new options for optimizing our applications and enhance performance.

The main purpose of HTTP/2 is to reduce latency by permitting full request and response, multiplexing, reduces protocol overhead through well-organized density of HTTP header fields. It also adds to the support for request prioritization and server push and in order to implement these essentials, there is a huge supporting cast of the other protocol augmentations like new flow control, upgrade mechanisms, error handling.

However these are said to be the most important features which all web developers need to comprehend and leverage in their applications. The application semantics of HTTP in any way is not modified by HTTP/2.

All the essential concepts like HTTP methods, URIs, status codes as well as header fields tend to stay in place.  On the contrary HTTP/2 is said to modify how the data gets formatted and transported between the server and the client.  Here both are inclined to handle the complete process and hides the overall complexity from our application within the fresh framing layer.

HTTP/2 Enhanced Performance/Accessibility of New Abilities

The consequence is that all the prevailing applications can be delivered without modification. HTTP/2 has introduced a new binary framing layer to accomplish the performance goals set by the HTTP Working Group, which is not backward compatible with previous HTTP/1.x servers and clients, therefore the main protocol version augmentation to HTTP/2.

Unless one is executing a web server or a custom client by functioning with raw TCP sockets, the difference will not be noticed and all the new and low level framing will be performed by the client and server on behalf of the user.  The only noticeable difference observed would be the enhanced performance together with the accessibility of new abilities such as request prioritization, server push and flow control.

read more
GadgetsInternet Security

How to Stop Hackers from Using Find my Device to Lock Your Gadget With Ransomware

How to Stop Hackers from Using Find my Device  to Lock Your Gadget With Ransomware

Most companies still work to unlock their computers. Experts detect more than 2,000 cyber attacks against companies from 64 countries using Find My Device option.

Dozens of companies are still working to free their computers, blocked by the data hijacking virus. Some have capitulated and have chosen to pay the pirates, who ask for 300 dollars (264 euros) in bitcoin to release the equipment. The hacker’s address to get the revenue in this crypto-currency has received at least 45 transactions and the equivalent of more than 9,000 euros, according to Blockchain, the platform that supports bitcoin. Information indicating that cybercriminals can not actually unlock stolen data because their email account has been blocked helps to ensure that no payments are being made. Ok, what if your iPhone being hacked by the same cybercriminals who have spread Ransomware.

Although features like “find my iPhone” have helped slow down cell phone thefts, they also provide a new avenue of attack for hackers.

The security feature is now being used by hackers to block the hardware of some Apple users, and blackmail them to pay a ransom, or ransomware, for their devices to be unlocked.

Originally introduced by Apple in 2010, the “Find My Device” service allows users to use the GPS location to find exactly where their iPhone, iPad or Mac is. “Lost Mode” allows users to lock their device remotely, prevent a thief from having access to personal information. But unfortunately, that means that if a cyber hacker steals somebody’s login information, he can use it to ask for redemption to regain access to the device.

The rescue message is displayed on the lock screen itself, often with an address from an account to deposit Bitcoin. In most of the cases, the hacker may demand 0.01 Bitcoin to unlock the device, or about $ 50 dollars.

As in all cases of ransomware, the Find My Device general advice is not to pay for blackmail, as this only encourages hackers to continue with their practice. The best option would be to contact Apple directly to help solve the problem.

Although this is still not a widespread problem, there have been several recent reports from users who find their systems blocked without warning. Macmyth.com claims that it is derived from hacks of third-party services, coupled with the old problem of password reuse. That has led to the blocking of some Apple devices.

It also highlights the fact that one of the key issues with Apple’s Find My Device service is that it does not require two authentication factors. That is understandable considering that an Apple user may have only one device of that brand, and therefore, its use would not be possible if it loses it. But that problem could be solved in the style of Google, which offers a backup on secondary devices for these cases.

Even if you have not been affected by this latest attack, regardless of the brand of your device, it is important to use secure passwords, unique login credentials, and two-factor authentication whenever possible. Although that does not guarantee that you can not be hacked, it makes it more complicated to do so, which is often enough to avoid problems.

read more
Internet Security

Combination of Features Produces New Android Vulnerability

Combination of Features Produces New Android Vulnerability

Cloak and Dagger: Current Android Vulnerability in Mobile Phones

Security researchers has found a serious android vulnerability that can steal any password with Android features. The real bad thing: banking trojan use the method long ago.

Two app rights of the Android operating system can be misused to build a universal keylogger, which reads everything the user of the device taps into the keyboard. In addition, an attacker can use it to give a malicious app unlimited rights. This android vulnerability attacks have revealed several security researchers at universities in UC Santa Barbara and Georgia Tech in the US. They gave android vulnerability the name Cloak & Dagger. The gaps are still open, but Google now prevents apps that they use to be loaded into the Play Store. In addition, Android O (the next version of the operating system) will close the gaps.

Researchers at the Georgia Institute of Technology have discovered how good Android features can be used for malicious android vulnerability on smartphone users. Both SYSTEM_ALERT_WINDOW (“draw on top”) and BIND_ACCESSIBILITY_SERVICE are the security gaps. The former allows you to display important messages about the current app’s current output, which is used to help visually impaired users, Criminal attackers can, however, as the security researchers show, abuse both functions in harmless apps: In several videos, they perform as they lurk in the background with their android vulnerability “Cloak and Dagger” method (night-and-fog-action) Track passwords, and secretly install applications with malicious code and full access rights.

The Android Vulnerability Problem:

Each app can use both functions without having to request special privileges. Attackers can now set harmless apps – such as “sweet cat videos” – in the playstore, which displays invisible buttons via a banking app, with which password entries are recorded or when playing a video loads malicious programs from the Internet and secretly with full rights equip. Worse: This behavior is part of Android’s user guide, so there is no security hole that could be easily closed by a patch. Google’s automated testing of new apps lets many such wolves in the sheep fur. In fact, the security portal The Hacker News has already reported on several banking trojans in the Playstore, which also work with this android vulnerability “Cloak and Dagger” methods.

How Can You Protect Yourself From Android Vulnerability?

Currently, there is no complete protection against this android vulnerability! You should pay particular attention to installing apps only from trusted manufacturers, and you should also set up a protection program on your smartphone. In addition, at least Android 6 can minimize the risk of android vulnerability by allowing you to turn off notifications or allow apps to be used: Go to Settings, then Apps, Gear icon, Show other Apps, now Apps With permission and there for all apps except the absolutely necessary (such as trustworthy calendar, alarm clock). The rest will be done by Google: First, the Android vendor has to check the apps in the Playstore more intensively, secondly, to prevent the abuse of SYSTEM_ALERT_WINDOW and BIND_ACCESSIBILITY_SERVICE. The latter is still working for the upcoming Android 8, which is to put now common android vulnerability the craft by new security functions. Whether this current android vulnerability Cloak and Dagger on the current Android versions ever completely stopped.

read more
1 2
Page 1 of 2