New Android ransomware locks out victims by changing lock screen PIN

Ars Technica reported on a new Android ransomware that locks out victims by changing lock screen PIN.

Dubbed Android/Lockerpin.A, the app first tricks inexperienced users into granting it device administrator privileges. To achieve this, it overlays a bogus patch installation window on top of an activation notice. When targets click on the continue button, they really grant the malicious app elevated rights that allow it to make changes to the Android settings. From there, Lockerpin sets or resets the PIN that unlocks the screen lock, effectively requiring users to perform a factory reset to regain control over the device. By contrast, earlier forms of Android ransomware generally were thwarted, usually by deactivating administrator privileges and then uninstalling the app after the infected device is booted into safe mode.

“After clicking on the button, the user’s device is doomed,” Lukas Stefanko, a researcher with antivirus provider Eset, wrote in a blog post published Thursday. “The trojan app has obtained administrator rights silently and now can lock [the] device—and even worse, it set[s] a new PIN for the lock screen. Not long after, the user will be prompted to pay a $US500 ransom for allegedly viewing and harboring forbidden pornographic material.”

Why would a developer be able overlay a notice?

Premium Android hits the wall

Charles Arthur wrote about Premium Android hitting the wall.

“Premium” Android is getting torn apart, piranha-style. Cheaper phones from Chinese companies such as Xiaomi, Huawei, OnePlus, and Oppo are taking away their high-end Chinese business. Slowdowns in developing countries (notably south America) are killing sales there.

And in the west, there isn’t the same appetite for continued upgrades that there was; people are upgraded out. Does the Galaxy S6 really offer anything special over the S4 or S5? If anything, Samsung has pared back on both the software and hardware features – it doesn’t have some of the weird things where you waved hands to scroll screens, nor the microSD card and removable battery that a number of previous Samsung buyers liked. As I said before, Samsung must know how many people actually use the removable battery. But maybe that’s like buying a car with airbags: you don’t expect to need them, you just want to know they’re there in an emergency.

[…]

I don’t think the crash in premium Android sales is a one-off. The competition from low- and mid-priced devices is fierce now, and yet these companies don’t seem to be putting any clear blue water between them; they’re not offering anything better than they did a year ago.

Case in point: Samsung’s Galaxy Note 5 has a smaller battery, also non-removable, than last year’s Note 4; and no SD card – which has pissed off some former Note buyers. How does that compete against the Xiaomis and Oppos and OnePlus phones of this world, which are much the same spec for less? Or even the iPhone 6 Plus, which has a better-adapted app store, and costs less?

Samsung is getting squeezed on both ends. Trying to be the premium Android brand isn’t and won’t work unless Samsung tries to be innovative instead of attempting to be an Apple clone.

A backwards S-Pen can permanently damage the Galaxy Note 5

Ars Technica reported on how a backwards S-Pen can permanently damage the Galaxy Note 5.

The right way to dock the S-Pen into the device is to slide the pointy end in first, but if you slide the blunt end in first, the S-Pen will get jammed in the device. The spring mechanism that holds the pen in will clamp down on the wrong end of the S-Pen and won’t let go. It is possible to wiggle the pen free from the spring’s hold, but when we tried it, the S-Pen detection features stopped working.

Normally on the Note 5, removing the S-Pen when the screen is off will launch a quick note taking app, and removing it when the screen is on will launch the radial S-Pen menu. After putting the S-Pen in backwards and wiggling it out, all of these features stopped working.

We can see that they put in a lot of thought into the design of the device.

Two weeks with the Apple Watch

I wrote on my blog about my thoughts on Apple Watch after two weeks with it. The most common comment I come across is how people worry about the watch’s battery.

Battery life: Battery life information can be relegated to a glance instead of occupying a space on the watch face. It’s not turned on for any watch face by default. I put it in to help me gauge the average battery life. When I remove the watch to charge it just before I sleep, the battery is usually around 40-45%. On days of heavier usage, I ended up with 35-40% battery. I believe that concerns about the watch’s battery life are unfounded. You’ll only run out of battery if you forget to charge it, or if you are fiddling with the watch all day.

The watch charges very quickly. It took less than an hour to go from 35% to 100%. So even if you really forgot to charge the watch before you sleep, you can still get it fully charged in the morning.

A week without the Apple Watch

Lee Paterson wrote on waitingtoDownload about his week without the Apple Watch.

My first full work day without my watch was an interesting one, I found myself looking down to check the time on my wrist rather than my phone. It’s a habit that developed quickly once I started to wear a watch again and obviously missed.  All I can do is laugh to myself when all I see is skin (then turn around to make sure no one saw me)… 

I have done that several times when I just woke up. Lift my wrist to check the watch, only to realise I haven’t put it on.

Aside from checking the time (and date) I’ve found myself missing complications. I frequently use the timer one when I’m cooking and resorted back to the good old kitchen timer this week.  Complications have become part of my information stream I use the MODULAR watch face that shows me my next appointment, activity levels and a timer.  I’ve missed being able to see this at a glance and reached for my phone more that I’d like.

The timer has been very useful. I have started using it for my pomodoro session.

It may seem silly

John Gruber wrote about the Jon Evans piece, “Don’t be Apple”.

Jon Evans argued that since Apple has a centralised ecosystem, there is a chance that Apple can turn it into a surveillance system for the government. Hence, we shouldn’t be using Apple products. Can you work out the logic in that?

At which point we’d be forced to continue using these spyware Apple products because… ? And engineers at Apple would continue working for the company rather than resigning en masse because… ? And Apple would suffer no bad publicity for its cowardice because… ? Because: Tim Cook could surely flip a switch that would enable this surveillance without anyone noticing.

This advice is madness. Evans is recommending against using a platform that is secure and private today, from a company with a consistent decades-long track record in this regard, because in the future they might turn coat and become an accomplice of government mass surveillance, even though, if that came to pass, we could and would all just abandon the use of Apple products.

This is just ridiculous fear-mongering using a hypothetical situation. As Gruber puts it, even if it does come to that, we have the choice of ditching Apple. Why stay away from a secure platform that champions privacy just because of what might, as remotely as it can be, happen?

But wait, that’s not all.

Jon Evans:

But I have a sneaking suspicion that over the next year this dispute will grow more and more concrete. Maybe, as this contrast heightens, Apple will see the light; maybe instead of fighting jailbreakers, they will offer jailbreaking and sideloading as an option for power users out of the box, just as Android does. That alone would be a huge seismic shift.

So he wants a secure ecosystem to be made with a possible exploit so that users will feel more secure. I’ll give you some time to wrap your head around that.

Don’t expect iPhone 6S to save Apple

Therese Polettie wrote on MarketWatch, “Don’t expect iPhone 6S to save Apple.”

Apple needs to be saved? Oh yeah, because of this.

New data uncovers the surprising predictability of Android lock patterns

Ars Technica reported on new data that uncovered the surprising predictability of Android lock patterns.

Now, Android lock patterns—the password alternative Google introduced in 2008 with the launch of its Android mobile OS—are getting the same sort of treatment. The Tic-Tac-Toe-style patterns, it turns out, frequently adhere to their own sets of predictable rules and often possess only a fraction of the complexity they’re capable of. The research is in its infancy since Android lock Patterns (ALPs) are so new and the number of collected real-world-patterns is comparatively miniscule. Still, the predictability suggests the patterns could one day be subject to the same sorts of intensive attacks that regularly visit passwords.

Marte Løge, a 2015 graduate of the Norwegian University of Science and Technology, recently collected and analyzed almost 4,000 ALPs as part of her master’s thesis. She found that a large percentage of them—44 percent—started in the top left-most node of the screen. A full 77 percent of them started in one of the four corners. The average number of nodes was about five, meaning there were fewer than 9,000 possible pattern combinations. A significant percentage of patterns had just four nodes, shrinking the pool of available combinations to 1,624. More often than not, patterns moved from left to right and top to bottom, another factor that makes guessing easier.

[…]

Data breaches over the years have repeatedly shown some of the most common passwords are “1234567”, “password”, and “letmein”. Løge said many ALPs suffer a similar form of weakness. More than 10 percent of the ones she collected were fashioned after an alphabetic letter, which often corresponded to the first initial of the subject or of a spouse, child, or other person close to the subject. The discovery is significant, because it means attackers may have a one-in-ten chance of guessing an ALP with no more than about 100 guesses. The number of guesses could be reduced further if the attacker knows the names of the target or of people close to the target.

This reminds me of how important and useful TouchID is. It is so easy to shoulder surf, even unintentionally. Don’t take my word for it. Be more aware when an Android user unlock their phone near you next time.

Even when told not to, Windows 10 just can’t stop talking to Microsoft

Ars Technica reported on Windows 10 talking to Microsoft even when told not to.

For example, even with Cortana and searching the Web from the Start menu disabled, opening Start and typing will send a request to www.bing.com to request a file called threshold.appcache which appears to contain some Cortana information, even though Cortana is disabled. The request for this file appears to contain a random machine ID that persists across reboots.

[…]

Some of the traffic looks harmless but feels like it shouldn’t be happening. For example, even with no Live tiles pinned to Start (and hence no obvious need to poll for new tile data), Windows 10 seems to download new tile info from MSN’s network from time to time, using unencrypted HTTP to do so. While again the requests contain no identifying information, it’s not clear why they’re occurring at all, given that they have no corresponding tile.

Other traffic looks a little more troublesome. Windows 10 will periodically send data to a Microsoft server named ssw.live.com. This server seems to be used for OneDrive and some other Microsoft services. Windows 10 seems to transmit information to the server even when OneDrive is disabled and logins are using a local account that isn’t connected to a Microsoft Account. The exact nature of the information being sent isn’t clear—it appears to be referencing telemetry settings—and again, it’s not clear why any data is being sent at all. We disabled telemetry on our test machine using group policies.

When disabling services doesn’t really disable them.

Hackers can remotely steal fingerprints from Android phones

ZDNet reported on how hackers can remotely steal fingerprints from Android phones.

The attack, which was confirmed on the HTC One Max and Samsung’s Galaxy S5, allows a hacker to stealthily acquire a fingerprint image from an affected device because device makers don’t fully lock down the sensor.

Making matters worse, the sensor on some devices is only guarded by the “system” privilege instead of root, making it easier to target. (In other words: rooting or jailbreaking your phone can leave you at a greater risk.) Once the attack is in place, the fingerprint sensor can continue to quietly collect fingerprint data on anyone who uses the sensor.

“In this attack, victims’ fingerprint data directly fall into attacker’s hand. For the rest of the victim’s life, the attacker can keep using the fingerprint data to do other malicious things,” Zhang said. And that’s a big problem. Fingerprints might be commonplace in mobile payments and unlocking devices, but they have been used more in the past five years also for identity, immigration, and for criminal records.

Fault lies firmly with the device makers. Food for thought for people who like to root their Android devices.