Google ‘Android Things’ — An Operating System for the Internet of Things

“If you can build an app, you can build a device.”

Google announced a Developers Preview of “Android Things” — an Android-based operating system platform for smart devices and Internet of Things (IoT) products headed our way.  Best of all, its designed to make it easier for developers to build a smart appliance since they will be able to work with Android APIs and Google Services they’re already familiar with.

So if you want to jump right in, come join us.  Just following this link:


Over 1 Million Google Accounts Hacked by ‘Gooligan’

As you know by now from the latest buzz. Over 1 Million #Google Accounts Hacked by ‘Gooligan’. Gooligan itself isn’t new, as its just a variant of  Ghost Push, a piece of Android malware

Researchers from security firm Check Point Software Technologies have found the existence of this malware in apps available in third-party marketplaces.

Once installed it then roots the phone to to gain system level access.  The rooted devices then download and install software that steals the authentication tokens that allow the phones to access the owner’s Google-related accounts without having to enter a password. The tokens work for a variety of Google properties, including Gmail, Google Photos, Google Docs, Google Play, Google Drive, and G Suite

In a recent blog post by the folks over at Check Point:

“The infection begins when a user downloads and installs a Gooligan-infected app on a vulnerable Android device. Our research team has found infected apps on third-party app stores, but they could also be downloaded by Android users directly by tapping malicious links in phishing attack messages. After an infected app is installed, it sends data about the device to the campaign’s Command and Control (C&C) server.

Gooligan then downloads a rootkit from the C&C server that takes advantage of multiple Android 4 and 5 exploits including the well-known VROOT (CVE-2013-6282) and Towelroot (CVE-2014-3153). These exploits still plague many devices today because security patches that fix them may not be available for some versions of Android, or the patches were never installed by the user. If rooting is successful, the attacker has full control of the device and can execute privileged commands remotely.

After achieving root access, Gooligan downloads a new, malicious module from the C&C server and installs it on the infected device. This module injects code into running Google Play or GMS (Google Mobile Services) to mimic user behavior so Gooligan can avoid detection, a technique first seen with the mobile malware HummingBad. The module allows Gooligan to:

  • Steal a user’s Google email account and authentication token information
  • Install apps from Google Play and rate them to raise their reputation
  • Install adware to generate revenue

Ad servers, which don’t know whether an app using its service is malicious or not, send Gooligan the names of the apps to download from Google Play. After an app is installed, the ad service pays the attacker. Then the malware leaves a positive review and a high rating on Google Play using content it receives from the C&C server.”

Android users who have downloaded apps from third-party markets can visit the Check Point blog post for a list of the apps known to contain Gooligan.

Also Check Point has released what is being called the Gooligan Checker web page to be used to check if you have been compromised by this latest threat.



TunnelBear – Simple, Private and Free

TunnelBear has just launched a Chrome extension that helps to protect your privacy on a Chromebook, Android, iPhone, iPad, PC & Mac

TunnelBear is a Canadian company famous for making super easy to use privacy tools. They specialize in VPN services that allow your phone and computers to be secure when using public WiFi hotspots. Their service also allows you to “tunnel” into another country to get around content blocking by governments or media companies.

Today TunnelBear is launching a public beta version of their new Chrome extension. When installed, it will protect everything you do in Chrome by running it through an encrypted web proxy.

For Chromebook users, almost everything you do should be encrypted, making it a great tool to have. For Windows, Mac, or Linux users, please note that only your Chrome connection will be secured – not the rest of your system’s traffic.

TunnelBear offers a free plan for those with low data usage, or a very cheap paid plan for everyone else.

Credit for the original post:  Thanks dude

AT&T Galaxy S4 SGH-I337 OTA Update to Lollipop

Woke up this morning to Lollipop, so its official AT&T has finally started pushing out the highly-anticipated Android 5.0 Lollipop Over-The-Air (OTA) update for Galaxy S4

Now its time for me to find a method to root and enable some features such as Wifi Tethering

Tech Info:

  • Model SAMSUNG-SGH-I337
  • Android Ver: 5.0.1
  • Baseband Ver: I337UCUGOC3
  • Kernel Ver: 3.4.0-4408911
  • Build Number: LRX22C.I337UCUGOC3

Listening to radioPup streams on my PC

radioPup is a personalized radio app designed for mobile devices featuring local radio stations streaming the best music and news available. Covering many genres of the best music the stations have to offer. Best of all its live radio.

But what if you didn’t want to just use your mobile device and prefer using your PC. “Where there’s a will, there’s a way” This is where a few bits of software, a little amount of time and the need to share brings this blog post to life.

Software / Apps Used:

  1. radioPup App (Android, or iOS)
  2. Fiddler (installed on PC)
  3. VLC Media Player (installed on PC)

My Steps:

  1. I first installed radioPup on my Android phone and searched for a station I wanted to listen to.
  2. I then installed Fiddler on my PC that will be a proxy for the network request sent from my mobile device. In Fiddler you need to change the proxy settings to allow remote connections. This is done by clicking Tools > Fiddler Options > Connections and under connections check the box that reads “Allow remote computer connections”.
  3. On my mobile device I set the proxy settings to the Network Address of my listening computer and the proxy port used in Fiddler. In my case I am using port 8888
  4. Once configured I was able to see request coming from my mobile device.
  5. In the radioPup app I clicked on the station I wanted and it starts streaming music.
  6. I then go back to Fiddler to see the results.
  7. Here in Fiddler is where you can now copy just the URL of the steam and proceed to VLC
  8. Opening VLC I click in the menu and select Media > Open Network Stream
  9. Now pasting in the URL grabbed from Fiddler and clicking Play I am now able to listen to the station of my choosing on my PC.
  10. Turn the volume up and enjoy.