Samsung Archives - IT Security Guru

Samsung Galaxy Note 8 release today: Leaked specs and photos emerge hours before release

The Gurus — Wed, 23 Aug 2017 09:18:39 +0000

Leaked images, price details and specs of the Samsung Galaxy Note 8 have emerged hours before the high-end smartphone is due to be released.
View Full Story
ORIGINAL SOURCE: The Telegraph

The post Samsung Galaxy Note 8 release today: Leaked specs and photos emerge hours before release appeared first on IT Security Guru.

Israeli researchers poke holes in Samsung KNOX security system

The Gurus — Tue, 31 May 2016 11:04:32 +0000

A number of severe problems have been discovered within the Samsung Knox security system in Android smartphones.
Three vulnerabilities affecting Android devices running Samsung’s Knox security feature were recently revealed in a paper presented by Uri Kanonov and Avishai Wool, researchers from Tel Aviv University.
The security flaws affect versions of Knox on older Samsung devices; in particular, Knox 1.0 — 2.3 running on Android up to version 4.3. Knox was designed to cater for the professional who must use their personal device for both work and play, and so acts as a sandbox or container to securely separate different applications and data.

Original Souce: ZDNet
View the full story here

The post Israeli researchers poke holes in Samsung KNOX security system appeared first on IT Security Guru.

Samsung Smart Home flaws let hackers make keys to front door

The Gurus — Tue, 03 May 2016 10:34:09 +0000

Computer scientists have discovered vulnerabilities in the Samsung Smart Home automation system that allowed them to carry out a host of remote attacks, including digitally picking connected door locks from anywhere in the world.
The attack, one of several proof-of-concept exploits devised by researchers from the University of Michigan, worked against Samsung’s SmartThings, one of the leading Internet of Things (IoT) platforms for connecting electronic locks, thermostats, ovens, and security systems in homes. The researchers said the attacks were made possible by two intrinsic design flaws in the SmartThings framework that aren’t easily fixed. They went on to say that consumers should think twice before using the system to connect door locks and other security-critical components.
Original Source: Arstechnica
View the full story here

The post Samsung Smart Home flaws let hackers make keys to front door appeared first on IT Security Guru.

Samsung's smart fridge could be used to steal your Gmail login

The Gurus — Tue, 25 Aug 2015 09:05:23 +0000

In yet another example of a manufacturer of a connected product failing to secure said product, Samsung’s connected fridge allows malicious people to steal a consumer’s Gmail login credentials provided they can get on the user’s Wi-Fi network. The exploit, known as a man-in-the-middle attack, is made possible because the Samsung smart fridge lets people link their Gmail calendars to a screen in the fridge’s door so they can see their day’s events.
It’s a handy feature, except when a person logs in, the fridge says it provides SSL encryption, but fails to actually verify that the server on the Google end has the right certificate to actually get the encrypted data. It just hands it over. This is akin to a club saying it checks IDs only to let people get in without actually looking at the date on those IDs. Thus anyone on the consumer’s Wi-Fi network could pretend to be Google’s calendar service and snag the consumer’s Gmail login credentials. From there the hacker could wreak all kinds of havoc. Fortune has reached out to Samsung to see what it has to say about the vulnerability.

view the full story here

The post Samsung's smart fridge could be used to steal your Gmail login appeared first on IT Security Guru.

Google patches Android hijack bug Stagefright

The Gurus — Thu, 06 Aug 2015 09:42:05 +0000

For those of you worried about the Stagefright flaw in Android, be reassured, a patch will be coming down the line in the next few days.
“My guess is that this is the single largest software update the world has ever seen,” said Adrian Ludwig, lead engineer for Android security at Google. “Hundreds of millions of devices are going to be updated in the next few days. It’s incredible.”
All Nexus devices are going to be patched, and Samsung, Motorola, HTC, LG, Sony, Android One, and hundreds of other manufacturers are going to push out the patches too, he said. Some handset vendors, like Silent Circle, have already patched their operating systems.
“With the recent security issues, we have been rethinking the approach to getting security updates to our devices in a more timely manner,” said Dong Jin Koh, EVP of Samsung Electronics, Mobile R&D Office.
“Since software is constantly exploited in new ways, developing a fast response process to deliver security patches to our devices is critical to keep them protected. We believe that this new process will vastly improve the security of our devices and will aim to provide the best mobile experience possible for our users.”
In addition, Google, Samsung, and LG have made a commitment to send out monthly security patches to users that will fix any upcoming issues in the operating system. These updates have been sent out to manufacturers for years, but now end users will get them too, and they will continue for at least three years after the launch of any new handset.

view the full story here

The post Google patches Android hijack bug Stagefright appeared first on IT Security Guru.

Samsung and LG smartwatches leave sensitive data open to hackers

The Gurus — Mon, 15 Jun 2015 08:51:47 +0000

Hackers can easily swipe personal data from LG and Samsung smartwatches, researchers have revealed, with neither brand encrypting sensitive data.
According to researchers at the University of New Haven, hackers can easily extract personal data, including contacts, messages and health information, from both the Samsung Gear 2 and LG G Watch.
View full story

The post Samsung and LG smartwatches leave sensitive data open to hackers appeared first on IT Security Guru.

Windows Phone survives Pwn2Own as other mobiles fall

The Gurus — Fri, 14 Nov 2014 13:33:56 +0000

The annual Mobile Pwn2Own contest has ended in Tokyo, with 11 bugs revealed in all.

Yesterday, bugs were revealed in the Apple iPhone 5S, Samsung Galaxy S5 and LG Nexus 5 and the Amazon Fire phone. The Galaxy S5 flaw in its Android OS was discovered by UK researcher Jon Butler from MWR Infosecurity which targeted a local error in WiFi connection over a short distance.

Ian Shaw, Group MD of MWR InfoSecurity, said MWR was proud to receive these awards.

“Our talented researchers span far and wide across the globe and they work extremely hard,” he said. “Entering competitions, such as Pwn2Own, are vitally important as it keeps us at the sharp edge of the industry.

“This work forms part of a wide-ranging programme of security research at MWR on a global scale and highlights the ongoing need for mobile developers and manufacturers to prioritise security, in order to keep customers safe.”

The MWR Labs research also identified additional vulnerabilities, which will first be reported to Samsung and Amazon in the coming weeks. It intends to publish advisories in due course for these vulnerabilities on its website website in accordance with its disclosure policy.

In today’s results, two bugs were found, again targeting Android WiFi over short distance, while another bug targeted the mobile web browser in Windows Phone where Nico Joly was successfully able to exfiltrate the cookie database but not full control of the system.

Organised by HP as part of its Zero Day Initiative, this is an annual contest that rewards security researchers for highlighting security vulnerabilities on mobile platforms. The contest helps to harden devices by finding vulnerabilities first, and sharing that research with mobile device and platform vendors.

HP and its sponsors (this year, the Google Android security team and Blackberry) are offering cash and prizes to researchers who successfully compromise selected mobile targets in particular categories.

The post Windows Phone survives Pwn2Own as other mobiles fall appeared first on IT Security Guru.

Samsung and Zscaler Announce Enterprise-Ready Mobile Security Solution

The Gurus — Mon, 24 Feb 2014 10:57:48 +0000

Zscaler, the global security cloud for the mobile enterprise, today announced a strategic partnership with Samsung Electronics Co., Ltd., to provide the industry’s first enterprise-ready mobile security solution. The deep integration of the Zscaler security cloud with Samsung KNOX, a secure Android platform for enterprise mobility, provides a streamlined, enterprise-ready solution for both Samsung and Zscaler customers.
This enterprise-grade mobile security solution from Zscaler and Samsung is made possible by extending the security and compliance policies from the Zscaler security cloud to Samsung KNOX. The Zscaler security cloud is centrally-managed and administers granular policy enforcement on a per-user/per-device basis anywhere in the world. Zscaler provides advanced security and real-time visibility for its users by meeting them en route to the Web services they consume and scanning all inbound and outbound Internet transactions. Samsung KNOX provides a container to separate work and personal environments to protect enterprise data and employee privacy. Together, these technologies give enterprises the additional security they need without compromising the user experience.
“We continue to evolve Samsung KNOX and our partner ecosystem to give enterprise customers the best solutions for secure enterprise mobility,” said Injong Rhee, Senior Vice President and Head of KNOX Business Group, IT & Mobile Communications Division at Samsung Electronics. “With more than twelve million users on the Zscaler cloud, we wanted to make our customer lives easier by strengthening our partnership with Zscaler and going to market together with a fully integrated, enterprise-ready solution.”
According to IDC, mobile malware is a top security concern among 68 percent of IT-controlled enterprises.[i] Zscaler research shows that browser and mobile applications present considerable risks for security and privacy. Whether an organisation implements a Bring Your Own Device (BYOD) scenario or provides company owned devices, the purpose-built integration provides truly secure and efficient work and play environments on one mobile device. Together, Zscaler and Samsung can go-to-market with an integrated solution that safely enables true enterprise mobility.
“We are excited to partner with Samsung on our shared vision of Enterprise-Ready Mobile Security”, said Jay Chaudhry, founder and CEO, Zscaler. “The deep integration between Samsung KNOX and the Zscaler security cloud enables users to have the same policy and protection on a mobile device and a PC. The collaboration, which is the result of ten months of joint development, will help accelerate the adoption of mobile devices in the Enterprise. The joint solution will be a game changer in the Industry”
[i] Source: IDC, “U.S. Mobile Security Survey, 2013,” Doc # 240598, April 2013

The post Samsung and Zscaler Announce Enterprise-Ready Mobile Security Solution appeared first on IT Security Guru.