Jump to content

Search the Community

Showing results for tags 'android phones'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station


  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions


  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 6 results

  1. Project Zero calls out Android and Pixel for not fixing a GPU vulnerability. Google's "Project Zero" team of security analysts wants to rid the world of zero-day security vulnerabilities, and that means it spends time calling out slacking companies on its blog. The group's latest post is a bit of friendly fire aimed at the Android and Pixel teams, which Project Zero says aren't dealing with bugs in the ARM GPU driver quickly enough. In June, Project Zero researcher Maddie Stone detailed an in-the-wild exploit for the Pixel 6, where bugs in the ARM GPU driver could let a non-privileged user get write access to read-only memory. Another Project Zero researcher, Jann Horn, spent the next three weeks finding related vulnerabilities in the driver. The post says these bugs could allow "an attacker with native code execution in an app context [to] gain full access to the system, bypassing Android's permissions model and allowing broad access to user data." Project Zero says it reported these issues to ARM "between June and July 2022" and that ARM fixed the issues "promptly" in July and August, issuing a security bulletin (CVE-2022-36449) and publishing fixed source code. But these actively exploited vulnerabilities haven't been patched for users. The groups dropping the ball are apparently Google and various Android OEMs, as Project Zero says that months after ARM fixed the vulnerabilities, "all of our test devices which used Mali are still vulnerable to these issues. CVE-2022-36449 is not mentioned in any downstream security bulletins." The affected ARM GPUs include a long list of the past three generations of ARM GPU architectures (Midgard, Bifrost, and Valhall), ranging from currently shipping devices to phones from 2016. ARM's GPUs aren't used by Qualcomm chips, but Google's Tensor SoC uses ARM GPUs in the Pixel 6, 6a, and 7, and Samsung's Exynos SoC uses ARM GPUs for its midrange phones and older international flagships like the Galaxy S21 (just not the Galaxy S22). Mediatek's SoCs are all ARM GPU users, too, so we're talking about millions of vulnerable Android phones from just about every Android OEM. In response to the Project Zero blog post, Google told Engadget, "The fix provided by Arm is currently undergoing testing for Android and Pixel devices and will be delivered in the coming weeks. Android OEM partners will be required to take the patch to comply with future SPL requirements." The Project Zero analysts end their blog post with some advice for their colleagues, saying, "Just as users are recommended to patch as quickly as they can once a release containing security updates is available, so the same applies to vendors and companies. Minimizing the 'patch gap' as a vendor in these scenarios is arguably more important, as end users (or other vendors downstream) are blocking on this action before they can receive the security benefits of the patch. Companies need to remain vigilant, follow upstream sources closely, and do their best to provide complete patches to users as soon as possible." Google says Google should do a better job of patching Android phones
  2. Karlston

    The Best Android Phones

    The Best Android Phones Shopping for a new phone can be an ordeal. Let us take some of the pain out of it with these picks and tips. Hunting down the best Android phone for your needs is hard work. It's easy to get swayed by a pretty handset design or a convincing salesperson at a retail store. Carriers might tempt you with an affordable 24-month payment plan. But before you make an ill-informed impulse buy, read up. From the bottomless pit of phone choices, we bring you our favorites—including our top picks, the Pixel 3A and OnePlus 7T. All the phones we've selected here have their own advantages, and we've laid them out as honestly as we can. Be sure to check our list of Best iPhones and Best Cheap Phones for more recommendations. You can find all of our latest buying guides here. Updated for April 2020: We've made some substantial changes to this guide, like adding the OnePlus 8 Pro and the LG V60 ThinQ. If you buy something using links in our stories, we may earn a commission. Learn more. Photograph: Samsung Take Our Advice Buy Your Phone Unlocked (and Ignore 5G!) We recommend unlocked phones in this guide. When a phone is sold as "unlocked," it means the phone can be used on multiple wireless carriers/networks. When you buy a phone directly from your wireless carrier, usually on a payment plan, it often comes locked to that network. Carriers are legally required to unlock a phone upon request so you can switch networks, but it's a big hassle. Try to pay full price for your phone, or make sure it specifically says it's unlocked. If that's too expensive, opt for a cheaper model, buy it from the manufacturer directly, or investigate your carrier's policies for unlocking phones. Verizon and Sprint Tips: Buying an unlocked phone is smart (it is!), but even if you do the smart thing, networks like Verizon and Sprint will put up hoops for you to jump through. To find out if your phone works on Sprint, use this page. Verizon users, if you put in your SIM card but still have trouble receiving text messages or something else, contact customer service and have them enable "CDMA-Less roaming." This OnePlus 6T guide may help. The steps should be similar for other phones. You'll also see lots of ads encouraging you to upgrade to a 5G plan and buy a 5G phone. Yes, you do need a new phone that supports 5G to make use of the new network (we have a guide that explains it all), but at the moment 5G is still sparse, only available in certain areas of a handful of cities in the US. Our advice? Think about 5G for the phone you buy next in two years (or more), not for the one you're upgrading to now. Photograph: Google Best Overall Google Pixel 3A and 3A XL The Pixel 3A (9/10, WIRED Recommends) may cost less than $400, but it feels better than many high-end $800 phones, including the standard Pixel 4 (which is also an amazing phone). It has cameras that match almost any device out there, and they take advantage of Google's Night Sight mode, which makes it possible to take night shots and selfies that actually look great. It also has a classy polycarbonate body, which is cheaper but more durable than glass. And it comes with a headphone jack. The interface is speedy because it runs on a great midrange Snapdragon processor, and it gets monthly security and regular feature updates directly from Google (most phones don't). The only downsides: It's splash-proof, not waterproof; the screen isn't as nice (though it is notch-less); and it has no wireless charging. The phone is already a very good deal, but we've seen it dip in price under $350 on several occasions, so you should wait for a sale. Alternatively, you could hold out for its successor, the Pixel 4A, which is expected to launch sometime in May. Works on all four major networks $385 at Amazon $400 at Best Buy Photograph: OnePlus Runner-Up OnePlus 7T The OnePlus 7T (9/10, WIRED Recommends) offers a lot of luxury features we'd expect from a top-tier phone. These include triple rear cameras—2X zoom, 48-megapixel standard, wide-angle—a beautiful dual-tone glass design, a Snapdragon 855+ processor, 8 GB of RAM, 128 GB of storage, and super-fast charging. It also has an excellent 90 Hz AMOLED screen that runs noticeably smoother than almost any other device. Its in-display fingerprint sensor is incredibly speedy, and the phone comes bundled with a case. All for hundreds less than competing phones. The other big benefit is OnePlus' dedication to bimonthly security updates and quick platform updates that add new features. The 7T will likely get the next version of Android much sooner than other, more expensive phones. OnePlus has announced a successor, the OnePlus 8, but it doesn't offer anything dramatically new and isn't as good a value (read on for our thoughts on the OnePlus 8 Pro). Works on AT&T, T-Mobile, and Verizon $599 $499 at OnePlus $542 at Amazon Photograph: Google Best Camera Google Pixel 4 and Pixel 4 XL If you're a shutterbug, then you most likely have heard of Google's Pixel line, regarded as the phones with some of the best cameras on the market (though the iPhone 11 Pro gives it a run for its money). Pixel 4 (8/10, WIRED Recommends) is Google's newest flagship, and its dual-camera system is excellent. Portrait Mode lets you effectively blur out the background of a subject, the 2X zoom telephoto lens is handy for close-ups, and Night Sight mode lights up the darkest scenes—you can even use it to capture starry skies. It packs great performance with a smooth 90-Hz screen similar to the OnePlus 7T, and like Apple's Face ID, you can also use Face Unlock as authentication (Google finally issued an update so it doesn't unlock when your eyes are closed). That's without mentioning all the software smarts that put it a rung above the rest. For example, Call Screen will monitor robocalls for you so you don't have to answer them, and Now Playing uses on-device machine learning to show you songs playing in your surroundings, so you don't need to try and look it up. The biggest downside is battery life, which can barely last a full day if you're a heavy user. If you're going to buy one, opt for the bigger Pixel 4 XL since it has a beefier battery and turn off the interactive wallpapers. Works on all four major networks $900 $599 at Amazon $900 $599 at B&H Photo Video Photograph: OnePlus Best Luxury Phone OnePlus 8 Pro OnePlus' newest phone goes against the company's original ethos of selling high-end phones at an affordable price point. The 8 Pro (8/10 WIRED Recommends) is a flagship phone with a flagship price tag, but it's excellent and still undercuts Samsung's Galaxy S20 by $100. It has a brilliantly sharp and colorful display with a 120 Hz refresh rate, making it one of the smoothest screens to stare at for hours on end. You also finally get proper water resistance and wireless charging (it recharges super-fast if you use OnePlus' wireless charger, too). And OnePlus is quicker than most at software updates, not to mention its user interface is limitless with customization options. The triple-camera system (normal, wide-angle, zoom) can snap some great photos, though it still sits a rung below the Pixel 4 especially in low light and with portrait mode. Battery life will get you through a day (make sure to leave your screen resolution at 2376 x 1080 to conserve power), but it doesn't last quite as long as the S20. And the screen can be a bit finicky because it curves into the edges, making it difficult for it to register my taps when holding the phone one-handed. Still, this is one of the best Android experiences you can get if you don't mind the price. A case comes included in the box. Works on AT&T, T-Mobile, and Verizon $899 at OnePlus Photograph: Motorola Best for $300 or Less Motorola Moto G Stylus Motorola's newest G-series phone, the Moto G Stylus, is a good cheap phone without many flourishes. You get two-day battery life, decent performance, a solid 6.4-inch screen, and an uncluttered Android experience. It also comes with the perks of having a plastic back (it's more durable), a headphone jack, and a MicroSD card slot if you want more than the included 128 GB of storage. The triple-camera system (main, wide-angle, macro) can snap some nice photos with good lighting, too. But it's only $100 less than the Google Pixel 3A and the iPhone SE, two phones that offer so much more. They have cameras that can capture excellent images in low light, superior performance, NFC for contactless payments, and far longer software support. (Motorola is only promising one Android version upgrade for this phone.) And even though this phone does come with a stylus stowed on its underside, it's not easy to write comfortably with as there's no built-in palm-rejection technology. If your budget stops at $300 this Moto will serve you well, but we recommend saving up a little more for another one of our Best Cheap Phones. Works on all four major US networks $300 at Best Buy Photograph: Motorola Multiday Battery Life for Cheap Motorola Moto G Power If you want a reliable phone that you don't need to plug in every day, get the Moto G Power. Its 5,000-mAh battery is bigger than the one in its sibling above, the Moto G Stylus, and it lasts three full days before you'll need to juice it back up. It has the same Snapdragon 665 processor for satisfactory performance and shares other basics like a headphone jack and MicroSD card slot. You get 64 GB of built-in file storage. The cameras aren't the same, and this is where the G Power falters. Like the Moto G Stylus, it can snap some good photos during the day, but unlike the Stylus, it doesn't have a Night mode, which uses a long exposure technique for better low-light images. Its missing presence means the photos it takes at night look pretty poor. This Moto phone will also only get one Android version upgrade, which is a stark contrast to some similarly-priced budget phones from Nokia. Works on all four major US networks $250 at Best Buy Photograph: Nokia Pure Android for Cheap Nokia 7.2 As mentioned above, Motorola offers very limited software support—usually, you get one Android version upgrade, and then your phone is left to languish. HMD, the maker of Nokia phones, is different. Most of its phones are part of the Android One program, meaning the company makes a commitment not only to have no bloatware on the phone but also to deliver two years of Android version and security updates. The Nokia 7.2 is no exception; it has been updated to Android 10. You also get a great 6.3-inch LCD screen (with HDR support, rare in a phone of this price), 128 GB of storage, a decent midrange processor, day-long battery life, and it has the benefit of not looking like a budget phone. The triple-camera experience is solid, too, though it can't match the Pixel 3A's quality. The downsides are that the back is made of glass, so a case is a good idea, and it's only slightly water-resistant, so be careful around the toilet! Works on AT&T and T-Mobile $350 $300 at Amazon $350 $300 at Best Buy Photograph: LG Best for Audiophiles LG V60 ThinQ LG's V60 ThinQ isn't the flashiest phone, but it gets the job done. It has the same Snapdragon 865 processor as some of our high-end picks, so you get great performance, the 5,000 mAh battery can hit two days on a single charge, and there's a huge 6.8-inch screen, which is actually a little too big, but the OLED's quality is excellent and bright. This is also one of the few flagship phones with a headphone jack, and it's paired with a digital-to-analog converter so music going to your corded headphones sounds fantastic. The improved dual-camera system (main, wide-angle) can snap some reliably good photos, though it still can't quite match the likes of the Pixel 4 or the Galaxy S20. The software experience has some quirks, and LG also doesn't have a great track record at consistently delivering updates. There's 5G support, but you can only buy this phone from a carrier—no unlocked version is available. With your purchase, you'll get LG's dual-screen case accessory, which is unique and lets you use two screens at the same time, but the setup is bulky, cumbersome, and not as regularly useful as you'd think. Works on AT&T, Verizon, and T-Mobile $900 at Best Buy (AT&T) Buy at LG Photograph: Samsung Another Great Phone Samsung Galaxy S20 If money is no object, the Galaxy S20 (9/10, WIRED Recommends) has everything you want in a phone and then some. There's wireless charging, a MicroSD card slot, water resistance, long battery life, booming speakers, a nice screen size that fits your palm, and beautifully-made hardware. Not to mention it's powerful with the Snapdragon 865 inside, and the triple-camera setup is fantastic too, allowing you to snap great photos at a variety of zoom levels. Other perks include a bright 120-Hz OLED screen that's bested only by the OnePlus 8 Pro. Samsung does go overboard offering 8K video recording and 5G, which can't really be utilized to their fullest potential at the moment, so don't let those additional features influence your buying decision. Sadly, there's no headphone jack, but you do get decent USB-C earbuds in the box. Why We Chose This S20: There are three flagship Samsung phones this year: the Galaxy S20, S20 Plus, and S20 Ultra. The Plus is $200 pricier but isn't worth the extra cash, and the $1,400 Galaxy S20 Ultra (8/10, WIRED Recommends) is an excellent phone with even better cameras and a much bigger screen—if you want to pay a huge premium for it. Works on all four major US networks. Verizon won't sell the S20 until mid-year. $1,000 at Samsung $999 at Amazon Photograph: Lauren Joseph/WIRED The Phone With a Stylus Samsung Galaxy Note 10 The Galaxy Note 10 is a ginormous Android phone (8/10, WIRED Recommends). It's bigger than big. If that's your thing, you'll also like the included S Pen's new Bluetooth functionality, which lets you use it to do things like open apps and remotely snap pics. This beefy, brawny phone can handle your most demanding tasks with all the latest specs. I recommend picking up a Galaxy S20 instead unless the S Pen is on your mind. Works on all four major US networks $950 at Amazon $950 at Best Buy Photograph: Samsung Honorable Mentions Other Phenomenal Phones There are a lot of Android phones out there, and most of them are not on this list. Here are a few good standouts to also consider. The Samsung Galaxy S10 range is still available, now at a reduced price. They're excellent and powerful phones, with the S10e ($550) especially offering some great value for the money. They all have headphone jacks. The Sony Xperia 5 ($798) is perfect for people who binge-watch movies on their phone because its 21:9 aspect ratio is ideal for cinema. But it is pricey, and its triple-camera system falls short of competitors. There's no wireless charging, either. You can check out our Xperia 1 review for more details. The Xperia 1 is almost exactly the same as the 5, just bigger and more expensive. The LG G8X ThinQ Dual Screen ($650) comes bundled with a case that adds a second screen, and the LG G8 ThinQ ($600) is a year old but it's still powerful and has a high-quality headphone jack like the LG V60. Both don't have as good cameras, though. The Teracube Phone ($300) is not the best phone by any measure and has a poor camera, but it's dead cheap to repair and has a four-year warranty. Photograph: LG Almost Too Cheap (or Old) Half-Hearted Endorsements There are many phones we've previously recommended that are right on the edge. They're either getting old (two-plus years) or getting too weak. We worry they won't have software support beyond this year or may feel too sluggish after the next Android update. You can take the risk to get the savings if you like. The LG G7 ($300), Nokia 7.1 ($209), Samsung Galaxy S9, and Moto G7 are all usable. We just think you're better off with the devices listed here or in our Best Cheap Phones guide. Source: The Best Android Phones (Wired)
  3. Pre-Installed Malware Dropper Found On German Gigaset Android Phones In what appears to be a fresh twist in Android malware, users of Gigaset mobile devices are encountering unwanted apps that are being downloaded and installed through a pre-installed system update app. "The culprit installing these malware apps is the Update app, package name com.redstone.ota.ui, which is a pre-installed system app," Malwarebytes researcher Nathan Collier said. "This app is not only the mobile device's system updater, but also an auto installer known as Android/PUP.Riskware.Autoins.Redstone." The development was first reported by German author and blogger Günter Born last week. While the issue seems to be mainly affecting Gigaset phones, devices from a handful of other manufacturers appear to be impacted as well. The full list of devices that come with the pre-installed auto-installer includes Gigaset GS270, Gigaset GS160, Siemens GS270, Siemens GS160, Alps P40pro, and Alps S20pro+. According to Malwarebytes, the Update app installs three different versions of a trojan ("Trojan.Downloader.Agent.WAGD") that's capable of sending SMS and WhatsApp messages, redirecting users to malicious game websites, and downloading additional malware-laced apps. "The malicious WhatsApp messages are most likely in order to further spread the infection to other mobile devices," Collier noted. Users have also reported experiencing a second trojan called "Trojan.SMS.Agent.YHN4" on their mobile devices after landing on gaming websites redirected by the aforementioned WAGD trojan, which mirrors the latter's SMS and WhatsApp messaging functionality to propagate the malware. Unlike third-party apps downloaded from the Google Play Store, system apps cannot be easily removed from mobile devices without resorting to tools like Android Debug Bridge (ADB). For its part, Gigaset confirmed the malware attack, stating that an update server used by the devices to fetch software updates was compromised and that only devices that relied on that specific update server were affected. The company has since fixed the issue and is expected to push an update to remove the malware from infected phones, according to Born. The development comes a week after cybersecurity researchers revealed a new Android malware that was found to pilfer users' photos, videos, and GPS locations by sending a fraudulent notification posing as a "System Update" that is "Searching for update." Source: Pre-Installed Malware Dropper Found On German Gigaset Android Phones
  4. ISTANBUL (Reuters) - Google has told its Turkish business partners it will not be able to work with them on new Android phones to be released in Turkey, after the Turkish competition board ruled that changes Google made to its contracts were not acceptable. Turkey’s competition authority had fined Google 93 million lira ($17.4 million) in September 2018 for violating competition law with its mobile software sales. The company was given six months to make changes to restore competition. Turkey’s competition board ruled on Nov. 7 that changes which Google made in its contracts with its business partners in line with the board’s demands were inadequate as they still did not allow changes to the default search engine. “We’ve informed our business partners that we will not be able to work with them on new Android phones to be released for the Turkish market,” the Google statement said. “Consumers will be able to purchase existing device models and will be able to use their devices and applications normally. Google’s other services will be unaffected,” it said, adding that it was working with the authority to resolve the issue. Google made the announcement via a Turkish public relations company, which sent the statement to Reuters on Monday after Turkey’s Haberturk reported the move at the weekend. The competition board said it imposed a fine on Google of 0.05% of its revenue per day over the violation and that this would remain in place until all demands were met. Google was given a 60-day period to challenge the ruling. The regulator had asked Google to change all its software distribution agreements to allow consumers to choose different search engines in its Android mobile operating system. The probe was triggered by a filing by Russian competitor Yandex. Haberturk had reported Google had shared in its letter to business partners the contact details of Turkey’s trade minister and the head of its competition authority and called on them to exert pressure in order to change the decision. In January 2019, the competition authority also said it had launched an investigation into whether Google broke competition law with algorithms it uses for searches and to target advertisements. That probe followed a complaint that Alphabet Inc’s Google unit had “abused its dominant position and made the efforts of other companies difficult”, the authority said. Source
  5. Ad giant sued after mobile allowances eaten by hidden transfers Google on Thursday was sued for allegedly stealing Android users' cellular data allowances though unapproved, undisclosed transmissions to the web giant's servers. The lawsuit, Taylor et al v. Google [PDF], was filed in a US federal district court in San Jose on behalf of four plaintiffs based in Illinois, Iowa, and Wisconsin in the hope the case will be certified by a judge as a class action. The complaint contends that Google is using Android users' limited cellular data allowances without permission to transmit information about those individuals that's unrelated to their use of Google services. Data sent over Wi-Fi is not at issue, nor is data sent over a cellular connection in the absence of Wi-Fi when an Android user has chosen to use a network-connected application. What concerns the plaintiffs is data sent to Google's servers that isn't the result of deliberate interaction with a mobile device – we're talking passive or background data transfers via cell network, here. "Google designed and implemented its Android operating system and apps to extract and transmit large volumes of information between Plaintiffs’ cellular devices and Google using Plaintiffs’ cellular data allowances," the complaint claims. "Google’s misappropriation of Plaintiffs’ cellular data allowances through passive transfers occurs in the background, does not result from Plaintiffs’ direct engagement with Google’s apps and properties on their devices, and happens without Plaintiffs’ consent." Android users have to accept four agreements to participate in the Google ecosystem: Terms of Service; the Privacy Policy; the Managed Google Play Agreement; and the Google Play Terms of Service. None of these, the court filing contends, disclose that Google spends users' cellular data allowances for these background transfers. To support the allegations, the plaintiff's counsel tested a new Samsung Galaxy S7 phone running Android, with a signed-in Google Account and default setting, and found that when left idle, without a Wi-Fi connection, the phone "sent and received 8.88 MB/day of data, with 94 per cent of those communications occurring between Google and the device." The device, stationary, with all apps closed, transferred data to Google about 16 times an hour, or about 389 times in 24 hours. Assuming even half of that data is outgoing, Google would receive about 4.4MB per day or 130MB per month in this manner per device subject to the same test conditions. Putting worries of what could be in that data to one side, based on an average price of $8 per GB of data in the US, that 130MB works out to about $1 lost to Google data gathering per month – if the device is disconnected from Wi-Fi the entire time and does all its passive transmission over a cellular connection. An iPhone with Apple's Safari browser open in the background transmits only about a tenth of that amount to Apple, according to the complaint. Much of the transmitted data, it's claimed, are log files that record network availability, open apps, and operating system metrics. Google could have delayed transmitting these files until a Wi-Fi connection was available, but chose instead to spend users' cell data so it could gather data at all hours. Vanderbilt University Professor Douglas C. Schmidt performed a similar study in 2018 – except that the Chrome browser was open – and found that Android devices made 900 passive transfers in 24 hours. Under active use, Android devices transfer about 11.6MB of data to Google servers daily, or 350MB per month, it's claimed, which is about half the amount transferred by an iPhone. The complaint charges that Google conducts these undisclosed data transfers for further its advertising business, sending "tokens" that identify users for targeted advertising and preload ads that generate revenue even if they're never displayed. "Users often never view these pre-loaded ads, even though their cellular data was already consumed to download the ads from Google," the legal filing claims. "And because these pre-loads can count as ad impressions, Google is paid for transmitting the ads." The Register asked Google to respond to the lawsuit's allegations. It declined to comment. We also asked Marc Goldberg, Chief Revenue Officer at ad analytics biz Method Media Intelligence whether preloaded ads ever get counted as billable events when not shown. "Yes they could be," Goldberg said in an email to The Register. "It is important for advertisers to understand their billable event. What are they paying for? Auction won? Ads Served? Ads rendered? These simple questions need to be asked and understood." The lawsuit seeks to recover the fair market value of the co-opted cellular data and the "reasonable value of the cellular data used by Google to extract and deliver information that benefited Google," dating back years to whenever this practice began. Source
  6. Google found at least seven critical bugs being exploited by hackers in the wild. But after disclosing them days ago, the company has yet to reveal key details about who used them and against whom. Google's elite teams of bug and malware hunters found and disclosed a flurry of high impact vulnerabilities in Chrome, Android, Windows, and iOS last week. The internet giant also said that these various vulnerabilities were all "actively exploited in the wild." In other words, hackers were using these bugs to actually hack people, which is concerning. What's more, all these vulnerabilities are in some way related to each other, Motherboard has learned. That potentially means the same hackers were using them. According to the disclosure reports, some bugs were in font libraries, and others were used to escape the sandbox in Chrome, and others were used to take control of the whole system, suggesting some of these bugs were part of a chain of vulnerabilities used to exploit victim's devices. So far, very little information has come out about who may have been using the exploits and who they were targeting. Often, bugs in modern software are found and are ethically disclosed by security researchers, which means that they are fixed before they are widely exploited to hack people. In this case, however, we know that the bugs were being used for hacking operations. Last year, Google found a series of zero-days—vulnerabilities that at the time of discovery are unknown to the software maker—that spies were using to target the Uighur community. China has conducted a widespread, systemic campaign of physical and technical oppression and surveillance against the Muslim minority. Unfortunately, this time we don't know any details because Google—the only company that has the whole story behind these bugs—has not said much at all about how it found the bugs, who was using them, and whom they were being used against. Notably, an update pushed to iOS 12 (which is two years old) patched the issue on phones dating back to the iPhone 5s and iPhone 6. Often, when updates are pushed to such old devices it means the bug is particularly bad, but, again, we do not know the specifics at this time. "The fact that they updated iPhone 6 users means it was bad," said a cybersecurity expert who asked not to be named because he wasn't allowed to speak to the press. "That phone has been end of life for a while." "We're not going to be able to offer much new info," Google spokesperson Scott Westover said in an email on Monday. Apple did not respond to requests for comment. A Microsoft spokesperson said in an email that the company “released security updates in November to address CVE-2020-17087. Customers who have applied the updates, or have automatic updates enabled, are protected.” The company also said that it has not seen evidence of exploitation in the wild. Ben Hawkes, the head of Google Project Zero, the internet giant's team of skilled hackers that is tasked with the mission of finding vulnerabilities in all kinds of software—not just Google's—announced on Twitter over the last 10 days that his team had found all these vulnerabilities (seven in total.) On Oct. 20, Google disclosed the first bug (CVE-2020-15999) in this series of vulnerabilities, a bug in FreeType, an open source font rendering software, was used to target Chrome, according to Hawkes. Then, on Oct. 30, the first bug (CVE-2020-17087) to gather more attention in the press was a Windows bug that allowed hackers to escalate system privileges, meaning the hackers could jump from having control of one app to taking control of the whole victim's system. Finally, last week, Hawkes wrote on Twitter that Project Zero had also found zero-days for Chrome and Android (CVE-2020-16009 and CVE-2020-16010) that were exploited in the wild. The first one of these was used for "remote code execution," technical jargon for hackers taking full control of an application or system. Just three days later, Hawkes announced that Apple had fixed three critical bugs in iOS. Two of them in the kernel, the part of the operating system that has access to almost anything that's happening on the phone, and one of them was also a font bug, vaguely reminiscent of the FreeType one that was disclosed on Oct. 20. This bug, according to Apple, allowed hackers to take control of the victim's phone by sending them a file with a "maliciously crafted font." Shane Huntley, the head of Google's Threat Analysis Group, a team that tracks hackers all over the internet, said on Twitter that these bugs were used for "targeted exploitation in the wild similar to the other recently reported 0days" and that these bugs had nothing to do with the U.S. elections. "This feels like spy shit," Ryan Stortz, a researcher who works the security consultancy firm Trail of Bits, told Motherboard. Stortz said that he has not seen the details of the exploits and vulnerabilities—no one outside of Google and the companies that patched them have—but said that it looks like they could all be part of the same hacker group's bug arsenal. "It's pretty damn rare for bugs like this to be cross platform. I think it’s more likely they found another waterhole site like with the Uighur bugs that had both chains." All these seven bugs are related to each other, according to a source with knowledge of the vulnerabilities, who asked to remain anonymous as they were not allowed to talk to the press. In any case, some of these bugs were very critical and gave hackers a lot of power when they used them. The iOS bugs, for example, were so dangerous that Apple pushed updates not just for the current iOS 14, but also for the older, not usually supported, iOS 12. Source
  • Create New...