Home Blog Page 310

Samsung Galaxy Phones Vulnerable to Highjack due to Swiftkey Update Hack


With Samsung phones selling like hot cake, the recent news that up to 600 million Samsung Galaxy phones could be vulnerable to hackers will be disheartening for a lot of people.

According to the security researcher who investigated the vulnerability, the hacker can easily access all the information of the Samsung smartphone including messages, camera and microphone. Moreover, the hacker can also payload a 3rd party malicious app.

The culprit, in this case, is the update mechanism of Samsung’s customised version of SwiftKey, which enables a hacker with malicious intent to to modify the content of the update and load the payload without any detection from the smartphone security.

According to the researcher, the hack is done through the man-in-the-middle attack, which exploits the fact that the update is not done through a secure channel, leaving over 600 million Samsung Galaxy phones vulnerable.

You can watch the exploit below.

The video clearly shows a lack of security in the update mechanism of Samsung’s SwiftKey keyboard. The Samsung Galaxy phones gives special permissions to the updates, which seems to override the built-in Android security, which is then open for the hacker to exploit.

Another way of checking the validity of download package is bypassed by dropping spoofed malicious file with the SHA1 hash.

The vulnerability is more serious as the researcher claims that the hacker can still send in malicious payload even if the Samsung users decide to use another keyboard app.

The automatic update checker doesn’t check whether the Samsung user is using the SwiftKey or not, so whether you avoid the built-in keyboard or not, you face the same fate.

The vulnerability is going to affect the Samsung Galaxy S5 users. Galaxy S6 and Galaxy S4 mini are also reported to be vulnerable to the exploit.

According to SwiftKey, the vulnerability does not affect versions of the App that user can download at the PlayStore or Apple Store. So, these issue is unique to Samsung Galaxy phones.

Although avoiding open and insecure Wi-Fi hotspots can offer you some level of protection, it is not foolproof as hackers can still get in through messages

Samsung is reported to have released a patch to operators, but until those operators actually make those updates available to their customers, millions of users will remain vulnerable.

This issue has also brought up the issue of slow updates on Android devices. While Google releases updates fast, it takes months, years, and even forever to reach end-users.

Do, you know anyone who is using a Samsung Galaxy Smartphone? Let them know about the vulnerability.

The Web is Moving Towards Encryption: Microsoft, Reddit and WikiPedia


Security and encryption on the web is becoming more important these days. With the latest news of tech giants encrypting their connections, chances are that HTTPS connection will be mainstream soon.

One of the reasons behind the change in the security aspects of the websites or platforms is the increased hacking activity and also the attempts of spying agency to grab all your browsing data and habits.

The first in the list is WikiPedia, which recently came up with the news of encrypting all the traffic using the HTTPS protocol. This means that you can learn as much as you would like without getting embarrassed about the learning habits you exhibit.

Yahoo took this step way back in 2014, and were one of the first to offer encryption for their services.

You may also be interested in the Best Web Hosting for Small Business.

The latest buyer of securing their traffic is Reddit, who have declared, using their platform, that from June 29, they will stop supporting HTTP protocol and will transfer all their current traffic to SSL encryption.

They also issued an early warning for others to make their apps support HTTPS before the change, otherwise the apps will stop working.

Check Reddit announcement here.

The last of the players, Microsoft, also announced their changes to the Bing traffic. In their official Bing blog, they announced that all the Bing traffic will be encrypted by default. This means that you can only access Bing using the HTTPS protocol and not the HTTP protocol.

With four major players making changes to their security, with three doing it recently is a good indication of how privacy is becoming important not only for the consumers but also by the service providers.

With spying agencies dropping the call on all the communication, it is high time for everyone to use secure lines.

Has anything to add to the story? Comment below and let us know!

WebAssembly: A Project for Making Web Browsers Faster


The web have seen a lot of innovation in terms of performance and functionality. But there are many skeptics who think the web can see faster web browsers. And, they are right. Currently, the four giants, Google, Apple, Microsoft and Mozilla are teaming up to make web browsers faster.

The project, known as WebAssembly is an attempt by the team to make web browsers as fast as 20 times their current speed. The earlier prototypes are showing promise and the reason for this faster performance is credited to the use of bytecode, an approach that web developers and programmers are aware of.

You may also be interested in the Best Web Hosting for Small Business.

The performance gains are done because of the direct interaction of bytecode with the processor, increasing the processing power and generating results way faster than JavaScript.

On the other hand, JavaScript has seen a lot of evolution in terms of both performance and features. Now, the developers can make fully interactive games in the web browsers. The performance part is also controlled by loading content using a minimalistic JavaScript library, asm.js, which works similar to bytecode based systems on other programming languages.

WebAssembly, aka Wasm, in short,  is the answer to those who were seeking an increase in web performance apps on any machine. The use of bytecode will enable web browsers to use machine capabilities, increasing the performance of the web apps by as much as 20 times (early reports estimation.)

The biggest threat to the project is no availability of Wasm supported browsers. Early plans from the team working behind the project reveals the use of asm.js to transfer the code into bytecode understood by the browser.

With the main focus on performance as well as features, the future can be in the hands of WebAssembly and how it gets developed by the team united for the only cause.

Has anything to add to the story? Comment below and let us know!

Source: ArsTechnica

Playing Xbox 360 Games on Xbox One coming soon

Xbox 360 games on Xbox One

Microsoft made a lot of big announcements at its press conference at the E3 2015 event, but one of the biggest is that gamers can now play old Xbox 360 games on Xbox One.

Backward compatibility for Xbox 360 games on Xbox One consoles is a big deal indicative of the huge applause the announcement received from the crowd at the conference.

With this new backward compatibility feature, owners of Xbox One consoles will be able to play select titles of their previously purchased Xbox 360 games.

Starting today Xbox One preview members can play a selection of Xbox 360 titles they already bought with Microsoft aiming for about 100 title before the holiday.

Titles like A Kingdom for Keflings, A World of Keflings, Mass Effect, Perfect Dark, and Perfect Dark Zero are now backward compatible. In all about 21 titles are compatible. See full list

All a developer needs to do for an Xbox 360 title to become backward compatible with Xbox One is to approve it. So, you should expect the lineup of Xbox One compatible games to increase.

Gamers will be able to play their compatible Xbox 360 games on Xbox One no-matter the distribution method, whether disc, digital, or inter-console multi-player.

This means that Xbox One gamers will soon be able to play multiplayer Xbox 360 titles with their friends on the older gaming console.

The presentation was not just about Xbox One compatibility, Microsoft also unveiled about four indie titles (Tacoma, Ashen, Beyond Eyes, and Cuphead) that will be coming first to the Xbox One before other consoles.

Another big announcement was that mods created for the PC version of the Fallout 4 will be supported on the Xbox One, which means that Microsoft is about the leverage to popularity of the PC on its gaming console.

But, no doubt the ability to play Xbox 360 games on Xbox One will resonate with the Xbox crowd. It could also help the Xbox 360 catchup its major competitor the Sony PS4.


Microsoft announces Windows 10 Coming on July 29

Windows 10

Microsoft has confirmed that the latest version of its Windows operating system, the Windows 10 will be available worldwide from July 29, 2015.

According to Microsoft devices running on Windows 7, Windows 8, and Windows 8.1 will get a free upgrade to Windows 10. I have already received a request to reserve a free update on my Windows 8.1 laptop, which I have already obliged.

Windows 10 is a key part of Microsoft’s one Windows strategy.

According to the Windows blog, Windows 10 was designed

to run our broadest device family ever, including Windows PCs, Windows tablets, Windows phones, Windows for the Internet of Things, Microsoft Surface Hub, Xbox One and Microsoft HoloLens—all working together to empower you to do great things.

Essentially, Windows 10 will be bringing back some of the iconic Windows features like the Start menu, while still retaining and improving on the best features of Windows 8.1.

According to Microsoft, Windows 10 is faster and more secure. Windows 10 will also be bringing Microsoft’s popular intelligent digital assistant, Cortana to the PC for the first time.

Windows 10 will also introduce a new modern browser, the Microsoft Edge. Office will also be getting a makeover for the new operating system.

PCs and Tablets running Windows 10 will go on sale starting July 29, which is also around the same time that existing users of Windows 7, Windows 8, and Windows 8.1 will be getting a free upgrade.

Windows 10 Mobile and other Windows 10 variants for other classes of devices like the Xbox will launch later.

Free Call from MTN – Its a Good Morning Nigeria GMN

Free Call from MTN
Free Call from MTN – Its a Good Morning Nigeria

Mobile subscribers in Nigeria will enjoy free call from MTN for 30 minutes starting from Democracy day, May 29, 2015. This is part of the Good Morning Nigeria initiative by Media Perspectives a leading Media buying and planning agency.

Media Perspective is partnering with major brands like ARM, Coca-Cola, Jumia, Leadway, Mansard and Samsung to launch the Good Morning Nigeria initiative.

Good morning Nigeria (GMN) is a CSR as well as advertising-funded initiative that will enable subscribers enjoy free talk time within the hours of 5am to 8am daily.

The GMN initiative, which will kick off on Democracy Day, May 29, 2015, will require callers to subscribe to make them eligible to enjoy free call from MTN.

30 minutes of Free Call

To enjoy the free call from MTN all the subscriber needs to do is to make 3 minutes straight call to an MTN number, the rest of the call will then be free for the next 30 minutes.

MTN subscribers who are interested in enjoying the daily free 30 minutes call are expected to text GMN to 131.

Speaking during a press conference to announce the Good Morning Nigeria initiative the MD/CEO, Media Perspectives, Tayo Oyedeji said:

“We appreciate how important communication is to the lives of the Nigerian people. We also recognise that the current economic situation has caused a reduction in spending power.”

I agree good morning Nigeria is a great initiative. When I first heard about it I was skeptical considering the negative impact that allowing unrestricted free calls would have on the MTN network.

But the requirement that a subscriber will have to pay for the first 3 minutes of the call will ensure this good initiative is not abused.

So, starting May 29, can schedule your long calls for between 5am and 8am to take advantage of the free call from MTN. Just don’t abuse it.

2go Data Bundle Launches on Airtel Nigeria To Millions Of Users

2go Data Bundle
2go Data Bundle Launches on Airtel Nigeria

Airtel Nigeria has partnered with leading mobile social network 2go to launch a social data bundle on Airtel Nigeria called the 2go data bundle. For only N100 per week or N200 monthly, Airtel subscribers can enjoy unlimited access to the 2go messaging service.

Speaking about the launch of the 2go data bundle, Co-founder and CEO of 2go, Ashley Peter, says:

“We are excited about our partnership with Airtel Nigeria and believe that user uptake of the data bundle will be substantial. We have many millions of users in Nigeria who can now take advantage of the Airtel deal. We are always looking for ways to reduce costs and improve the social experience of our users, and Airtel has made this possible”.

2go is adding an audio notes service in the latest version of the App. Users can record and send audio clips to one another. This will obvious require more data, meaning that the 2go Data bundle could not have come at a better time.

2go is also adding emoticon and content.

But, we should expect more according to Peter

“We have more exciting features on 2go in our next releases”

The 2go data bundle is part of Airtel’s Social bundle, which includes unlimited chatting on Twitter, Facebook, WhatsApp, WeChat, BBM, and now 2Go.

Dial *990# at 200 Naira to subscribe to the monthly bundle or Dial *991# at 100 Naira to subscribe to the weekly bundle

About 2go

2go is a mobile messenger and social network with over 60 million registered users across Africa. 2go is based in Cape Town, South Africa.

2go messaging service is supported on Android, BlackBerry, Java, and Nokia S40. It very popular amongst users of feature phones and entry level smartphone.

As of 2012, 2go was the most popular messaging app in Nigeria, even ahead of the likes of BBM, but the proliferation of smartphones, brought a lot new competitors to the market, limiting its popularity.

Hopefully, the new 2go data bundle from Airtel will mark a turnaround for 2go.

Kia Cars now Available on Konga Online Store

Kia Cars on Konga
Kia Cars now on Sale on Konga

Kia Motors Nigeria now have a storefront on Konga, one of Nigeria’s leading online shopping mall. Customers can now buy Kia cars and SUVs online from Konga.

With this development Kia becomes the first auto maker to offer their vehicles for sale online in the Nigerian market.

The best you can get thus-far at online stores in Nigeria are car electronics and other accessories for your car, but Kia is pushing forward by offering 10 Kia cars and SUVs.

10 Kia Cars Online

Kia cars currently on sale on Konga ranges from the entry Kia Picanto, which goes for 2,232,000 Naira to the top of the range Kia Quoris, which will set you back for 13,050,000 Naira.

Other models currently up for sale on Konga include Kia Rio, Soul, Cerato, Optima, and Sportage. Completing the list is the Kia Sorento, Mohave, and Cadenza. See all models here.

Pay Online or on Delivery

Purchasing a Kia car at Konga is similar to buying any other item at the online store. Just find the Kia model you want, and click the buy now button to order.

Customers can pay online using their cards or opt to pay only when the car have been successfully delivered.

Buying cars online is a very big leap in a country were finding prices of cars online is very hard. Online more advanced countries like the United States were dealers publish prices of their vehicles openly on their websites, Nigerian auto dealers treat their price information like classified information.

All the ten Kia cars currently available on Konga are the latest 2015 models and come with Kia’s usual full 5 year warranty or 100,000 km.

So, if you are in the market for a car, you can checkout Kia Motors Nigeria Storefront in Konga.

Faulty Factory Reset in Android Phones Retains Sensitive Data

Some Android Phones
Your Data can still be recovered after a Factory Reset

Researchers in Cambridge University have discovered that an estimated 500 to 630 million Android phones could leave critical data in phone storage after a factory reset have been applied.

The group of researchers tested 21 second hand Android phones that have already undergone factory reset and running on Android 2.3 to 4.3 from five different manufacturers.

At the end of the test the group of researchers in their report titled Security Analysis of Android Factory Resets claim they where able to recover some data, which were supposed to have been wiped by factory reset, in each of the phones tested.

Data recovered includes user contacts, images, videos, as well as conversations from messaging, SMS and email apps.

Even more worrying is the claim by the researchers that they were able to recover the master token, which Android uses to sync Google user data, in 80% of the Android phones tested.

This means that a hacker who recovers this master token can potentially use it to re-sync phone to the original owner’s email, contacts, etc. Tokens for other Apps like Facebook can also be recovered in similar way.

According to the researchers there are a number of reasons why this vulnerability exist. The first is that flash drives are inherently difficult to completely erase.

But, the major reason is that in some cases the manufacturer failed to load the Android phone with the drivers required for completely wiping data from the internal storage and SD cards.

This is a big headache for Android users and businesses who are planning to sell or give out their old phones, as factory reset was supposed to be a secure way to wipe data from the phone prior to getting rid of it.

This issue is even worse for users whose Android phone were stolen and hoping to use remote wipe to securely remove sensitive data from their phone

The Issue May be Worse

Note however, that because the research focused only on Android 2.3 to 4.3, this issue may well be present in Android  4.4 and beyond. It is also possible that other operating systems may have similar issues.

To be safe for now, change the password of your old Android phones you want to sell or giveaway to a more complicated one, before applying a factory reset.

Android could include Native Fingerprint authentication in version M

Android Fingerprint scanning
Fingerprint Authentication Could be coming to Android

Google could be adding native support for fingerprint authentication in the next version of its Android mobile OS (the Android M), a report by Buzzfeed claims. According to the report, the feature will be revealed this week at the Google I/O developer conference in San Fransisco also believed to be the venue for the official unveiling of the next version of Android.

Buzzfeed was quick to add that Google was yet to confirm this, so this is all just still in the realms of speculation.

If confirmed fingerprint authentication will enable users of Android devices to unlock their devices, login to sites and apps, as well as authenticate payments.

Although a couple of Android devices like the Galaxy S6 Edge supports fingerprint authentication, the support and functionality is limited and only a few developers get involved.

But with native support Google will probably provide an API or another democratic way for more developers get involved, which will make fingerprint authentication more mainstream than niche.

Although not yet confirmed fingerprint authentication will be pretty cool on Android.