The flaws were found by security company Zimperium, which also unearthed the original Stagefright flaws in April.
In an advisory Google said it didn’t appear that attackers have started exploiting the vulnerabilities yet.
The latest flaws are only slightly less dangerous than their predecessors, which allowed a device to be compromised merely by sending a specially crafted multimedia message (MMS). An attacker needed only to know the victim’s phone number.
To exploit the latest flaws, dubbed Stagefright 2.0, an attacker would have to convince a user to visit a website and play a piece of audio or video content.
The vulnerabilities relate to problems with how Android processes metadata within that content, Zimperium said in a blog post.
Google has released an over-the-air update for its Nexus Android devices and had notified its partners of the issues by Sept. 10, the company said.
Zimperium held off releasing proof-of-concept exploit code but will allow some of its partners to see it later this month, it said.
In light of the number of users affected by Stagefright, Google said in August it would begin issuing monthly security patches, mirroring steps taken years ago by companies including Microsoft for desktop software.
Still, fixing software problems on mobile devices is a disjointed affair and users are dependent on device manufacturers and operators for timely patching. After Google’s announcement, major manufacturers including Samsung and LG also committed to monthly patching.
Jim Zemlin, chief executive of the Foundation, said in his opening remarks that this year’s opening day falls on the 24th anniversary of Linux itself and the 30th of the Free Software Foundation, giving credit to delegates for their part in the success of both.
He also noted that research conducted into the value of the Linux codebase has shown that in the past few years the code has been worth over $5bn.
As part of the launch he also made three key announcements. Firstly, a workgroup is being created to standardise the future of the software supply chain. The Openchain workgroup is centred on creating best practices to ease compliance for open source developers and companies.
In doing so it is hoped that cost and duplication of effort can be reduced significantly, and in doing so ease friction points in the supply chain. The workgroup’s founder members include ARM, Cisco, NexB, Qualcomm, SanDisk and Wind River.
By providing a baseline process, which can then be customised according to customer need, Linux developers will have a basis for monitoring and developing compliance programmes.
Existing best practices such as Debian and the Software Package Data Exchange will be used as foundations for the framework.
The second announcement involves an acceleration to the process of real-time Linux development. the Real-Time Linux Collaborative Project will bring together industry leaders and thinkers to advance the type of tech that is crucial for areas such as robotics, telecom, manufacturing, aviation and medical industries.
Two of this morning’s keynotes centred around the ideas of real-time Linux. Sean Gauley, founder of big data analysts Quid, talked about the $300m spent on a new London to New York undersea cable to cut just five milliseconds off data speed, coupled with the seven minutes of downtime the New York Stock Exchange has to suffer while humans crunch the impact of a Treasury announcement.
The Real-Time Linux Collaborative Project brings together organisations as diverse as Google, Texas Instruments, Intel, ARM and Altera.
Thomas Gleixner of the Open Source Automation Development Lab has been made a Linux Foundation fellow in order to lead the process of integrating real-time code into the main Linux kernel, which Zemlin joked would be finished within six months.
In reality this is a long-term goal, albeit a highly achievable one that could revolutionise a number of key industries.
Finally, FOSSology, the open source licence compliance software project and toolkit founded by HP in 2007, is moving home to become part of the Linux Foundation. With it comes FOSSology 3.0, due for release this week.
“As Linux and open source have become the primary building blocks for creating today’s most innovative technologies, projects like FOSSology are more relevant than ever,” said Zemlin.
“FOSSology’s proven track record for improving efficiency in licence compliance is the perfect complement to a suite of open compliance initiatives hosted at the Linux Foundation. This work is among the most important that we all do.”
FOSSology allows companies to run licence and copyright scans in a single click, and generate a Software Package Data Exchange, or readme file.
By moving the project to the Linux Foundation, the toolkit is kept in neutral hands alongside other initiatives such as the Core Infrastructure Initiative, the Open Container Project and Dronecode.
Dronecode’s Loenz Meier spoke alongside Tully Foote of the Open Source Robotics Foundation about their quest to “take back” the term ‘drone’ from its negative military connotations.
The team, whose work in Switzerland dates back to “when they were still called model aircraft”, included information about Mavlink, the self-styled ‘HTML for drones’, and Robot Operating System, a meta operating system for autonomous devices.
The team has been concentrating primarily on using telemetry data to allow drones to navigate around objects, in a similar way to that being achieved by Google’s self-driving cars.
LinuxCon Europe runs until Wednesday, bringing together representatives from back bedroom developers to giant corporations like Facebook, all sharing a common goal to nurture the community which approaches its quarter century primed to take over even more aspects of our everyday lives – quiet, unassuming but always there.
Speakers this year include people from Suse, Red Hat, Google, Raspberry Pi and the godfather of Linux, Linus Torvalds.
The INQUIRER will be talking tomorrow to some top bods from the Linux community. So early to bed for us tonight and absolutely no Guinness.
Google, which has now transitioned into holding company Alphabet Inc, is in talks with messaging startup Symphony Communication Services LLC for a round of fundraising, a person familiar with the matter told Reuters.
Symphony’s chat service allows financial firms, corporate customers and individuals to put all of their digital communications on one centralized platform.
The talks are ongoing and no terms are finalized yet, the source added.
The Wall Street Journal, citing people familiar with the matter, reported earlier on Monday that Google invested in a new round of funding for Symphony that values the company at about $650 million.
The service is backed by Goldman Sachs Group Inc and other big Wall Street banks.
Goldman led a group of 14 banks including Bank of America Corp, Citigroup Inc and JPMorgan Chase & Co in making a $66 million investment in Symphony last October, when Symphony was set up. Symphony spokeswoman Samantha Singh declined to comment.
Many on Wall Street think of Symphony as a rival to Bloomberg LP and Thomson Reuters Corp, which provide messaging and information services for bankers, traders and investors.
Those terminals can cost tens of thousands of dollars per year for each customer.
Symphony is available to businesses with more than 50 users for $15 per user per month. Smaller businesses and individuals can use the tool for free.
Microsoft has been pursuing a more collaborative approach under CEO Satya Nadella, engaging longtime rivals like Salesforce, VMware and Apple. There hasn’t been much love between Microsoft and Google, but an announcement on Wednesday points towards an easing of those tensions.
Google and Microsoft have reached a broad agreement on patent matters, with a legal settlement ending some 20 lawsuits between the companies in the U.S. and Germany. Financial terms weren’t disclosed, but the deal brings a laundry list of lawsuits to a close.
“Microsoft and Google are pleased to announce an agreement on patent issues,” they said in a joint statement. “As part of the agreement, the companies will dismiss all pending patent infringement litigation between them, including cases related to Motorola Mobility.”
They also agreed to collaborate on patent matters and work together “to benefit our customers.”
The suits that have been settled include those related to mobile phones, video encoding and Wi-Fi technologies. That doesn’t mean Microsoft has given up its campaign to collect royalties from Android device makers for the mobile operating system’s alleged infringement of Microsoft patents.
It’s not clear from the statement what patent matters the companies will be working on together in the future, but changes have already begun. The two companies agreed earlier this month to work together (alongside other firms like Netflix and Mozilla) on a royalty-free video codec.
It remains to be seen if the settlement will lead to more work between Microsoft and Google in other areas. A major sticking point for consumers has been the lack of a Google-made YouTube app for smartphones and tablets running Windows.
The vulnerabilities can lead to remote code execution on almost all devices that run Android, starting with version 1.0 of the OS released in 2008 to the latest 5.1.1, researchers from mobile security firm Zimperium said in a report published Thursday.
The flaws are in the way Android processes the metadata of MP3 audio files and MP4 video files, and they can be exploited when the Android system or another app that relies on Android’s media libraries previews such files.
The Zimperium researchers found similar multimedia processing flaws earlier this year in an Android library called Stagefright that could have been exploited by simply sending Android devices a maliciously crafted MMS message.
Those flaws triggered a coordinated patching effort from device manufacturers that Android’s lead security engineer, Adrian Ludwig, called the “single largest unified software update in the world.” It also contributed to Google, Samsung and LG committing to monthly security updates going forward.
One of the flaws newly discovered by Zimperium is located in a core Android library called libutils and affects almost all devices running Android versions older than 5.0 (Lollipop). The vulnerability can also be exploited in Android Lollipop (5.0 – 5.1.1) by combining it with another bug found in the Stagefright library.
The Zimperium researchers refer to the new attack as Stagefright 2.0 and believe that it affects more than 1 billion devices.
Since the previous attack vector of MMS was closed in newer versions of Google Hangouts and other messaging apps after the previous Stagefright flaws were found, the most straight-forward exploitation method for the latest vulnerabilities is through Web browsers, the Zimperium researchers said.
Zimperium reported the flaws to Google on Aug. 15 and plans to release proof-of-concept exploit code once a fix is released.
That fix will come on Oct. 5 as part of the new scheduled monthly Android security update, a Google representative said.
Put your Android whatever back in its sand bucket. It is facing another threat. This one is spooky sounding and has been dubbed Ghost Push by Yang Yang and Jordan Pan of the Trend Micro security labs outfit.
The threat presents itself to people who download things from untrusted third-party stores, which is not everyone, and seems to behave in a way that is sophisticated – unlike perhaps people who download things from untrusted sites. Ghost Push is not new and neither is this method of infection.
“Halloween is still a month from now yet Android users are already being haunted by the previously reported Ghost Push malware, which roots devices and makes them download unwanted ads and apps. The malware is usually packaged with apps that users may download from third-party app stores,” said Yang and Pan.
“Further investigation of Ghost Push revealed more recent variants which, unlike older ones, employ routines that make them harder to remove and detect.”
Pan and Yang said that there are some 20 variants of Ghost Push in the wild, and that the threat has been active since April. It has ramped itself up during September and is presenting the worst side of itself in India and Indonesia, where 32 and 24 percent of infected devices can be found.
Trend does not think that this ghost theme is related to the XcodeGhost malware that bothers iOS users, but it does think that someone quite sophisticated is behind the attacks.
“It is likely that a team of cyber criminals are behind Ghost Push and they are not exactly new to the malware creation industry,” the researchers wrote.
“This group has already published 658 different malicious applications (1,259 different versions) in third-party app stores unrelated to Ghost Push. One of these apps has infected more than 100,000 devices, two more than 10,000 and seven more than 1,000.”
Third-party download sites are the reason for most of the affected devices and applications, but Yang and Pan said that a couple made it through to the official Google Play store.
“We also found two legitimate apps unrelated to Ghost Push that the same creators published on Google Play, which have since been removed,” they said, explaining that these apps accumulated some 10,000 downloads before being pulled.
“These show that this group possesses ample technical knowledge to effectively victimise thousands of devices and evade detection,” Yang and Pan said.
Once a device is infected the malware can launch other applications and services and steal personal information.
The launch of the phones, the Nexus 6P and the Nexus 5X, comes a day after Apple Inc reported record first-weekend sales of its new iPhones.
The Nexus 5X 16 GB model will be priced at $379, while the Nexus 6P 32 GB will cost $499, Google said at an event live-streamed on YouTube.
Apple’s 6s and 6s Plus start at $199 and $299, respectively, with a two-year service-provider contract.
Nexus devices, which typically do not sell as much as iPhones or iPads, are a way for the tech giant to showcase its latest advancements in mobile hardware and software.
Google also unveiled a tablet built entirely by the company based on its Android operating system.
The latest version of Android, dubbed Marshmallow, will be available to existing Nexus customers from next week.
The Android mobile platform is a key element in Google’s strategy to maintain revenue from online advertising as people switch from Web browser searches to smartphone apps.
The Nexus 5X is made by South Korea’s LG Electronics Inc and the Nexus 6P by China’s Huawei Technologies Co Ltd . Both phones feature Google’s new fingerprint sensor, Nexus Imprint, which is located on the back.
The fingerprint sensors will help quickly authorize purchases made through Android Pay, the one-touch payment app on Android devices that competes with Apple Pay.
The phones are available for pre-order on the Google Store from a number of countries including the United States, the United Kingdom, Ireland and Japan.
The Pixel C tablet will cost $499 for the 32 GB model and can be bought with a detachable keyboard, which will cost $149.
The tablet will be available in time for the holiday season on the Google Store.
The offer, however, does excludes devices sold or running on the AT&T network. But it does apparently apply to a lease or installment plan from T-Mobile, Sprint, Verizon Wireless or US Cellular. The devices that are eligible are the Galaxy S6, Galaxy S6 Edge, Galaxy Note 5 and the Galaxy S6 Edge Plus.
In one example, a Galaxy S6 through Verizon would require a $24 monthly payment for 24 months to pay off the device. Samsung’s offer covers those payments up to $120. The redemption period ends Oct. 9, according to online conditions.
For smartphone users switching to Galaxy from the iPhone, the $100 award will come in the form of a $100 Google Play gift card.
This isn’t the first time Samsung has attempted to lure iPhone customers. In August, Samsung offered U.S. iPhone users a 30-day test drive of a Galaxy phone for $1.
Samsung has been hot on the tail of Apple for years, and is expected to set up its own leasing program; Apple announced the iPhone Upgrade Program on Sept. 9. “If Apple does it, then it must be good enough for Samsung,” said Roger Entner, an analyst at Recon Analytics.
“We are happy to announce that our new acoustic models are now used for voice searches and commands in the Google app (on Android and iOS), and for dictation on Android devices,” Google’s Speech Team wrote in a recent blog post . “In addition to requiring much lower computational resources, the new models are more accurate, robust to noise, and faster to respond to voice search queries.”
In 2013, Google brought the same voice recognition tools that had been working in Google Now to Google Search.
Along with being able to find information on the Internet, Google Voice Search also was able to find information for users in their Gmail, Google Calendar and Google+ accounts.
At the 2013 Google I/O developers conference, Amit Singhai, today a senior vice president and Google Fellow, said the future of search is in voice. For Google, he said, future searches will be more like conversations with your computer or device, which also will be able to give you information before you even ask for it.
The company went on to make it clear that it would continue to focus on voice search.
And this week’s announcement backs that up.
Google explained in its blog post that it has updated the neural network it’s using for voice search. A neural network is a computer system based on the way the human brain and nervous system work. It generally uses many processors operating in parallel.
The improved neural network is able to consume the incoming audio in larger chunks than conventional models without performing as many calculations.
“With this, we drastically reduced computations and made the recognizer much faster,” the team wrote. “We also added artificial noise and reverberation to the training data, making the recognizer more robust to ambient noise.”
The phone, called Priv, will also include BlackBerry security and productivity tools, Chairman and CEO John Chen told investors last week.
The move suggests that Chen still can’t decide whether BlackBerry should focus on the more profitable enterprise mobile device and application management software sector, or remain a loss-making phone maker with one foot still in the cut-throat consumer electronics market.
On Friday, BlackBerry reported revenue of $490 million for the three months to Aug. 29, down from $916 million a year earlier. The company scraped up a net income of $51 million with an accounting manipulation, revaluing debentures to the tune of $228 million. Gross margin was down, however, while fixed selling costs remained largely unchanged from a year earlier.
Software licensing revenue jumped 33 percent, however, suggesting that BlackBerry’s mobile device and application management business, supplemented after the quarter ended with the $425-million acquisition of Good Technology, is on the up.
The company added 2,400 enterprise software licensees during the quarter, but 60 percent of these were cross-platform licenses, meaning that BlackBerry’s software will be used to manage the security of phones from other vendors.
Sales of its own phones dropped precipitously: It recognized revenue from shipment of just 800,000 phones running BlackBerry OS in the quarter, down from 2.1 million a year earlier.
In the first five months of 2015, publishers’ revenues from e-books sales fell 10 per cent to $610.8 million, according to the Association of American Publishers, compared to a 2.3 per cent drop in print book sales in the fiction, nonfiction and religious categories (that the industry calls trade books.)
Anyone with common sense will tell you that the reason ebook sales are falling is because greedy publishers jacked up the price until people failed to see the point of ebooks. Ebook prices have risen and serious readers still prefer the tactile pleasure of a physical book and will choose that over a digital book for the same price.
Ebooks generated 24.9 per cent of publisher revenues between January and May, down from a peak of 26.5 per cent in the year earlier period.
Barnes & Noble reporting slight gains in comparable sales in its core book selling business after years of declines that had led many to wonder whether the largest remaining bookstore chain might suffer the same fate as Borders, which went out of business four years ago.
On the e-reader front, about 12 million devices industries wide were sold last year, down 40% from the nearly 20 million sold in 2011.
The U.S. Federal Trade Commission has initiated a preliminary investigation into whether Google Inc utilizes its Android operating system to dominate competitors as more consumers go mobile, two sources familiar with the matter said on Friday.
The Android mobile platform is a key element in Google’s strategy to maintain revenue from online advertising as people switch from Web browser searches to smartphone apps. The FTC had previously investigated Google for allegedly breaking antitrust law in a separate case but that probe ended in a settlement.
Reuters reported in April that some technology companies had complained to the U.S. Department of Justice about Google’s anti-competitive practices and urged the regulator to investigate allegations that Google unfairly uses its Android system to hurt rivals.
The FTC and the Justice Department conferred, and decided that the FTC would take the case, one source said. The probe is in its very early stages, according to sources.
Both Google and the FTC declined comment. In a blog post in April, a top Google executive defended the way the company handles Android, saying other firms could use Android without Google but that working with Google benefits consumers by giving them a better experience with their phone.
The FTC probe focuses on Google’s requirements that its search, maps and other products be given a prominent place on handsets. The demands make it impractical for handset makers to put Google rivals on their smartphone’s home screen.
Android is the top smartphone platform with 51.6 percent U.S. market share, according to an August report from analytics from comScore. Apple is in second place with 44.1 percent.
Fairsearch, a technology trade group, said it welcomed the FTC probe, adding that Google”has used a range of anticompetitive tactics.”
“The stakes are extremely high, because Google’s behavior impacts the entire mobile ecosystem, including map and location services, and app developers,” the group said in a statement.
App makers offering alternatives to Google’s popular products, such as HERE for maps or Microsoft for search, would benefit if the Mountain View tech giant’s hold on Android is weakened, though a slow legal process means they likely will not see relief anytime soon, said analyst Bob O’Donnell of TECHnalysis Research.
Instagram, a five-year-old site for posting and photos and video online, has solidly surpassed rival Twitter to claim the No. 2 spot in the social networking world – behind parent company Facebook.
“Given that Facebook owns Instagram, that certainly makes them the king of the social networking mountain,” said Dan Olds, an analyst with The Gabriel Consulting Group. “Instagram is aimed squarely at mobile devices, and that makes it very easy for users to shoot and post very quickly. It also has the patina of ‘cool’ with hip users — mainly arising from young users adopting it as their own.”
Instagram is gaining momentum. In December of last year, the company said it reached the 300 million monthly user mark. Less than a year later, the site has added another 100 million active users.
Despite the surge in monthly users, Instagram is still far behind Facebook, the world’s largest social network with more than 1 billion worldwide users.
However, the numbers put Instagram beyond Twitter, which in June reported316 million active monthly users. Instagram is also well ahead of Google+, which reportedly has about 300 million active monthly users.
“While milestones like this are important, what really excites us is the way that visual communication makes the world feel a little bit smaller to every one of us,” Instagram wrote in a blog post. “Our community has evolved to be even more global, with more than 75% living outside of the U.S. To all the new Instagrammers: welcome!”
Among the last 100 million to join, more than half live in Europe and Asia, the company noted. The countries that added the most Instagram users include Brazil, Japan and Indonesia.
T-Mobile US Inc offered the least expensive option to own the latest iPhone at $5 under the company’s trade-in plan, amid fierce competition among the top U.S. carriers ahead of Apple Inc’s highly anticipated phone launch.
Customers can get a 16 GB iPhone 6s for $5 per month without upfront payment, under an 18-month lease, in exchange of an iPhone 6, 6 Plus or Samsung Electronics Co Ltd’s Galaxy Note 5 and Galaxy S6 versions under T-Mobile’s latest plan.
They can also get a 16 GB iPhone 6s Plus for $9 per month under the plan.
Sprint Corp currently offers an iPhone 6s for $15 per month, under a 22-month lease, with its trade-in plan.
U.S. carriers are also pressured by Apple’s own financing scheme for an unlocked iPhone that gives customers the freedom to switch between carriers.
Demand for new iPhones were on pace to beat the 10 million units the previous versions logged in their first weekend last year, Apple said earlier this month.
T-Mobile Chief Executive John Legere tweeted on Tuesday that iPhone 6s preorders were 30 percent higher than a year earlier.
“If Apple does it, then it must be good enough for Samsung,” said Roger Entner, an analyst at Recon Analytics. “The two companies are in an intense fight and Samsung cannot let Apple have a leg up on just about anything.”
Samsung did not comment directly on any plans to set up a leasing program, but a spokeswoman did tell Computerworld, “Samsung continuously evaluates trends and assesses business growth opportunities…. We remain committed to growing our mobile business in the U.S.”
Samsung launched its newest Galaxy devices on Aug. 21: the Galaxy S6 Edge Plus and Note 5.
Forbes reported Sunday that Samsung may be launching its leasing program for Galaxy devices within the next several months in the U.S., quoting an unnamed industry official.
Apple announced its iPhone Upgrade Program on Sept. 9; it lets a U.S. customer select an unlocked iPhone at an Apple retail store after making an appointment.
After the Apple announcement, several financial and technology analysts declared Apple’s move as a bold one that allows savvy smartphone users to mostly bypass a carrier. Jan Dawson, an analyst at research firm Jackdaw, called Apple’s upgrade plan a game-changer.
While Apple’s distribution of installment plan phones is limited, Samsung’s “will be even more limited, unless Samsung can get some retailers to partner with for distribution,” Entner said. Samsung today sells devices through Best Buy and other U.S. retailers, but Entner said that is still a limited channel. He estimated the top four U.S. wireless carriers together have 10,000 retail outlets.
Major U.S. carriers have mostly been quiet about the Apple announcement, and didn’t respond to questions about Samsung’s expected launch of a leasing plan.