“Dirty” devices…fresh out the box!

Android devices, after being unpacked, have been found to have malware. The devices were not sold via retail outlets. But this is an example of why no device can be considered absolutely safe…anyone can be vulnerable when it pertains to issues of security.


“The Check Point Mobile Threat Prevention has recently detected a severe infection in 36 Android devices, belonging to a large telecommunications company and a multinational technology company. While this is not unusual, one detail of the attacks stands out. In all instances, the malware was not downloaded to the device as a result of the users’ use, it arrived with it.

“According to the findings, the malware were already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain. Six of the malware instances were added by a malicious actor to the device’s ROM using system privileges, meaning they couldn’t be removed by the user and the device had to be re-flashed.”

http://blog.checkpoint.com/2017/03/10/preinstalled-malware-targeting-mobile-users/

Maxthon browser bad?

(Thanks to Justin for warning us…OK, me…about this.)

“…users of the browser…were reassured by the manufacturer that this type of content will not be transferred anywhere without their explicit consent.

“…information transmitted without the user’s knowledge between the Browser and the Maxthon server…about the user’s website browsing preferences, information about his Google searches as well as the complete list of software installed on the user’s computer…

“…the Maxthon browser is not secure.

“It is also worth emphasising that the Exatel’s SOC got in touch with the creators of the Maxthon browser, sending a detailed technical report, with a request for Maxthon to respond, either in the form of a notice sent to the users about the type of data transmitted from their browsers to the Maxthon servers in Beijing, or in the form of a Maxthon browser software patch which would enable the alarmed users to deactivate effectively the transmission of the UEIP files to their servers. This request was ignored.”

https://exatel.pl/advisory/maxthonreporten.pdf

=================================

Our Promise to Users

We at Maxthon take users’ privacy and information security seriously. We keep our users’ information secure and private…

Jeff Chen (CEO of Maxthon)

11:00pm EST, July 14, 2016

http://forum.maxthon.com/index.php?/topic/20208-security-and-privacy-are-top-priorities-at-maxthon/

 

“Overclocking Andy”…(sounds like the title to a movie)

Some televisions sales occur before the Super Bowl. We discussed the availability of 4K televisions, and services which can provide 4K content…

A “4K Ultra HD Blu-ray Player” has been available for sale: the UBD-K8500/ZA from Samsung:  “Stream the latest 4K movies…from online providers such as Netflix and Amazon…play all the old music CDs, DVDs and Blu-ray discs that you have collected…”

According to the user manual:  “Playback may not work for some types of discs, or when you use specific functions…”

————————————————————————————

While talking about e-mail security, Tutanota was mentioned because they promote their service as one of the most secure:

“…While unencrypted emails can be intercepted and analysed with one click, your end-to-end encrypted information can not. With Tutanota we want to protect you from mass surveillance. Now private data remains private!”

In an episode of MR. ROBOT, ProtonMail was used…so I thought to also mention them.  Per their website:

“All emails are secured automatically with end-to-end encryption. This means even we cannot decrypt and read your emails. As a result, your encrypted emails cannot be shared with third parties.

“…By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first.”

——————————————————————————-

To read more about the “ENCRYPT Act of 2016” (H.R.4528), go to https://www.congress.gov/bill/114th-congress/house-bill/4528 …its intent is to disallow states the authority to minimize security measures.

——————————————————————————-

Andy dials-it-up about overclocking…

Also from Andy: “If you can’t hear the sounds that announce incoming calls and other alerts, you can have iPhone flash its LED (next to the camera lens on the back of iPhone)…”

And notifications on iOS can be in the form of “banners”, “badges”, and “interactive alerts”…you can learn about their differences at https://support.apple.com/en-us/HT201925

Logi Circle camera, Intel processors, and Cobra dash cams

Andy interviews:

Vincent Borel of Logitech describes their Logi Circle “home security and connection camera”. It has a rechargeable battery and can stream three hours of video for up to three hours, “2-Way Talk” capability (with audio monitoring), and free 24-hr cloud storage for recorded video that can be downloaded…

Karen Regis of Intel talks about the 6th Gen Intel Core processors which “have been optimized to best run Windows 10, enabling new experiences…and providing more secure computing.”

And Chris Kooistra of Cobra discusses Dash Cams that can “automatically save and protect clips if an impact is detected”.

(i)Phones and security…

During our September 12 show, Justin mentioned an incident when an iPhone was hacked by a guy…I think this may be what he was referring to:

“Watch John McAfee hack a Fox News host’s phone live on air”


Relating to the issue of iPhone security, from an article in the New York Times:

…the Justice Department is engaged in a court dispute with another tech company, Microsoft…the company refused to comply…because the emails were stored on servers in Dublin.

…two types of encoding…end-to-end encryption, which Apple uses in its iMessage system and FaceTime, the video conversation system…

With Apple, the encryption and decryption is done by the phones at either end of the conversation; Apple does not keep copies of the message unless one of the users loads it into iCloud, where it is not encrypted…

The second type of encoding involves sophisticated encryption software on Apple and Android phones, which makes it all but impossible for anyone except the user of the phone to open stored content — pictures, contacts, saved text messages and more — without an access code…