Archive for the ‘Android’ Category

tv-pure google

According to The Independent, Google’s voice search function doesn’t just turn on when you ask it to. Rather, it records almost everything.

Feeling unnerved yet? Well, it gets even wilder. You see, you can listen to the recordings Google has stored and associated with your name simply by visiting this webpage.

There’s also this webpage that will show you how much Google knows about your every move on the internet.

Both webpages will contain information from not only computers but any Android device you’ve logged in to your Google account.

How to Delete the Recordings

Luckily, if you’re not too happy about Google having potentially hours of your voice in its database, you can delete those files.

Beside each file’s title you’ll see a checkbox.

google-speach

Just select the three dots top right and select delete    google-voice-delete

How to Stop Google from Recording You Again

Now, as The Independent points out, stopping Google from recording you does result in some limited functionality if you’re using an Android phone or the company’s search.

However, you may be someone whose concern for privacy is much greater than finding what you’re looking for easily. If so, begin by never using Google’s voice search functions again. Follow up by disabling Google’s voice search.

  1. Navigate to Settings
  2. Tap the General tab
  3. Under “Personal” find “Language & keyboard”
  4. Find “Google voice typing” and tap the Settings button
  5. Tap “Ok Google” Detection
  6. Under the “From the Google app” option, move the slider to the left. If Google voice is already enabled move the slider to the left of “From any screen” or “Trusted Voice” and the “From the Google app” will appear.

 

android-wear-lollipop-watchface-variety-970-80Do you own a Smartwatch? If yes, then how safe it is? There are almost 100 percent chances that you own a vulnerable Smartwatch.
Computer manufacturer Hewlett-Packard is warning users of smartwatches including Apple Watch and Samsung Gear that their wearable devices are vulnerable to cyber attacks.
In a study, HP’s Fortify tested today’s top 10 smartwatches for security features, such as basic data encryption, password protection and privacy concerns.
The most shocking part of the study was that –
 

Not even a Single Smartwatch Found to be 100 percent Safe

Security experts found that 100 percent of wearable devices contained at least one serious security vulnerability that could make the devices vulnerable to hackers.
With the increase in the adoption of smartwatches, manufacturers need to pay closer attention to the customers’ security because these wearable devices could potentially open doors to new threats to personal and sensitive information.

“As the adoption of Smartwatches accelerates, the platform will become vastly more attractive to those who would abuse that access, making it critical that we take precautions when transmitting personal data or connecting Smartwatches into corporate networks,” Jason Schmitt, general manager at HP’s Security Fortify said in a statement.

The study [PDF], no doubt, had included Smart watches by Apple, Pebble, Samsung and Sony, as it claims to have picked top 10 smartwatches.

Here’s the list of issues reported by HP:

1. Lack of transport encryption – Though all products implemented transport encryption using SSL/TLS, 40 percent of devices found to be either vulnerable to the POODLE attack, allowing the use of weak cyphers, or still using SSL v2.
2. Insecure Interfaces – Three out of ten smartwatches used cloud-based web interfaces and all of them were vulnerable to account harvesting. This allowed unlimited login attempts, helping hackers guess passwords.
3. Insufficient User Authentication/Authorization – Three out of ten smartwatches completely failed to offer Two-Factor authentication, or the ability to lock accounts after 3 to 5 failed password attempts.
4. Insecure Software/Firmware – 7 out of 10 smartwatches had issues with firmware updates. The wearable devices, including smartwatches, often did not receive encrypted firmware updates, but many updates were signed to help prevent malicious firmware updates from being installed. While a lack of encryption did not allow the files to be downloaded and analyzed.
5. Privacy Concerns – Smartwatches also demonstrate a risk to personal security as well as privacy. All the tested devices collected some form of personal information, including username, address, date of birth, gender, heart rate, weight and other health information.
The experts said it would not disclose the names of smartphone manufacturers whose watches they had tested, but they are working with vendors to “build security into their products before they put them out to market.”
Meanwhile, HP urges users to not connect their smartwatches to the sensitive access control functions like cars or homes unless strong authorization is offered.
Recommendations
HP has the following recommendations for those looking to use or produce smartwatch devices in a more secure manner:
Consumer
• Do not enable sensitive access control functions (e.g., car or home access) unless strong authentication is offered (two-factor etc).
• Enable passcode functionality to prevent unauthorized access to your data, opening of doors, or payments on your behalf.
• Enable security functionality (e.g., passcodes, screen locks, two-factor and encryption).
• For any interface such as mobile or cloud applications associated with your watch, ensure that strong passwords are used.
• Do not approve any unknown pairing requests (to the watch itself).
Enterprise Technical Teams
• Ensure TLS implementations are configured and implemented properly.
• Protect user accounts and sensitive data by requiring strong passwords.
• Implement controls to prevent man-in-the-middle attacks.
• Build mobile applications (specific to each ecosystem) into the device – in addition to any vendor-provided or recommended apps.
tv crime2We are living in an era of smart devices that we sync with our smartphones and make our lives very simple and easy, but these smart devices that inter-operates with our phones could leave our important and personal data wide open to hackers and cybercriminals.
Security researchers have demonstrated that the data sent between a Smartwatch and an Android smartphone is not too secure and could be a subject to brute force hacks by attackers to intercept and decode users’ data, including everything from text messages to Google Hangout chats and Facebook conversations.
This happens because the bluetooth communication between most Smartwatches and Android devices rely on a six-digit PIN code in order to transfer information between them in a secure manner. Six-digit Pin means approx one million possible keys, which can be easily brute-forced by attackers into exposing entire conversations in plain text.
Researchers from the Romania-based security firm Bitdefender carried out a proof-of-concept hack against a Samsung Gear Live smartwatch and a paired Google Nexus 4 handset running Android L Preview. Only by using sniffing tools available at that moment, the researchers found that the PIN obfuscating the Bluetooth connection between both devices was easily brute forced by them.
(Brute force attack is where a nearby hacker attempts every possible combination until finding the correct one. Once found the right match, they were able to monitor the information transferring between the smartwatch and the smartphone.)
Of course, this means an attacker would have to be fairly near the victim and log all intercepted Bluetooth data packets. The large-scale adoption of such an exploit could be fueled by the increasing number of smartwatches or smartbands. Weaponizing it could only be a matter of time.

For this proof-of-concept, a Nexus 4 Android device equipped with Android L Developer Preview and Samsung Gear Live were used. The implications of these recent findings are only moderately surprising – we know from past experience that adoption of new technologies does not always go hand-in-hand with better security practices.

Part of the mitigation process involves using NFC pairing when sending the pin code or the use of pass-phrases. Of course, there’s always the option of adding a secondary layer of encryption at the application level, but this might shorten battery life due to extra encryption computations.

TV_Android

About 460 of the top 500 Android applications create a security or privacy risk when downloaded to Android devices, according to new research. And that’s largely because of a lack of user education and the fact that mobile users don’t mind sharing personal information for free apps in return.

MetaIntell, a vendor that specializes in cloud-based mobile risk management (MRM), set about testing the top apps in a range of stores, including Amazon, CNET, GETJAR and the official Google Play store. It found that more than 92% of the applications it tested used non-secure communication protocols, while 60% communicate with domains that are blacklisted by a reputation service.

Additional risks included developer reputation, content vulnerabilities and 20% of the apps tested had the ability to load external applications either locally or remotely – all without the express consent or knowledge of the user.

Digging deeper into the data, MetaIntell rated the risks so high on many applications that 42% of them should not be allowed onto any consumer or enterprise-owned device.

These results are from an analysis of the apps that people download the most – suggesting that much more user education is necessary when it comes to mobile use.

“What most people do not fully appreciate are the risks associated with downloading apps from the million-plus Android applications available in app stores,” the company explained in the research. “Most users assume that applications are trusted if they are offered in an official app market. App stores typically make no guarantee about the trustworthiness of the products they offer. Most often, applications are developed and hosted in the apps markets with no risk assessment.”

The reality is, almost any application can become the source of serious threats that can affect both the device and the intranets to which that device connects, which can have serious ramifications in an enterprise setting. Users should approach app downloads with this in mind – especially corporate users.

“Access to personal data is what makes mobile applications uniquely useful and relevant to users,” said Chris Hazelton, research director for mobile and wireless at industry analysts 451 Research, in a statement. “In exchange for free apps, consumers are willing to share personal data with third party developers. Companies cannot afford to do this, and must control access to data on mobile devices – creating a real need for greater transparency and control of the apps that are available to employees from public app stores.”

So how can mobile device users and enterprises protect themselves from risky mobile applications? By not downloading applications that carry risk, of course – and that means being vigilant about reading the terms and conditions of apps and understanding what one is agreeing to when downloading. “Threats occur where risk conditions exist. Eliminate the risk and avoid the threat,” said Kevin Mullenex, CEO of MetaIntell.

Unfortunately, that will be easier said than done.

 

Source: infosecurity-magazine

tv crime2
So this post has come about by one of my friends posting the below video from LiveLeak on Facebook which is quite terrifying if you are a parent. But have no fear I will tell you how to stop people from tracking you or your child.

video pic

Some cameras, smartphones and tablets add location data to each picture you take. This means that anyone who wants to can see the exact longitude and latitude of the image. Geotagging data is wonderful for finding out where a picture was taken. However, it may not be obvious if you don’t know how to view it. For those who want to find out whether photos have been geotagged before posting them online, it is important to know how to check. The process is simple and helps to have better control over your pictures.

Is Your Camera Geotagging

Before viewing or checking for location data, you should know whether your camera is geotagging your pictures. Any camera you use must have GPS enabled in order for geotagging to occur. This is most common in smartphones, but some digital cameras have this capability as well. Without this feature, no location data is embedded in images. Remember that this data, called EXIF data, is invisible unless you know how to look for it.

What You Need

To view EXIF data, all you need is a web browser. There is no need to download extra software on your computer. Navigate to Jeffrey’s EXIF Viewer. Unlike many other tools available, this one keeps it simple and focuses on location information so you don’t have to sort through a lot of unnecessary data. Another benefit is the wide variety of file types that are supported. You would have to have some extremely rare file types for this tool not to work for you.

Using Jeffrey’s EXIF Viewer

This tool provides two different options for viewing geotagged images. The first allows you to view information from images already online. The second allows you to check images before they are posted online.

For online images, open the picture in your browser. Copy the URL of the image. The quick way is to highlight the URL and press Ctrl + C. Open the browser window with Jeffrey’s EXIF Viewer. Paste (Ctrl + V) the URL into the Image URL box. Press View Image At URL. You will see a few details about the camera, the date the image was taken and finally the location data along with a map.

For images stored on your computer, press Browse beside the Local Image File box. Choose the file in question and press View Image From File. You will see the same data the online option.

Testing it

Here is a picture I took in the summer of an exhibition about the activist group Anonymous

Post Picture

Now right click on the image and select ‘Copy Link Address’

Navigate to http://regex.info/exif.cgi and pastie the link into the URL Image box

Hit ‘View Image at URL’ and there you go.

location

Although the image on the page is a bit small, you can see tones of data including an arrow pointing to the Museum of London in the UK which is correct.

Now just imagine if this was a picture of your child on a social media site and the person viewing wanted to track them or their school down. Have no fear the following steps will tell you how to stop this from happening.

What can you do to protect yourself from stalkers and other bad guys using geotags to track you down?

Consider turning off location services on some location sharing apps

Find the location sharing settings on your smartphone and turn off the ones that you think might pose a personal safety risk. You can always turn them back on later if you want to.

Most smartphones will let you turn off location sharing for individual apps as an alternative to turning them off globally.

There are some apps such as ‘Find My iPhone’ that you won’t want to disable location sharing on. If you do disable location sharing on apps like ‘Find My iPhone’, then your phone won’t be able to relay its position and you won’t be able to find it using the ‘Find My iPhone’ service should it get lost or stolen.

Remove geotags from your digital photos

If you want to remove geotag information from your image files then you can use an app such asdeGeo (iPhone) or Photo Privacy Editor (Android) to remove the geotag info from your photos.

Consider turning off the location sharing setting of your phone’s camera app as well so that the GPS info does not get recorded as part of the picture’s meta data, this will save you the hassle of having to strip out the location data later on.

How do I turn off Geotaging on my Smart phone

Android 4.2 phones

  1. Start camera application
  2. Hit the Settings button
  3. Scroll down and find the GPS Tag option and turn it off

In older versions, the option may be called “Store Location,” but is it essentially the same process.

BlackBerry 6.0 and 7.0

RIM suggests through the online documentation that disabling geotagging be done on BlackBerry Enterprise Server,  which would work from an admin’s point of view if an agency uses BES. If not, to turn the setting off on an individual BlackBerry  phone:

  1. Open Camera
  2. Set the Location icon to “Disabled”

For some earlier versions, hit the Menu and Option buttons before changing the setting.

iPhone 4 and 5

  1. Go to Settings
  2. Select General
  3. Select Location Services
  4. Set Camera to “Off”

For older versions users can’t really turn off geotagging for the camera without disabling it for all applications. But location warnings can be set to go off when an application is using them.

Windows Phone 7 and 8

  1. Go to Settings
  2. Navigate to Applications
  3. Scroll down to Pictures & Camera
  4. Set “include location (GPS) info in Pictures you take” to “Off”

I hope this has put your mind at ease, but if you do have any question please contact me. Also please share this on social media sites and on friends pages.

TV_Android

Have you ever wanted to get a little more information from your Android device?

Just dial the below numbers (included the * and #’s)

Android Secrete codes
————————————
1. Phone Information, Usage and Battery – *#*#4636#*#*
2. IMEI Number – *#06#
3. Enter Service Menu On Newer Phones – *#0*#
4. Detailed Camera Information – *#*#34971539#*#*
5. Backup All Media Files – *#*#273282*255*663282*#*#*
6. Wireless LAN Test – *#*#232339#*#*
7. Enable Test Mode for Service – *#*#197328640#*#*
8. Back-light Test – *#*#0842#*#*
9. Test the Touchscreen – *#*#2664#*#*
10. Vibration Test – *#*#0842#*#*
11. FTA Software Version – *#*#1111#*#*
12. Complete Software and Hardware Info – *#12580*369#
13. Diagnostic Configuration – *#9090#
14. USB Logging Control – *#872564#
15. System Dump Mode – *#9900#
16. HSDPA/HSUPA Control Menu – *#301279#
17. View Phone Lock Status – *#7465625#
18. Reset the Data Partition to Factory State – *#*#7780#*#*
19. Format Your Device To Factory State(will delete everything on your phone) – *2767*3855#
20. Hidden Service Menu For Motorola Droid – ##7764726

TV_Android

1. Complete Information About your Phone

*#*#4636#*#*
This code can be used to get some interesting information about your phone and battery. It shows following 4 menus on screen:
• Phone information
• Battery information
• Battery history
• Usage statistics

2. Factory data reset

*#*#7780#*#*
This code can be used for a factory data reset. It’ll remove following things:
• Google account settings stored in your phone
• System and application data and settings
• Downloaded applications
It’ll NOT remove:
• Current system software and bundled application
• SD card files e.g. photos, music files, etc.
Note: Once you give this code, you get a prompt screen asking you to click on “Reset phone” button. So you get a chance to cancel your operation.

3. Format Android Phone

*2767*3855#
Think before you give this code. This code is used for factory format. It’ll remove all files and settings including the internal memory storage. It’ll also reinstall the phone firmware.
Note: Once you give this code, there is no way to cancel the operation unless you remove the battery from the phone. So think twice before giving this code.

4. Phone Camera Update

*#*#34971539#*#*
This code is used to get information about phone camera. It shows following 4 menus:
• Update camera firmware in image (Don’t try this option)
• Update camera firmware in SD card
• Get camera firmware version
• Get firmware update count
WARNING: Never use the first option otherwise your phone camera will stop working and you’ll need to take your phone to service centre to reinstall camera firmware.

5. End Call/Power

*#*#7594#*#*
This one is my favourite one. This code can be used to change the “End Call / Power” button action in your phone. Be default, if you long press the button, it shows a screen asking you to select any option from Silent mode, Airplane mode and Power off.
You can change this action using this code. You can enable direct power off on this button so you don’t need to waste your time in selecting the option.

6. File Copy for Creating Backup

*#*#273283*255*663282*#*#*

This code opens a File copy screen where you can back up your media files e.g. Images, Sound, Video and Voice memo.

7. Service Mode

*#*#197328640#*#*
This code can be used to enter into Service mode. You can run various tests and change settings in the service mode.

8. WLAN, GPS and Bluetooth Test Codes:

*#*#232339#*#* OR *#*#526#*#* OR *#*#528#*#* – WLAN test (Use “Menu” button to start various tests)

*#*#232338#*#* – Shows Wi-Fi MAC address

*#*#1472365#*#* – GPS test

*#*#1575#*#* – Another GPS test

*#*#232331#*#* – Bluetooth test

*#*#232337#*# – Shows Bluetooth device address

9. Codes to get Firmware version information:

*#*#4986*2650468#*#* – PDA, Phone, H/W, RFCallDate

*#*#1234#*#* – PDA and Phone

*#*#1111#*#* – FTA SW Version

*#*#2222#*#* – FTA HW Version

*#*#44336#*#* – PDA, Phone, CSC, Build Time, Change list number

10. Codes to launch various Factory Tests:

*#*#0283#*#* – Packet Loopback

*#*#0*#*#* – LCD test

*#*#0673#*#* OR *#*#0289#*#* – Melody test

*#*#0842#*#* – Device test (Vibration test and BackLight test)

*#*#2663#*#* – Touch screen version

*#*#2664#*#* – Touch screen test

*#*#0588#*#* – Proximity sensor test

*#*#3264#*#* – RAM version