Earlier this month, we found out that after a software update HTC’s Android handsets had a serious security flaw — any app could gain access to user data, including recent GPS locations, SMS data, phone numbers, and system logs. To its credit, HTC responded quickly to the security issue, and now an OTA update with the fix is going out to those on the Now Network. Sprint users with an EVO 4G, 3D, Shift 4G, Design 4G or View 4G can get the download, as can Wildfire S owners. The patch available now for a manual download, and more info on the fix can be found at the source below.

[Thanks, Korey]

Sprint issues OTA fix for HTC Android handset vulnerability originally appeared on Engadget on Tue, 25 Oct 2011 18:03:00 EDT. Please see our terms for use of feeds.

Permalink

Liking that Face Unlock on Ice Cream Sandwich we saw this morning? You can thank PittPatt for that. Here at AsiaD’s opening session, Android head honcho Andy Rubin just confirmed that said Pittsburgh-based company — acquired by Google earlier this year — was responsible for this nifty security feature. While the demo didn’t go as planned for Matias Duarte at the launch event, Andy was able to show us how Face Unlock’s meant to work on the stage just now. In fact, Andy said his team even had to “slow down the process” as PittPatt’s software was too fast to make folks believe that any security at all was involved — for what it’s worth, Walt Mossberg’s beard couldn’t get past the unlock screen on Andy’s Galaxy Nexus. Head on over to our hands-on video to see us getting up close and personal with Face Unlock.

Andy Rubin: Ice Cream Sandwich’s Face Unlock is developed by PittPatt originally appeared on Engadget on Wed, 19 Oct 2011 06:49:00 EDT. Please see our terms for use of feeds.

Permalink

Sony’s not having a good morning. In addition to having to recall 1.6 million Bravia TVs, it’s also been forced to temporarily lock 93,000 customers out of their PSN and Sony Online Entertainment accounts. You won’t be surprised by the reason: an attempt by hackers to “test a massive set of sign-in IDs and passwords” against Sony’s network database. Some of the affected accounts showed “additional activity prior to being locked” and are being investigated. On the flip-side, Sony’s Chief Information Security Officer, Philip Reitinger, stressed that most of the hackers’ details resulted in failed logins and in any case credit card details are not at risk. Users are being told to expect an email if they’ve been affected, which will contain further instructions. Has Sony finally realized the value of timely communication?

Sony locks 93,000 PSN and SOE accounts due to ‘massive’ hack attempt originally appeared on Engadget on Wed, 12 Oct 2011 07:51:00 EDT. Please see our terms for use of feeds.

Permalink

Unlocking your phone doesn’t get any easier than a simple patterned swipe or pre-set pin. But for the fussy amongst you, there’s an alternative solution to make you feel both confidently futuristic, and downright ridiculous. Facelock, the facial recognition security app announced back at Nokia World 2010, has finally mosied on over to the Ovi Store, beta tag in tow. The screen lock tech functions pretty much as you’d expect: once you’ve set a static image of your face as a code, the front-facing camera will then match it up to your mug and, presto magico, you’ll have access to your device. The free app is apparently compatible only with Symbian 3 handsets, although those rocking Anna and Belle shouldn’t encounter any difficulties. Ready to face / off with your phone? Then hit up the source link below to download the gratis goods.

[Thanks, Jerry]

Facelock app hits the Ovi Store, Symbian handsets frame your face for security originally appeared on Engadget on Sat, 08 Oct 2011 04:43:00 EDT. Please see our terms for use of feeds.

Permalink

We’re not exactly lacking in opportunities for Minority Report references these days, but sometimes they’re just unavoidable. According to a new report from CNET based on documents obtained by the Electronic Privacy Information Center, the US Department of Homeland security is now working on a system dubbed FAST (or Future Attribute Screening Technology) that’s designed to identify individuals who are most likely to commit a crime. That’s not done with something as simple as facial recognition and background checks, however, but rather algorithms and an array of sensors and cameras that can detect both physiological and behavioral cues that are said to be “indicative of mal-intent.” What’s more, while the DHS says that it has no plans to actually deploy the system in public just yet, it has apparently already conducted a limited trial using DHS employees — though no word on the results of how well it actually works, of course. Hit the source link below for the complete (albeit somewhat redacted) documents.

US Department of Homeland Security developing system to predict criminal intent originally appeared on Engadget on Sat, 08 Oct 2011 02:31:00 EDT. Please see our terms for use of feeds.

Permalink

HTC held true to its promise to look into the security vulnerability that surfaced over the weekend, an apparent glitch that allows any app requesting internet access to take a peek at a user account information, GPS location, system logs, and other potentially private data. While HTC assured us that user data isn’t at risk of being harmed by its own software, a third party malware app could exploit the security flaw and cause some trouble. The outfit is already building a patch, and will ship it out in an over the air update after a short testing period with its carrier partners. Until then? HTC recommends steering clear of apps from publishers you don’t trust. Hit the break to see the official statement.

Continue reading HTC confirms security hole, says patch is incoming

HTC confirms security hole, says patch is incoming originally appeared on Engadget on Tue, 04 Oct 2011 01:47:00 EDT. Please see our terms for use of feeds.

Permalink

The folks at Android Police seem to have stumbled across a rather jarring security vulnerability in HTC handsets running Android, giving common apps with internet access a peek at the device’s vital statistics, user information and more. Demonstrated in the above video, developer Trevor Eckheart found that a recent HTC update packed in a suite of logging tools that collects data on user accounts (including email addresses), recent GPS locations, SMS data and encoded text, phone numbers, system logs, running processes and more — all of which can be accessed by common apps requesting access to android.permission.INTERNET.

HTC is already looking into the issue, stating, “HTC takes our customers’ security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we’re able to determine the accuracy of the claim and what steps, if any, need to be taken.” If you’re too antsy to wait for HTC’s update, head on over to the source link below — Eckheart says the issue can be resolved by removing HTCloggers from a rooted device.

HTC security vulnerability said to leak phone numbers, GPS data, and more, HTC responds (video) originally appeared on Engadget on Sun, 02 Oct 2011 19:17:00 EDT. Please see our terms for use of feeds.

Permalink

Old Uncle Sam seems determined to crack down on botnets, but he still needs a little help figuring out how to do so. On Wednesday, the Department of Homeland Security and National Institute of Standards and Technology (NIST) published a request for information, inviting companies from internet and IT companies to contribute their ideas to a voluntary “code of conduct” for ISPs to follow when facing a botnet infestation. The move comes as an apparent response to a June “Green Paper” on cybersecurity, in which the Department of Commerce’s Internet Policy Task Force called for a unified code of best practices to help ISPs navigate through particularly treacherous waters. At this point, the NIST is still open to suggestions from the public, though Ars Technica reports that it’s giving special consideration to two models adopted overseas. Australia’s iCode program, for example, calls for providers to reroute requests from shady-looking systems to a site devoted to malware removal. The agency is also taking a hard look at an initiative (diagrammed above) from Japan‘s Cyber Clean Center, which has installed so-called “honeypot” devices at various ISPs, allowing them to easily detect and source any attacks, while automatically notifying their customers via e-mail. There are, however, some lingering concerns, as the NIST would need to find funding for its forthcoming initiative, whether it comes from the public sector, corporations or some sort of public-private partnership. Plus, some are worried that anti-botnet programs may inadvertently reveal consumers’ personal information, while others are openly wondering whether OS-makers should be involved, as well. The code’s public comment period will end on November 4th, but you can find more information at the source link, below.

US government to beat back botnets with a cybersecurity code of conduct originally appeared on Engadget on Fri, 23 Sep 2011 14:34:00 EDT. Please see our terms for use of feeds.

Permalink

Micron may think it’s simply “bolstering user security” but, if you ask us, it seems like the company is providing the machines with a tool to protect their plans for insurrection. The RealSSD C400 SED has a special, security-focused firmware and hardware-based AES-256-bit encryption that keeps all of its precious data safe from prying eyes. The hardware self-encryption solution also frees up a computer’s processor to focus on more important tasks (like planing the enslavement of mankind), rather than waste precious resources on protecting sensitive information. The C400 SED will ship sometime during Q4 in 128GB, 256GB and 512GB varieties. Price has yet to be announced, but we’re not sure that Skynet really cares what the cost is. After all, it can just tell Micron’s order-processing system to send a bunch out free of charge.

Continue reading Micron adds self-encryption to RealSSD C400, protects plans for world domination from prying eyes

Micron adds self-encryption to RealSSD C400, protects plans for world domination from prying eyes originally appeared on Engadget on Wed, 21 Sep 2011 17:32:00 EDT. Please see our terms for use of feeds.

Permalink

Like a giant warlock guarding the gates of the interwebs, financial barriers all too often block our young people from accessing the plethora of awesomeness found in front of those iconic triple-Ws-and-a-dot. In a bid to spread the love more evenly, the FCC and Comcast’s promised Internet Essentials platform is going live — giving low-income families $9.99 / month web access and “discounted” (read: $149.99) computers. The platform that we first heard about in August will also include a Norton Security Suite and computer training for youngsters and their parents alike. The cable provider is accepting participants until 2014, honoring the contract dependent on the child’s status and family income. Like other heavy hitters involved in similar initiatives, the goal is to bridge the education gap and to provide a more level playing field for kids. To get more details on the program, direct your attention to the source link.

Continue reading Comcast and FCC partner to give low-income families access to internet, Nyan Cats

Comcast and FCC partner to give low-income families access to internet, Nyan Cats originally appeared on Engadget on Tue, 20 Sep 2011 20:04:00 EDT. Please see our terms for use of feeds.

Permalink