Android

Google ‘Android Things’ — An Operating System for the Internet of Things

“If you can build an app, you can build a device.”

Google announced a Developers Preview of “Android Things” — an Android-based operating system platform for smart devices and Internet of Things (IoT) products headed our way.  Best of all, its designed to make it easier for developers to build a smart appliance since they will be able to work with Android APIs and Google Services they’re already familiar with.

So if you want to jump right in, come join us.  Just following this link: https://developer.android.com/things/index.html

 

Over 1 Million Google Accounts Hacked by ‘Gooligan’

As you know by now from the latest buzz. Over 1 Million #Google Accounts Hacked by ‘Gooligan’. Gooligan itself isn’t new, as its just a variant of  Ghost Push, a piece of Android malware

Researchers from security firm Check Point Software Technologies have found the existence of this malware in apps available in third-party marketplaces.

Once installed it then roots the phone to to gain system level access.  The rooted devices then download and install software that steals the authentication tokens that allow the phones to access the owner’s Google-related accounts without having to enter a password. The tokens work for a variety of Google properties, including Gmail, Google Photos, Google Docs, Google Play, Google Drive, and G Suite

In a recent blog post by the folks over at Check Point:  http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/

“The infection begins when a user downloads and installs a Gooligan-infected app on a vulnerable Android device. Our research team has found infected apps on third-party app stores, but they could also be downloaded by Android users directly by tapping malicious links in phishing attack messages. After an infected app is installed, it sends data about the device to the campaign’s Command and Control (C&C) server.

Gooligan then downloads a rootkit from the C&C server that takes advantage of multiple Android 4 and 5 exploits including the well-known VROOT (CVE-2013-6282) and Towelroot (CVE-2014-3153). These exploits still plague many devices today because security patches that fix them may not be available for some versions of Android, or the patches were never installed by the user. If rooting is successful, the attacker has full control of the device and can execute privileged commands remotely.

After achieving root access, Gooligan downloads a new, malicious module from the C&C server and installs it on the infected device. This module injects code into running Google Play or GMS (Google Mobile Services) to mimic user behavior so Gooligan can avoid detection, a technique first seen with the mobile malware HummingBad. The module allows Gooligan to:

  • Steal a user’s Google email account and authentication token information
  • Install apps from Google Play and rate them to raise their reputation
  • Install adware to generate revenue

Ad servers, which don’t know whether an app using its service is malicious or not, send Gooligan the names of the apps to download from Google Play. After an app is installed, the ad service pays the attacker. Then the malware leaves a positive review and a high rating on Google Play using content it receives from the C&C server.”

Android users who have downloaded apps from third-party markets can visit the Check Point blog post for a list of the apps known to contain Gooligan.

Also Check Point has released what is being called the Gooligan Checker web page to be used to check if you have been compromised by this latest threat.

 

 

TunnelBear – Simple, Private and Free

TunnelBear has just launched a Chrome extension that helps to protect your privacy on a Chromebook, Android, iPhone, iPad, PC & Mac

TunnelBear is a Canadian company famous for making super easy to use privacy tools. They specialize in VPN services that allow your phone and computers to be secure when using public WiFi hotspots. Their service also allows you to “tunnel” into another country to get around content blocking by governments or media companies.

Today TunnelBear is launching a public beta version of their new Chrome extension. When installed, it will protect everything you do in Chrome by running it through an encrypted web proxy.

For Chromebook users, almost everything you do should be encrypted, making it a great tool to have. For Windows, Mac, or Linux users, please note that only your Chrome connection will be secured – not the rest of your system’s traffic.

TunnelBear offers a free plan for those with low data usage, or a very cheap paid plan for everyone else.

Credit for the original post: https://plus.google.com/+CraigTumblison  Thanks dude

AT&T Galaxy S4 SGH-I337 OTA Update to Lollipop

Woke up this morning to Lollipop, so its official AT&T has finally started pushing out the highly-anticipated Android 5.0 Lollipop Over-The-Air (OTA) update for Galaxy S4

Now its time for me to find a method to root and enable some features such as Wifi Tethering

Tech Info:

  • Model SAMSUNG-SGH-I337
  • Android Ver: 5.0.1
  • Baseband Ver: I337UCUGOC3
  • Kernel Ver: 3.4.0-4408911
  • Build Number: LRX22C.I337UCUGOC3

Listening to radioPup streams on my PC

radioPup is a personalized radio app designed for mobile devices featuring local radio stations streaming the best music and news available. Covering many genres of the best music the stations have to offer. Best of all its live radio.

But what if you didn’t want to just use your mobile device and prefer using your PC. “Where there’s a will, there’s a way” This is where a few bits of software, a little amount of time and the need to share brings this blog post to life.

Software / Apps Used:

  1. radioPup App (Android, or iOS)
  2. Fiddler (installed on PC)
  3. VLC Media Player (installed on PC)

My Steps:

  1. I first installed radioPup on my Android phone and searched for a station I wanted to listen to.
  2. I then installed Fiddler on my PC that will be a proxy for the network request sent from my mobile device. In Fiddler you need to change the proxy settings to allow remote connections. This is done by clicking Tools > Fiddler Options > Connections and under connections check the box that reads “Allow remote computer connections”.
  3. On my mobile device I set the proxy settings to the Network Address of my listening computer and the proxy port used in Fiddler. In my case I am using port 8888
  4. Once configured I was able to see request coming from my mobile device.
  5. In the radioPup app I clicked on the station I wanted and it starts streaming music.
  6. I then go back to Fiddler to see the results.
  7. Here in Fiddler is where you can now copy just the URL of the steam and proceed to VLC
  8. Opening VLC I click in the menu and select Media > Open Network Stream
  9. Now pasting in the URL grabbed from Fiddler and clicking Play I am now able to listen to the station of my choosing on my PC.
  10. Turn the volume up and enjoy.

I just became a Facebook for Android Beta Tester

Tonight I just signed up to be a Facebook Android Beta Tester. Signup was quick and simple and I am very interested to see what’s new and help report issues found during my time testing. And as always; I’ll share what I find with you all.

To sign up simply follow this link: https://www.facebook.com/mobile/android_beta/

Delete Google Play App History

I have been thinking about this for a while, how I could delete those apps that I have downloaded but never intend to use “EVER” again. And if you one day decided to restore all of your apps, those come along with it. No Bueno, my friends.

I have looked up and down the Google Play Store via my PC and couldn’t find a way to do this. So I turned my focus to my phone. Yes; I found it… So say goodbye to that insanely long apps list by doing the following:

  1. Launch the Play Store App
  2. Tap the menu button and choose “My Apps”
  3. At the “My Apps” menu choose “ALL” – Here you will see a list of all the apps you ever installed; wow I have downloaded a lot of apps in my past.

For the apps that are no installed you can simply click the (X) in the upper right corner to remove the app. You can select multiple apps by holding down one of the apps (phone will vibrate) and you can continue to select multiple apps until you’re ready to delete them all in one swift click.

I hope this has helped you.

– Jermal

Android Testing Mode: *#*#4636#*#*

As always I am tinkering with my Android Phone devices for something new and fun to play with. Tonight I came across the following code: *#*#4636#*#* on the Galaxy S4 that takes me into a testing mode. Everything from DNS, Network, Wireless Radios and I can even toggle my carrier modes …

This is just one of many not so secret codes; I am sure there are apps to find more. For now this is one I find useful. Feel free to email or hit me up on the social networks if you know of more.

Android Device Manager

Attn: Rachel

If you lost your phones, perhaps it was stolen; or your simply want to track your teen on his / her android phone or device. Google has a solution for that with its new Android Device Manager. With the Android Device Manager you can:

  • Ring your device: this allows you to cause your phone to ring and keep ringing to help you locate it. Even if you had the sounds turned off.
  • Erase your device: this allows you to remotely wipe your device to protect your data from getting into unwanted hands, e.g self shots of you in that bikini you trying on at the mall
  • Locate the device: this allows you to pull up a real time map of your device. And this is very accurate; so much its scary. If you have a pre-teen / teen with an account that you have access to, it makes it very simple to track their location.

So if you’re an Android user, I would highly suggest you set this up.

Android Device Manager: Unknown Location

Today I wanted to have some fun with the new Android Device Manager and find my phone to test out this new feature. I ran into a snag when I logged in. The site was unable to find my device, giving me the message: “Unknown Location”.

If your like me and want to correct this, you can do the following:

  1. Open Google Settings from your device’s apps menu.
  2. Touch Android Device Manager.
  3. Uncheck Allow remote factory reset.
  4. Go to your device’s main Settings menu, then touch Apps > All > Google Play services.
  5. Touch Clear Data.
  6. Go back to Google Settings and select Allow remote factory reset.
  7. Restart your device.

 

Once done you should be able to locate your Android device.