Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies

April 4, 2024Android Firmware

Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies

Apr 03, 2024NewsroomMobile Security / Zero Day

Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies.

The high-severity zero-day vulnerabilities are as follows –

CVE-2024-29745 – An information disclosure flaw in the bootloader component
CVE-2024-29748 – A privilege escalation flaw in the firmware component

“There are indications that the [vulnerabilities] may be under limited, targeted exploitation,” Google said in an advisory published April 2, 2024.

While the tech giant did not reveal any other information about the nature of the attacks exploiting these shortcomings, the maintainers of GrapheneOS said they “are being actively exploited in the wild by forensic companies.”

“CVE-2024-29745 refers to a vulnerability in the fastboot firmware used to support unlocking/flashing/locking,” they said in a series of posts on X (formerly Twitter).

“Forensic companies are rebooting devices in After First Unlock state into fastboot mode on Pixels and other devices to exploit vulnerabilities there and then dump memory.”

GrapheneOS noted that CVE-2024-29748 could be weaponized by local attackers to interrupt a factory reset triggered via the device admin API.

The disclosure comes more than two months after the GrapheneOS team revealed that forensic companies are exploiting firmware vulnerabilities that impact Google Pixel and Samsung Galaxy phones to steal data and spy on users when the device is not at rest.

It also urged Google to introduce an auto-reboot feature to make exploitation of firmware flaws more difficult.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

link … Read More ...

March 28, 2024Android Apps

Free VPN apps on Google Play turned Android phones into proxies

Android

Over 15 free VPN apps on Google Play were found using a malicious software development kit that turned Android devices into unwitting residential proxies, likely used for cybercrime and shopping bots.

Residential proxies are devices that route internet traffic through devices located in homes for other remote users, making the traffic appear legitimate and less likely to be blocked.

While they have legitimate uses for market research, ad verification, and SEO, many cybercriminals use them to conceal malicious activities, including ad fraud, spamming, phishing, credential stuffing, and password spraying.

Users may voluntarily register on proxy services to get monetary or other rewards in return, but some of these proxy services employ unethical and shady means to install their proxying tools on people’s devices secretly.

When secretly installed, victims will have their internet bandwidth hijacked without their knowledge and risk legal trouble due to appearing as the source of malicious activity.

Proxying Android VPN apps

A report published today by HUMAN’s Satori threat intelligence team lists 28 applications on Google Play that secretly turned Android devices into proxy servers. Of these 28 applications, 17 were passed off as free VPN software.

Satori analysts report that the offending apps were all using a software development kit (SDK) by LumiApps that contained “Proxylib,” a Golang library to perform the proxying.

HUMAN discovered the first PROXYLIB carrier app in May 2023, a free Android VPN app named “Oko VPN.” The researchers later found the same library used by the LumiApps Android app monetization service.

“In late May 2023, Satori researchers observed activity on hacker forums and new VPN applications referencing a monetization SDK, lumiapps[.]io,” explains the Satori report.

“Upon further investigation, the team determined that this SDK has exactly the same functionality and uses the same server infrastructure as

March 23, 2024Android Apps

Google’s Surprise New Update Brings Unique iPhone Feature To Android Phones

Android and iPhone users may jealously protect their phone platform of choice, but secretly, both camps know there are some features the other phones have that theirs do not. Google is now, it seems, addressing one place it underperforms, by improving Google Wallet so it can be better at something the iPhone does brilliantly: digital tickets and boarding passes.

Google Wallet just got a lot more like Apple Wallet.

David Phelan

March 21 update below. This post was first published on March 18, 2024.

Both Apple Wallet and the equivalent on Android phones, Google Wallet, are good when it comes to housing digital versions of credit and debit cards. But the iPhone version has always been stronger for passes—it’s no coincidence that it originally used to be called Passbook.

MORE FROM FORBESGoogle Pixel 8 Pro: Smart New Feature Neatly Upgrades Pixel ExperienceBy David Phelan

Because it’s done this for longer, apps for airlines, theaters, concert halls and others routinely include a button designed to add them to the Wallet where they’re easily found.

It now looks like the passes that slide so easily into the iPhone Wallet app could pop into Google Wallet just as smoothly. Android writer Mishaal Rahman posted on X that files in the .pkpass format used by Apple can now be imported into Google Wallet.

And 9to5Google has followed up by saying that other users have confirmed that they have been able to do the same, though this doesn’t seem to have rolled out to everyone yet.

When it is more widespread, this will be a significant uptick in convenience. Those websites and apps with buttons inviting users to click to add passes to Apple Wallet all too often did not include an equivalent for downloading to Google Wallet.

Android owners warned of bank-raiding attack that’s found a new way to hide in plain sight on their phones

ANDROID owners have been warned that an invisible bank thief could be hiding in plain sight on their phones.

A banking trojan malware, known as PixPirate, has been discovered on phones without an app icon – making it impossible to detect by the untrained eye until victims see their cash is gone.

The malware can steal bank details and two-factor authentication codes to make unauthorised money transfersCredit: Getty

Cyber experts at Cleafy TIR first documented the threat last month, where they found it had been targeting Latin American banks.

Typically, smartphone owners can spot if they have installed a malicious app because an icon will appear on their home screen.

However, PixPirate does not use an app icon.

This has allowed hidden malware to run rampant on Android phones – even on handsets with the latest Android 14 software.

In a separate investigation by IBM’s security company Trusteer, researchers explain that this new version of PixPirate versions uses two different platforms that work together to steal information from devices.

The first is the ‘downloader’ that victims accidentally install from phishing messages received via WhatsApp or text.

The ‘downloader’ app requests invasive permissions when users install it, which, if they approve, will allow the app to install a second app which carries the banking malware.

Silent fraud

PixPirate has remote access capabilities, meaning hackers can force actions on a device without the owners knowledge or consent.

Most read in Phones & Gadgets

It’s this that has allowed the malware to steal bank details and two-factor authentication codes to make unauthorised money transfers.

Android owners have been urged to be cautious when installing apps and clicking links in messages.

Links to avoid are Android Package Files (APKs) which are what are used to disguise PixPirate.

A Google spokesperson told Bleeping

March 13, 2024Android Google

New Android features coming to phones and smartwatches

6. View your health, wellness and fitness data in one place

See a more complete picture of your health right in the redesigned Fitbit app through Health Connect — with data from your favorite wearables and apps like AllTrails, Oura Ring and MyFitnessPal. In the Fitbit app on your Android phone, head to the You tab to see data from connected apps next to your Fitbit data. And in the Today tab, you can see data like exercise, steps, calories burned, floors climbed and distance traveled from Health Connect-compatible apps.

link … Read More ...

February 25, 2024Android Google

Google Photos Android 14 share sheet appears on Pixel phones

Back in October, Google Photos started rolling out a native Android 14 share sheet instead of its custom implementation, and we’re not seeing it widely available on Pixel phones.

Android 14 allows developers to add application-specific actions to the system share sheet. Google Photos has long used a custom implementation with a “Send in Google Photos” carousel of people and shortcut to create a “New group.” This is followed by high-level buttons for “Nearby Share” and “Create link,” while “Share to Apps” appears at the bottom.

Google Photos is now replacing its custom implementation with a native one. The “Sharing image” sheet features a preview, with support for multiple pictures. You then get a carousel of actions: Create Link, Send in Photos, Add to Album, and Create Album.

This is followed by the usual Direct Share targets and app grid that you scroll up to access.

In mid-October, the Android 14 Google Photos share sheet only widely rolled out to the Pixel 8 and 8 Pro. We’re now seeing it on every Pixel phone, including the Fold, running version 6.71 of Google Photos. However, it’s not appearing on the Pixel Tablet or a Samsung phone running Android 14.

Meanwhile, Google is also more widely rolling out auto-grouping Stacks and a system photo picker with Google Photos support.

More on Google Photos:

FTC: We use income earning auto affiliate links. More.

link … Read More ...

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.