Year-Old Android Security Flaw Puts Millions at Risk

When it comes to Android phones, nearly fifty percent are still prone to security bug which provokes the attackers to either replace or modify these apps by using malware without the knowledge of the users. The same information was reported by the researchers at Palo Alto Networks.

Even though the security flaw was discovered a year back, the Android 4.3 distributed by some of the vendors are still vulnerable to the flaws. Vendors have already been altered by the Palo Alto Networks research team about the potential flaw and its vulnerability which includes Amazon, Google and Samsung handsets. Nearly 89% of the Android devices were prone to the exploit when it was first discovered in Jan 2014. As if now Android 4.4 has managed to get a fix to this flaw through proper upgrading.

Malware distribution with Arbitrary Permissions: 

Phones which are still running on older Android versions are still at risk. According to the security researchers they were able to duplicate the attack on the Samsung’s Galaxy S4 phones and calling this as the Android installer hijacking. According to the researchers from the Palo Alto Networks, they have ensured that an app has been available on Google Play that will help the people to scan their phones to check out for potential risk and vulnerability. The team has ensured that this app is on open source and the code is available on a GitHub repository.

Companies who are concerned can take actions to mitigate these risks. Researchers state that companies should withhold permissions from new apps that seek access to their log-cat making space for potential exploitation. Companies can stop further risk by avoiding employees from using any kind of rooted devices.

Even though exploit does not rely on any kind of rooted devices for causing any harm they make these devices more susceptible. The exploit is based on the susceptibility in the Android OS which makes the hijackers to take over the Android APK installation process. They can spread the malware with illogical permissions.

Application developers need to be beware: 

These vulnerabilities can be used in different ways by an attacker. Simple example is the prompting of a person to install an application that is false but might seem legitimate. The main reason being the app does not require any special kind of permissions.

Whenever a user downloads an app from a third part app store, it opens up the chances of attackers to use malware while the permission screen is still being displayed. Application developers are required to get cautious about these attacks. Since mobile ads and apps do not rely on Google play making to save apps in an unprotected storage.

This will allow the attackers to replace the current apps with malware. There are instances where in the first app might be prompted to advertise about another app in itself. When the user will try to download the second app, the first app will modify itself and potentially open up the space for malware attacks.

CAPTCHAs May Do More Harm Than Good

If you have been presented with the choice- CAPTCHAs or Password, I am pretty sure passwords will take the cake and emerge as winners as the most preferred choice of internet users. CAPTCHA also known as the “Completely Automated Public Turing Test to Tell Computers and Humans Apart” was created with the aim of foiling bots from their attempts of creating mass accounts on the websites.

After account creation, these can potentially lead to the exploitation of the accounts for malicious works like spewing spam by some of the online lowlifes. But the recent technological advancements also highlighted that the highly acclaimed use of letters for differentiating between human and machines might have become old school.

According to the study conducted by Distil Networks, whenever a user visiting a website is offered with a CAPTCHA, statistics indicates that nearly 12% of these visitors tend to discontinue with the main purpose of visiting these websites.

The study also suggested that when it comes to mobile users, nearly 27% of them abandon their task when they are presented with CAPTCHAs. As per Rami Essaid, Distil CEO and co-founder, if these CAPTCHAs are creating problem when carrying out any transactions then eventually it will lead to loss of money or even the user for the website.

Evolution of the Bots: 

According to Distil the idea behind the study was initiated by their customers. One their customer was looking into the fraud problem when they identified that using their CAPTCHA decreases the conversion by nearly 20%.

The results indicated that the people are starting to get too much annoyed by the CAPTCHAs online that they prefer to abandon the websites rather than carrying out the specific transactions. Essaid highlighted that there is a wide gap between mobile and desktop abandonment and this is mainly attributed to usage. He further added that these CAPTCHAs were meant for desktops and there is nothing which has been fully formed.

The purpose of blocking the bots itself has created a problem. Bots have now evolved and able to solve CAPTCHAs which might have been difficult in the past.

Bad certification: 

A rogue certification being used for spoofing the company’s live services was already issued by Microsoft. Even though this certificate cannot be used for issuing or impersonate another domain or sign code but it can certainly be used for spoofing content, phishing and middle attacks.

According to Kevin Bocek, vice president for security strategy, cybercriminals are increasing using certificates as their main targets. Fraudulent tricks are being used for acquiring these certificates. With nearly 200 public Certificate Authorities being trusted around the world, it is easy to get hands on a valid certificate. Even though Microsoft has been taking stern action against these but the solution is only applicable to their products.

Freak: 

Freak was another vulnerability that was discovered earlier this month. Through this an attacker can stop using the128-bit encryption by forcing SSL and then start using 40-bit encryption, which is easily crack able. Even though initial studies highlighted the impact of Freak on the browser communication but the latest studies highlights its significant impact on mobile apps as well.

Bee Behaviour Mapped By Tiny Trackers

The new tracking device

Ecologists have now come up with a new and improved tracking device in order to monitor bee behaviour. The new device can cover upto a range of 2.5 meters (8.2ft) unlike the previous devise used which had a restricted range of reach to 1 centimetre (0.4 inch).

As per Dr Mark O’Neill this new device has been created from off-the shelf technology and it is ideally based on equipment used to track pallets in warehouse. This tracker comprises of a specially designed aerial and a standard radio frequency identification also commonly known as RFID which as per Dr Mark O’Neill is much thinner and lighter than the previously used models to track small insects. This allows Dr O’Neill to widen the range. Readers which are connected to Raspberry Pi Computers pick up the signals from the kit and log the readings.

The technical director from Newcastle-based tech firm Tumbling Dice who is also the engineer is trying to patent the invention. He said that he wanted to make a lot smaller optimised aerial components and the first stage was to make raw pre-production tags utilising components that could be easily purchased.

He added by saying that he felt like he was doing a surgery while soldering them at his desk and he has made 50 of these as of now. As per Dr O’Neill a worker bee on an average spends 20 minutes on forage time which eventually would work around 1km which is equivalent to 0.6 miles on the forage time.

Specimens used: 

This device has been fitted only the worker bees which do not mate. As per Dr Mark O’Neill most worker bees die of old age and the attrition field of these bees are very low. He also added that if any animal ate one of these worker bees then there would be a tracker in its stomach. He said that that the minute trackers are just 8mm which is 0.3 inches high and 4.8 which is 1.9 inches in width and take 5 to 10 minutes to attach to the bees with superglue. These bees are chilled to make them passive first before they are fitted with the device.

Also being concerned about the bees, Dr Mark O’Neill informed British Broad Casting (BBC) that he only hopes that the trackers which weigh less than the bees are attached to the centre of gravity which apparently would not affect their flight and also would be attached to the bees for their expected life span of three months. While commenting the same Dr Mark O’Neill also acknowledges that these bees make a lot of noise.

A restoration ecologist from Kew Gardens, Dr Sarah Barlow was a part of testing these trackers which is yet to be named. She informed that these are all a huge leap forward in radio technology and as of now there is no one with a decent medium to long range tag yet which is suitable for flying on small insects. She added that this new leap forward will help scientists to track bees in the landscape.

‘Nano-Earthquakes’ Result in Faster Electronic Components

Scientists from the Royal Melbourne Institute of Technology are working towards rocking the world of electronics. According to researchers Dr. Sumeet Walia as well as Dr. Amgad Rezk, the main key to connect the power of 2D materials lies under the Nano-earthquakes. They added that they have been able to find that the sound waves, if properly controlled will be able to influence the electronic properties of 2D materials such as graphene.

What are these earthquakes? 

The earthquakes as being referred by the researcher are no way linked with the actual earthquakes creating havoc around the world. But they are referring this to so called SAWs, which are surface acoustic waves, with the ability to circulate through a material. The researcher used this material as a source of photoluminescence rather than a semiconductor.

They took a layer which was coupled with several atoms to a substrate to understand the behaviour of SAWs rippling across the surface of the material. According to the experiment conducted by the researchers, they have utilized molybdenum disulfide, which is a quasi-2D material, with the ability to act as a semiconductor just like silicon.

The team was further able to modulate the electronic properties of the 2D material by controlling the intensity as well as direction of the ripples throughout the experiment. This research shed critical light on the relationship existing between the electronic performance of the molybdenum disulfide layer and the nano-quakes. Researchers found that with the increase in the intensity of the ripples, there was an increase in the photoluminescence property of the 2D material. More number of ripples led to the emitting of light from the layer.

What is the use of this technology? 

Scientists believe that the sound waves starts acting like the carriers of electrons and there by dragging them throughout the surface of the material as they are circulating. This is the main reason for change in the electronic property of the material. This ensures that the electrical conductance of the material is constantly increased till the time system is active.

The researchers believe that this technology will have lot of uses in the near future in terms of 2D materials, mainly towards the opto-eletric applications. A simple example is the camera quality in the Smartphone. The cameras of the Smartphones are often criticized for their low quality and poor adaptation to the dark due their small sensor size. Just image having a smartphone having a sensor made out of the 2D material which will increase the sensitivity of the lenses in the darkness by using the sound waves in the camera module. The manipulation of the sound as well as the 2D materials can certainly lead to an improvement in the solar panels as well.

As per the RMIT research team, increasing desirability of 2D materials has made this technology very strong and robust. They added that once the acoustic vibrations were stopped during the experiment, the molybdenum disulfide layer of the material regained its unique electronic state and no damage was seen in the material.

Discover Asteroids for NASA with This Free App

Now everybody will be able to help NASA by identifying new asteroids for them. Asteroid tracker desktop software has been released by the space agency today at the southwest today. This software has been released in collaboration with the Planetary Resources, which is an asteroid mining company. This conjunction happened through an online competition.

The new Asteroid Tracker Software: 

Reports suggest that this software has the ability to run on any standards PC and MAC. The software will be able to capture images from a telescope and in turn run it through an algorithm and thereby determine as to why some of the celestial bodies are on par and consistent with the asteroid behaviour.

Asteroid Data Hunter App: 

The Data Hunter app enabled with the Asteroid tracker software can be easily installed on any MAC computer or personal computer. The Online competition, which resulted in the development of the new app, was ended in December. This hunter app, however, requires the astronomers to have a little experience about the astronomy to operate it efficiently. Any original images captured from this new app can be reported out to Minor Planet Centre for further confirmation. This app can be downloaded on Topcoder.

The New Algorithm: 

The space agency claims that this new algorithm has been their biggest achievement. The agency reported that compared to the previous version, this new algorithm has the capacity to spot 15% more asteroids in the asteroid belt located between Mars and Jupiter. Another advantage of the algorithm is not only limited to the identification of asteroids in the space, but it can also endeavour to match these asteroids with the NEOs (near-Earth objects). Any amateur astronomer by means of this new app will be able to examine images which have been taken from the telescopes. These amateur astronomers can also send any of these images which match with the asteroid to be considered as part of the NASA database.

Benefits of the new algorithm: 

NASA seems to have been struggling with the increasing number of NEOs swirling around the earth and this new algorithm can be quite useful for handling this complicated situation. Through this efficient algorithm, the space agency will be able to track down possible asteroids which can be threatening to our Earth. Through this new app and contribution of astronomers, the agency will be able to sort out possible candidates for future missions related to asteroids.

NASA has been very much interested in locating space rocks that can be harmful to Earth from a very long time. The space agency is also hopeful of redirecting an asteroid and further placing it in moon’s orbit. This is expected to happen in the next few decades, post which the agency is hoping to send astronauts to further study this space. They are planning to carry out this process by means of Orion spacecraft as well as the space launch system. The space agency understands that there is immense mineral wealth in a single asteroid.