Wednesday, September 27, 2017

Dirty COW, an Exploit in the Linux Kernel, is Now Being Abused on Android by ZNIU

Dirty COW (Dirty Copy-On-Write), or CVE-2016-5195, is a 9-year-old Linux bug that was discovered in October last year. It is one of the most serious bugs to have ever been found within the Linux kernel, and now malware dubbed ZNIU has been found in the wild. The bug was patched in the December 2016 security update, but any devices which haven't received it are vulnerable. How many devices is that? Quite a lot.

As you can see above, there are actually a sizable number of devices from pre-Android 4.4, when Google started making security patches. What's more, any device on Android 6.0 Marshmallow or lower is actually going to be at risk unless they received any security patches past December 2016, and unless said patches properly targeted the bug. With the negligence of many manufacturers to security updates, it's hard to say that most people are actually protected. An analysis by TrendLabs has revealed a lot of information about ZNIU.

ZNIU – The First Malware using Dirty COW on Android

First let's get one thing clear, ZNIU is not the first recorded usage of Dirty COW on Android. In fact, a user on our forums used the Dirty COW exploit (DirtySanta is basically just Dirty COW) to unlock the bootloader of the LG V20.  ZNIU is only the first recorded usage of the bug being used for a malicious purpose. It's likely this is because the application is incredibly complex. It seems to be active in 40 countries, with over 5000 infected users at the time of writing. It disguises itself in pornography and game applications, present in over 1200 applications.

What does the ZNIU Dirty COW malware do?

Firstly, ZNIU's Dirty COW implementation only works on ARM and X86 64-Bit architecture. This doesn't sound too bad, as most flagships on 64-Bit architecture usually will have the December 2016 security patch at least. However, any 32-Bit devices may also be susceptible to lovyroot or KingoRoot, which two of the six ZNIU rootkits use.

But what does ZNIU do? It mostly appears as a pornographic related app, but again can also be found in game related applications. Once installed, it checks for an update for the ZNIU payload. It will then begin privilege escalation, gaining root access, bypassing SELinux and installing a backdoor in the system for future remote attacks.

Once the application has initialized and the backdoor is installed, it begins to send device and carrier information back to a server located in mainland China. It then begins to transfer money to an account via a carrier's payment service, but only if the user infected has a Chinese phone number. The messages confirming the transactions are then intercepted and deleted. Users from outside of China will have their data logged and a backdoor installed but will not have payments made from their account. The amount taken is ridiculously small as to avoid notice, the equivalent of $3 a month. ZNIU leverages root access for its SMS related actions, as to interact at all with SMS an application would normally need to be granted access by the user. It can also infect other applications installed on the device. All communications are encrypted, including the rootkit payloads downloaded on the device.

Despite said encryption the obfuscation process was poor enough that TrendLabs were able to determine the details of the web server, including location, used for communication between the malware and server.

How does the ZNIU Dirty COW malware work?

It's fairly simple how it works, and fascinating from a security perspective. The application downloads the payload it needs for the current device it's running on and extracts it to a file. This file contains all script or ELF files required for the malware to function. It writes then to virtual Dynamically Linked Shared Object (vDSO), which is usually a mechanism for giving user applications (ie, non-root) a space to work within the kernel. There is no SELinux limit here, and this is where the "magic" of Dirty COW really happens. It creates a "reverse shell", which in simple terms means that the machine (in this case, your phone) is executing commands to your application instead of the other way around. This allows the attacker to then gain access to the device, which ZNIU does by patching SELinux and installing a backdoor root shell.

So what can I do?

Really, all you can do is stay away from applications not on the Play Store. Google has confirmed to TrendLabs that Google Play Protect will now recognize the application. If your device has the December 2016 security patch or later you are also completely safe.

Source: TrendLabs



from xda-developers http://ift.tt/2hynnQ8
via IFTTT

Posted by at No comments:

LaunchEnr is a Simple, AOSP-Style Launcher with Many Android Oreo Features

Custom launchers are the first thing that comes to mind when people think about Android customization. After all, the home screen can be considered as the main UX element of your phone and can be customized in many different ways, going from a simple icon change to a complete overhaul of every aspect of the launcher. There are many different alternatives including Nova Launcher, Action Launcher, Lawnchair, you name it. However, those looking to keep it simple while getting some additional features also have many options available. One of them being LaunchEnr.

LaunchEnr is developed by XDA Senior Member ivn888, and it's based on AOSP Launcher3, meaning that Pixel Launcher/AOSP Launcher users will feel right at home with LaunchEnr. It also adds lots of useful, essential features. It includes icon pack support, dark and light theme options, per-app icons and labels, app hiding, unread count notification badge features, home screen rotation, and a lot more! It also lightens the stock AOSP code of Launcher3, replacing some deprecated methods and effectively optimizing the app. With the 2.0 update, it also includes all Android 8.0 Oreo standard features, like round/adaptive icon support, notification badges, further code optimizations, and more.

However, you should try it out in order to actually experience the whole LaunchEnr feature set. You can download it on the Play Store, where it's available as a free application with no ads included. The developer also has an official XDA thread, where he delivers official updates and changelogs (as well as including the APK for each and every update). The developer is also active on the forums, picking up bug reports. It's still marked as a beta, so you will probably find some bugs here and there. But we are really excited to see development coming along nicely, and we are looking forward to future LaunchEnr releases coming soon.

LaunchEnr (Free, Google Play) →

Source: Forums



from xda-developers http://ift.tt/2fQAFr6
via IFTTT

Posted by at No comments:

Tuesday, September 26, 2017

Source: Pixel 2 XL has Stereo Speakers, Always Listening “Music Recognition”, and Portrait Mode

The Google Pixel 2 and Pixel 2 XL is set to be announced on October 4th with multiple color options and a hefty price tag. While these two smartphones have had a lot of information leaked so far, one of the most controversial changes is the lack of a 3.5mm headphone jack. This has been corroborated by our own sources, 9to5Google, @evleaks, and others, so it's safe to say that the next generation Pixel 2/2 XL smartphones will not feature a headphone jack.

Users have been wondering if, at the very least, Google would offer dual stereo speakers on these smartphones. Though previous leaks have affirmed the existence of dual speakers on the smaller Pixel 2 model, some were wondering if this would be true on the larger Pixel 2 XL model. After speaking with our source, we can confirm that the Google Pixel 2 XL will indeed have dual stereo speakers on front much like its smaller counterpart.

That isn't all that we've learned, however. Over this weekend, the founder of AndroidPolice Artem Russakovski shared some unverified rumors from a source who spent time with the Verizon Google Pixel 2. Our own source independently corroborates most of these claims. That means we believe both the Google Pixel 2 and Google Pixel 2 XL will have the following features:

  • New "Portrait Mode" feature in the Google Camera app. This feature focuses on the main person in frame and blurs out the background to produce an image in vein of a live portrait. This feature is said to be similar to the Portrait Mode found on the iPhone 7 Plus.
  • Revamped Pixel Launcher with the search bar at the bottom. This was accidentally shown off at this year's Google I/O, and 9to5Google was able to capture a video of it in action. Some of you may not like how it looks, but the beauty of Android is that you can always install another launcher.
  • New "Music Recognition" feature. According to the settings page for this feature, "when music is playing nearby, it will automatically show up on your lock screen." Even though Google Assistant itself doesn't yet have song recognition (though there's a workaround for that), it seems that Google will somehow be able to listen for songs in the background and recommend them to you on the lock screen. Those of you worried about privacy will probably want to keep this feature disabled.
  • Squeeze to launch Google Assistant. We already leaked the existence of this feature back in July, but Artem's tweets now corroborate this further.
  • Always on Ambient Display mode. We've covered this feature on multiple occasions, and given that it's actually live in AOSP and can even be enabled on existing Android Oreo devices, this is probably Google's worst-kept secret feature for the Pixel 2 series.

There are bound to be other leaks of features and hardware of the Google Pixel 2 and Google Pixel 2 XL in the coming days. We're only a few days away from the official announcement, so there's a lot to look forward to in the next week. Though the loss of the 3.5mm headphone jack port is disappointing to many, perhaps having dual, front-facing stereo speakers will assuage those concerns somewhat. Furthermore, those new Google Assistant-enabled headphones might come in handy in the future—perhaps if they release another model at a lower price.



from xda-developers http://ift.tt/2hwtfwO
via IFTTT

Posted by at No comments:

Google Prepares to Better Integrate Android Things with Chromecast in Android P

Earlier this year, we got our first glimpse at Android Things, previously called Brillo, along with several developer previews to date. Android Things aims to be an Android-based solution for embedded systems. As an OS for the Internet of Things (IoT), it's designed to work on systems with as low as 32 MBs of RAM. While it sounds promising, we probably won't see many Android Things devices in the wild until next year when the OS is more mature. This means we're sure to see more improvements in the coming months. One such improvement that we've spotted in the source code is Chromecast integration, set to be rolled out with the release of Android Things based on Android P (9.0).

We discovered this recent commit in the Chromium Gerrit. It introduces a new volume control API, which is an Android Things system API (it will be a public API when Android P comes around) to synchronize the volume level between Android Things and Chromecast devices. This is a pretty small change, but it's noteworthy as it shows how Google is working to better integrate the Android Things and Chromecast platforms.

The end goal of Android Things is to integrate Android with every device in your household. As such, this is just one small change of many to come for Android Things-powered systems to integrate seamlessly with the rest of the Google ecosystem. We have previously shown our excitement for Android Things and all its capabilities and potentials, and seeing more of these capabilities slowly come to life only increases our excitement further.

Android Things is currently on its 5th developer preview, and as we said earlier, it's really unlikely that we'll be getting finalized versions before the end of the year. We expect to hear more about the new IoT OS during the course of the next year.



from xda-developers http://ift.tt/2hy35pU
via IFTTT

Posted by at No comments:

Firefox Quantum to Be Released in November, Beta & Developer Edition Available Now

The folks over at Mozilla have been busy lately with a number of different projects under the Firefox umbrella. Earlier today we talked about how an upcoming update to Firefox will be dropping support for Flash and now we have information about the browser engine they've been working on. What was previously known as Project Quantum is now slated for release in version 57 of Firefox and should make its way to the stable branch in the middle of November.

Project Quantum is something Mozilla has been working on for a while and it's something we touched on last month as well. A lot of the work done by web browsers today is thanks to the rendering engine they use and that's what Mozilla has been attempting to improve. With Project Quantum, the goal is to replace some of the components of their Gecko engine with code that has been pulled from the Servo engine. The Servo engine is far from complete, but Mozilla has been working to bring some of its best features to Gecko.

Mozilla feels the transition to Firefox Quantum is such a big leap that you'll instantly feel the difference when loading up your favorite websites. A popular way of measuring the speed of a website is with the Speedometer 2.0 benchmark (that is currently still in development). Using this as a base for comparison, the company says Firefox Quantum is about twice as fast as Firefox was a year ago. They've even released a video of the beta so you can see how it compares to Chrome

We recommend you check out their blog for the technical details of the changes that went into this new update. If you're not interested in that though, you should be aware that this update is scheduled to be released via the stable branch of Firefox on November 14th. However, you can try it in Beta on desktop, Android, and iOS if you'd like, while web developers are encouraged to check out the Developer Edition version here.

Source: Mozilla Blog



from xda-developers http://ift.tt/2xup6jp
via IFTTT

Posted by at No comments:

How to Test the Quality of your Charging Cables

Recently XDA TV got to take a look at the Allmaybe chargers that will change the way you charge your phone. Complete with Quick Charge compatibility, a host of safety features, and an LCD screen displaying useful information, the Allmaybe chargers are the best option for people who want to get serious about how they charge their device.

We used the Allmaybe charger to test the quality of some of the cords we have lying around. It's probably not something you think about very often, but some cords are much worse than others and can take significantly longer to charge your phone. You can plug any cord in and read the amount of power it's transferring to your phone. We even checked to see what would happen when you use a USB extension cord with your cable and you can watch the current going into the phone drop significantly.

The LCD screen on the Allmaybe charger will display the charging level, voltage, and capacity.

There are two USB ports in the Allmaybe charger. Each one is independent of the other. This means that charging two devices wont cause you to loose power in either port. Charge both of your Quick Charge compatible phones at once and save room at your wall outlet.

Knowing the quality of your cables can save you from bringing a bad cable along when you're traveling. You can also use this on wireless headphones, cameras, bluetooth speakers, or anything that takes a charge from a USB cord.

The Allmaybe EU2 has Quick Charge 3.0 with super compatibility.

The Allmaybe EU2-ST has an output power of 24W.

The Allmaybe charger is only $30 on Amazon and is available for Prime 2-day shipping as well. Use the links below to pick one up for yourself.

If you want to learn more about your phone's charging standard, check out our XDA Portal's in-depth article here.

Get the Allmaybe EU2 Get the Allmaybe EU2-ST
We thank Allmaybe for sponsoring this post. Our sponsors help us pay for the many costs associated with running XDA, including server costs, full time developers, news writers, and much more. While you might see sponsored content (which will always be labeled as such) alongside Portal content, the Portal team is in no way responsible for these posts. Sponsored content, advertising and XDA Depot are managed by a separate team entirely. XDA will never compromise its journalistic integrity by accepting money to write favorably about a company, or alter our opinions or views in any way. Our opinion cannot be bought.



from xda-developers http://ift.tt/2xDBXyM
via IFTTT

Posted by at No comments:

LG Brings Google Assistant Support to Nearly 90 of Their Appliances

Google may have been late to the embedded virtual assistant market but since they released the Google Assistant SDK we've started to see a number of OEMs start to use it. It's allow for companies to create their own connected speaker while adding more competition and options for customers. It has also enabled some to add connected features to an assortment of smart home devices. This is what we're seeing today with an announcement from LG which brings Google Assistant support to almost 90 of their smart appliance products.

While LG's mobile division has been losing hundreds of millions of dollars year lately, other parts like their appliances and TV division has been able to keep the company in the black. In fact, the company's board was so happy with how well the LG appliance division had been doing, that they appointed the person in charge as the CEO of the entire company. Since then, we've seen the company take a completely new direction with its products.

LG has been working to make their appliances smarter as of late and this addition of Google Assistant allows them to take it to the next level. The company has used its SmartThinQ application to control almost 90 of their appliances so far but this new update will allow them to work hands-free. So it doesn't matter if you're using Google Assistant on your smartphone, or a connected speaker such as Google Home, you can issue simple voice commands to have your appliances work for you.

LG has even announced a new feature for their appliances called Adaptive Learning. The goal here is to monitor how you use your appliances and then attempt to predict what you need before you even initiate something. The company says they'll use this data to do things such as "alert owners to order filter refills for the refrigerator or air purifier and it can troubleshoot lint build-up in the dryer."

Source: LG Newsroom



from xda-developers http://ift.tt/2yqorMQ
via IFTTT

Posted by at No comments:
Subscribe to: Posts (Atom)