Wow. How is that possible?
LAS VEGAS — All a relatively skilled hacker needs to do to turn an Android smartphone into a powerful surveillance machine — a so-called SpyPhone — is to copy and paste some malicious code into an innocuous-looking app like Angry Birds, and then get the phone owner to install it.Once that's done, he will be able to surreptitiously track the phone's location, read texts, emails, take pictures, record video or audio, and monitor pretty much everything the phone does. In other words, the hacker now has full remote control of the phone.SEE ALSO: ACLU: Carriers Leaving Android Users Susceptible to MalwareThat's what Kevin McNamee, Director of Kindsight Security Labs, showed step by step during a talk at the Black Hat security conference on Wednesday.SpyPhone software — or monitoring malware — is nothing new. Apart from commercial and legal applications that let a mother monitor what her kids are doing, there are also more questionable ones. Nations use SpyPhone malware as a cyber espionage tool to spy on their adversaries through apps that contain trojan viruses. That's what happened to Tibetan activists, for example, as Mashable reported in March.But it's not only far-away activists that should be worried.According to a survey that sampled 500,000 mobile phone subscribers, 1 in 800 was infected by SpyPhone malware. Some of the results of the survey, made by Lacoon Mobile Security in partnership with a global cellular provider, were presented (.PDF) at a separate Black Hat talk."People don't yet realize the potential impact that mobile malware can have," McNammee told Mashable.McNamee created his SpyPhone software precisely to show how powerful mobile malware can be — and how easy it is to create and distribute. He said it only took him and his colleagues two weeks to write the code, because they used standard and widely available Android APIs. In fact, his SpyPhone software doesn't take advantage of any exploits or vulnerabilities, and doesn't actually need to compromise the phone in any special way.What McNamee and his colleagues have done was write code that can be injected into any existing app, be it Angry Birds, Facebook or any app available on the Google Play store. The code makes the app access all the functionalities that hackers would need to spy on a victim. At that point, a malicious hacker would just have to repackage the app and put in the wild.
Nexus 4 owners are complaining over overheating, devices in infinite boot loop, frozen "X" screens and more.Android 4.3 has probably been the most talked about incremental update released by Google for some time. For first-generation Nexus 7 owners, it's supposedly breathing new life back into the tablet thanks to a new garbage collection feature that speeds up the storage I/O process. However for many Nexus 4 owners, the new update has been more of a nightmare.Customers are beginning to flood Google's Product Forums, most of which claim that after updating to Android 4.3, their Nexus 4 either gets stuck in a never ending "boot loop", their device freezes at the "X" splash screen, or the home button stops working after rebooting.There are also reports that the update is now causing an overheating issue, touch has stopped working altogether, and the device itself running extremely slow. Unlocking the phone has its own set of issues, and many users claim that apps and photos have even disappeared."I updated it today morning and my gallery is all messed up," reports one Nexus 4 owner. "Thumbnails of deleted pics are still shown in the Gallery, and when you click on the thumbnail the later pictures come up. So if u try to delete the thumbnails the new pictures are getting deleted."What a mess. Currently the only fix for these instances is to somehow flash the device to an older version of Android, or reset it to the factory default settings.There also seems to be a problem with Netflix, Android 4.3 and the Nexus 4. Users claim that after the update, launching the Netflix app will cause some handsets to freeze up (aka Sleep of Death), thus forcing owners to reset the device after long-pressing the power button. Android engineer Dan Morrill has confirmed the Netflix issue and said that a fix is in the works.Given the rising number of complaints over the last several days, Nexus 4 owners may want to hold off in upgrading to Android 4.3 for now. Google pumped out 4.2.1 "Jelly Bean" rather quick after v4.2 caused such a fuss, thus Nexus 4 owners may see a fix just as quick very soon (if it comes down to that).
Later this month, Google will be releasing a new Android Device Manager to help you find your lost Android phone. Yes, it took Google this long to release its own app to locate your lost Android device.Not only will you be able to locate your lost phone on a viewable map, the updated ADM will ring your device at maximum volume. And if it's gone for good, then you can wipe your device remotely.
