Daily Archives: June 17, 2015
Bugs in Android can now make you Richie rich as Google is ready to pay $40000 to find critical flaws in OS
Want to get rich? Well, looks like it’s time to take out some flaws.
Google, the search giant will start paying to those security researchers a reward of $40000 (£25600) who will fond bugs in its Android devices. Bugs have to be found in its first extension of the “Big Bounty Program” of its mobile OS. Further announcements have also been made by the company about the new program which ensures third-party security software by nudging the developers on Android operating system to avoid usage of out-to-date applications in programming libraries.
As per Adrian Ludwig, lead of Android security department Google see’s mobile becoming arguably the most important way people connect to the internet which provides two-factor authentication as well. The root of trust lies in the way that users interact and is the reason most security research is still focused on legacy systems. Google has taken a step to move that, by incentivizing security researchers to focus their energy on mobile. This new scheme will be named as (ASR) Android Security Reward currently which will follow the success of Google Chrome Browser, a similar program to ASR. Company paid more than $1.5 million in the year 2014 to security researchers for this purpose.
The plan is to scan Android apps for software libraries which could pose a security threat was taken in 2014 and will now be rolled out beyond its experimental introduction. As part of the scanning of apps, The Company plans to don’t just look for intentionally bad behavior anymore but also for mistakes in the overall system. A really obvious example of what the team is looking out for includes a version of Open SSL that’s an old version. Starting about a year ago, they began scanning apps and notifying developers if they have made that sort of mistake. An advertisement also quoted about it saying ” Our goal is to get to the point where there’s a common baseline. We want to put structures in place to help developers update their apps, so the quality of all apps rises .”
Vulnerabilities which will be affecting the company’s two of the Android OS devices, Nexus 6 and Nexus 9 will have to be claimed by the developers. This may be mainly due to the company’s un-ability to identify and verify bugs in its own devices or manufacturers additions in fragmentation of the Android market. There are varying rewards based on sliding scales. It ranges from $500 for a minor bug to $38000 for a severe bug with vulnerability alongside a remote exploit of proof-of-concept including method to fix the issue. ” Our goal is that this could be a full-time research and a very well-paid opportunity, “ says Ludwig.
To fix this a Google security scheme called Project Zero has been introduced by the company for its practice of releasing proof-of-concept exploits for other companies’ devices. Previously-unknown vulnerabilities are identified, disclosing them within a time limit of 90 days to manufacturers to fix it.
Android users on Samsung mobile devices could be vulnerable to a new type of security hack. The security flaw was discovered by Ryan Welton from NowSecure. He detailed his findings at the Blackhat Security Summit in London. The hackable exploit arises from the pre-installed SwiftKey keyboard. As Swiftkey searches for updates to its language packs over unencrypted lines, via plain text, it is susceptible to malicious security apps from any spoofed proxy server. Using this as a keyhole, Welton could scale up the attack to basically take over a vulnerable mobile device while the user remains unaware. The bug affects over 600 million Samsung users, including those using the Galaxy S6.
If an attacker exploits the keyboard flaw, he could remotely eavesdrop on incoming and outgoing messages or voice calls. An attacker could also access GPS sensors, cameras, and microphones as well as install malicious apps without the user’s knowledge or consent. Savvy attackers can also use the bug to access sensitive files like photos and text messages.
Welton discovered the attack late last year and alerted Samsung and the Google Android security team. Not long after, Samsung came out with a patch distributed to mobile networks, but it’s unclear if carriers have passed the patch down to all their customers’ devices on the network.
According to NowSecure, “We can confirm that we have found the flaw still unpatched on the Galaxy S6 for the Verizon and Sprint networks, in off the shelf tests we did over the past couple of days.”
SwiftKey reached out to assure users, “We’ve seen reports of a security issue related to the Samsung keyboard. We can confirm that the SwiftKey Keyboard apps available via Google Play or the Apple App Store are not affected by this vulnerability. We take reports of this manner very seriously and are currently investigating further.”
As SwiftKey is a default keyboard, there is no way to uninstall it. Even if the keyboard isn’t being used, it still makes the phone vulnerable. Samsung mobile users are advised to reach out to their mobile carriers and ask if a patch is available. Otherwise, it’s a good idea to stay away from unknown Wi-Fi networks.
The Asia-Pacific region steamed past Europe in terms of private financial wealth in 2014, according to estimates released by Boston Consulting Group on Monday.
In 2014, BCG estimates that eastern and western Europe combined had a private wealth of $42.5 trillion, beaten by Asia-Pacific’s rapidly growing pile, now worth $47.3 trillion. The Asia-Pacific figures exclude Japan, which gets its own estimate.
BCG doesn’t provide a long-run estimate for when the last time Asia-Pacific was likely wealthier than Europe. The report has been produced for 15 years, but given the performance of the two continents throughout history, it’s likely to have been hundreds of years since Asia came out on top.
That goes all the way back to a period in history known as the Great Divergence. During the industrial revolution and even before, European wealth and living standards overtook previously more prosperous Asian civilisations.
Here’s how the distribution looks:
With Asian private wealth growing much more quickly than North American or European wealth, the Asia-Pacific region is expected to keep building on its current position. By 2019, BCG expect Asia to have more than a third of the $222 trillion global total.
They also expect that Asian financial wealth will surpass the North America’s by 2016 — in fact, including Japan, Asia is already the wealthiest region in the world.
Here’s what BCG’s report says on the global trends:
From a regional, the growth of private wealth continued in most markets in 2014, but at significantly different rates. A strong “old world versus new world” dynamic was observed, with the so-called new world growing at a far faster pace.
Here’s how fast each region grew in 2014, and BCG’s estimate of its total financial wealth.
North America: $50.8 trillion (+5.6%)
Asian-Pacific (ex-Japan): $47.3 trillion (+29%)
Western Europe: $39.6 trillion (+6.6%)
Japan: $14.3 trillion (+2%)
Middle East and Africa: $5.7 trillion (+9.4%)
Latin America: $3.7 trillion (+10.5%)
Eastern Europe: $2.9 trillion (+18.8%)