New Android Bug Called “Heartbleed for Mobile”

New security vulnerability in Android allows hackers to take control of a smartphone by sending a text message. The worst part is that for the vast majority of Android users, there’s no fix yet. The researcher who detected the vulnerability claims that even the small number of people using Google’s own smartphones Nexus are vulnerable to some of the effects of the flaw.

The bug affects a part of the Android OS called Stagefright. The latter allows smartphones and tablets display media content. So, a malicious video can deliver a software which will run on the phone and potentially allow an attacker to obtain access to data on the phone and spy on the owner through camera and microphone.

The problem is that Google’s messaging app Hangouts automatically pre-processes received videos, so if the malicious video is sent as an MMS message, it will immediately take over the device before you even know about it, because in this case the user doesn’t actually have to play the video to be hacked. In respond, Google announced that the newer versions of Android protect users from the worst effects of the vulnerability. Security experts called the bug “Heartbleed for mobile”, referring to the flaw that put thousands of websites at risk a year ago.

The researcher who discovered the problem revealed its details to Google a few months ago and even provided patches for the errors. He set a condition of a 3-month embargo before he went public, giving Google enough time to fix the flaw. But this discovery highlighted another security problem with Android: the speed with which fixes are received by end users. Google, the developer of Android, cannot push patches to most of Android devices produced by other companies, and the manufacturers often have to negotiate with mobile network operators to send patches to end users.

Pakistan Tried to Tap Worldwide Web Traffic

According to recent reports, Pakistani intelligence was trying to tap international web traffic via underwater cables. Apparently, this could give the country a digital espionage capacity to rival the United States.

It is claimed that Pakistan’s Inter-Services Intelligence agency hired third parties to acquire spying tool kits from abroad for domestic surveillance. The same reports claim that the agency sought access to tap data from “landing sites” passing through the country’s port city of Karachi. If succeeded, this would have effectively given it access to web traffic all over the world.

The country was known to negotiate with a European company two years ago to acquire the technology, but it is unknown whether the deal went through. The cables in question route data through various countries and regions – from Europe to Africa and all the way to south-east Asia, including traffic from North America and India.

It is suggested that the data collection sought in the agency’s proposal could rival some of the world’s most powerful surveillance programs (like those of the United States and the United Kingdom).

Back in June 2015, Pakistani rights campaigners and opposition lawmakers called for Islamabad to protect the privacy of its citizens after leaked documents revealed that the UK intelligence had obtained access to almost all of the Pakistani Internet users. The country is currently in the process of discussing its own cyber-crime law, which may threaten to curtail freedom of expression and privacy if not amended.

Finally, the local rights groups also expressed concern over a provision in the bill that allows the government to share collected data with foreign spy agencies, including the US NSA.

MtGox Founder Arrested in Japan over lost Bitcoins

Mark Karpeles, 30, the ex-boss of the now defunct popular Bitcoin exchange MtGox, was arrested in Japan over the disappearance of millions of dollars worth of the cryptocurrency.

 

 

The French-born Mark Karpeles was accused of falsifying information on the outstanding balance of the Bitcoin exchange, which used to be the world’s largest hub for trading cryptocurrency. According to Japanese news reports, officials from the Tokyo metropolitan police claimed that Mark Karpeles allegedly manipulated the exchange computer system to inflate its assets.

After media reports emerged about his arrest, Mark Karpeles claimed that the allegations were “false” and he would “of course deny” them. When the exchange filed for bankruptcy last year, Karpeles explained that 750,000 customer Bitcoins and another 100,000 Bitcoins that belonged to MtGox disappeared due to a software security bug. At the time of the bankruptcy filing, these 850,000 Bitcoins were worth $480m. The cryptocurrency exchange also said that over $27m was missing from its Japanese bank accounts.

Mark Karpeles blamed hackers for the loss and later announced that he was never going to hide from justice and managed to recover 200,000 of the lost Bitcoins. He was known as a self-proclaimed geek saying he was uncomfortable in his native country and hadn’t been back in years. The MtGox founder became interested in Bitcoin when one of the clients of his web-hosting services offered to pay in cryptocurrency.

After a while, MtGox was dominating global trade in Bitcoin. However, back in 2012, employees at the Tokyo-based exchange have already challenged the founder on issues including client money being used to cover costs.

Google Receives 18 DMCA Requests Every Second

Rights owners send Google more and more copyright takedown requests. The statistics said that the search engine is required to remove 18 links to "pirate" pages every second, and this number continues to grow. Rights owners can be understood – by sending takedown notices, they hope to steer prospective customers away from pirate portals.

The number of DMCA notices has increased dramatically over the years – while 7 years ago Google received only a few dozen requests per year, now the same number is reached in a few seconds. For example, over the past month, copyright holders submitted about 47 million notices, which makes it 18 links per second. As for the last week, the company got a staggering 12.5m reported links, which proves that the surge in notices is still ongoing.

The largest number of requests comes from the BPI and RIAA – they have sent notices for 5.5 million URLs over the past month (12% of all notices). However, the outfits are topped by takedown agencies Rivendell and Degban, who account for reporting 7.7 and 6.3 million links respectively.

Overall, within the past month, over 2,600 rights owners submitted takedown notices targeting 77,500 separate domain names. The top targets include the relatively unknown MP3 search engine myfreemp3.re and a number of The Pirate Bay related domains.

Usually, Google removes all of the reported URLs, but sometimes takedown notices also include duplicate or non-infringing links, and in this case the company takes no action. Even despite such a huge number of processed requests, many copyright holders are still not happy with the search engine’s take on the piracy problem. For example, such Hollywood representatives as the RIAA and MPAA have repeatedly stressed that Google does not do enough to remove pirated content from the top search results.

In respond, the company has gradually altered its search algorithms. In October 2014, Google introduced the most significant change yet, downranking websites that often link to pirated content.

Still, the entertainment industry continues to urge the company to completely de-list infringing domains and boost the rankings of legal alternatives. Apparently, until Google agrees to comply, the number of reported links wouldn’t decrease.