Android phones vulnerable to Qualcomm bugs

Security researchers from Tencent’s Blade Team are warning Android smartphone and tablet users of flaws in Qualcomm chipsets, called QualPwn. The bugs collectively allow hackers to compromise Android devices remotely simply by sending malicious packets over-the-air – no user interaction required.

Three bugs make up QualPwn (CVE-2019-10539, CVE-2019-10540 and CVE-2019-10538). The prerequisite for the attack is that both the attacker and targeted Android device must be active on the same shared Wi-Fi network.

“One of the vulnerabilities allows attackers to compromise the WLAN and modem, over-the-air. The other allows attackers to compromise the Android kernel from the WLAN chip. The full exploit chain allows attackers to compromise the Android kernel over-the-air in some circumstances,” wrote researchers.

All three vulnerabilities have been reported to Qualcomm and Google’s Android security team and patches are available for handsets. “We have not found this vulnerability to have a public full exploit code,” according to a brief public disclosure of the flaws by the Tencent Blade Team.

Researchers said their focus was on Google Pixel2 and Pixel3 handsets and that its tests indicated that unpatched phones running on Qualcomm Snapdragon 835 and Snapdragon 845 chips may be vulnerable.

A Qualcomm spokesperson told Threatpost in a statement: “Providing technologies that support robust security and privacy is a priority for Qualcomm. We commend the security researchers from Tencent for using industry-standard coordinated disclosure practices through our Vulnerability Rewards Program. Qualcomm Technologies has already issued fixes to OEMs, and we encourage end users to update their devices as patches become available from OEMs.”

The first critical bug (CVE-2019-10539) is identified by researchers as a “buffer copy without checking size of input in WLAN.” Qualcomm describes it as a “possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length.”

All it takes a WhatsApp call for the spyware to enter your phone

It’s been a day of high-profile security incidents. First there was news the popular WhatsApp messenger app was hacked. Updated versions of WhatsApp have been released, which you should install if you’re one of the more than one billion people who use the app.

WhatsApp has confirmed that a security flaw in the app let attackers install spy software on their targets' smartphones. The spyware install on a host phone via a WhatsApp call. The spyware deletes all WhatsApp call logs to become untraceable.

On Wednesday, chip-maker Intel confirmed that new problems discovered with some of its processors could reveal secret information to attacks.

What's scary about this spyware is that it can slip on any WhatsApp users' smartphone without giving the slightest clue that their devices have been infected. All it takes is a WhatsApp call.

The WhatsApp news was revealed first by the Financial Times, which says the bug was used in an attempt to access content on the phone of a UK-based human rights lawyer.

That has left many of its 1.5 billion users wondering how safe the "simple and secure" messaging app really is. How trustworthy are apps and devices?

No. Messages on WhatsApp are end-to-end encrypted, meaning they are scrambled when they leave the sender's device. The messages can be decrypted by the recipient's device only.

WhatsApp is arguably one of the most popular social messaging apps in the world. In the recent times, the Facebook-owned social messaging app has been under fire owing to the rampant spread of misinformation on its platform. But never has the app been under seige by a malware. That is until now.

WhatsApp has rolled out an update to its servers. It has also rolled out a security patch on to its Android and iOS apps to safeguard your phone data. Software patches have been released by several vendors, including Microsoft. You should install security updates from vendors promptly, including these.

Saudi Arabia behind Jeff Bezos' phone hack

The investigators of Amazon chief’s release of intimate images believes that Saudi Arabian authorities were behind it.

According to the security officer of Amazon boss Jeff Bezos 
the Saudi Arabian authorities hacked into his phone, and obtained private data from it. 

Gavin De Becker, a longtime security consultant, launched the investigation after the National Enquirer published intimate texts between Bezos and his mistress, a television anchor Lauren Sanchez.

Last month, Bezos accused the newspaper’s owner of trying to blackmail him with the threat of publishing 'intimate photos' he allegedly sent to Sanchez unless he said in public that the tabloid’s reporting on him was not politically motivated.

"Our investigators and several experts concluded with high confidence that the Saudis had access to Bezos' phone, and gained private information," de Becker wrote on The Daily Beast website.

Last month,  the incident came into light when Mr Bezos acccused the owner of the tabloid of threatening him to publishing the ”intimate photos" that he allegedly sent to Ms Sanchez unless he did not publicly state that the tabloid's coverage of him was not politically motivated.

The Last Minute Deal against the Murdoch Papers

The very late arrangement or better known as the last minute deal on Thursday in regards to the Phone-hacking cases brought by Vic Reeves, Kate Thornton and two others against Rupert Murdoch's Sun and News of the World earned the two sides a censure from Mr Justice Mann, who griped that issues vital to another 47 hacking cases in the pipeline that had not been resolved yet.

The classified settlement was concurred with comedian Reeves, whose real name is Jim Moir; television presenter Kate Thornton, Coronation Street on-screen actor Jimmi Harkishin and talent hunter Chris Herbert. Murdoch's News Group Daily papers were likewise anticipated that would pay their expenses, assessed at £4m altogether.

                                            (Jim Moir , Kate Thorton and Jimmi Harkishin)

The case had likewise been expected to hear assertions of hacking by journalists at the Sun. News UK have never conceded that any hacking occurred at neither the day by day level, nor any wrongdoing by senior administrators. The very late agreement implied that neither of these issues was starting at yet decided.

The charges of wrongdoing by James Murdoch and Rebekah Brooks additionally assume an imperative part in the hacking instance of pipelines also.

In spite of the fact that David Sherborne, counsel for the claimants, told the court that the claimants would 'allege criminality at the most senior level" with James Murdoch and Rebekah Brooks as a feature of the case.

Mann also brought into everyone's notice that Murdoch's News Group Daily papers had made "admissions of unlawful activity at the News of the World but it has made none at the Sun" with regards to the pre-trial entries and submissions he had gotten. Additionally griping that the case had taken a long time to prepare and reach the trial stage, and that other disputants in the pipeline had now been denied of the chance to see issues of risk being resolved in an experiment or better yet in a test case.

The judge told the court that the last minute settlement of the four cases was a "serious matter" in light of the fact that the court had given "a significant amount of time and resources" to setting them up for trial because of the apparent significance of the case.

The settlement of a “a useful test case raises troublesome issues" for others, wanting to bring claims, he stated, including that the future hacking litigation would need to be managed in a quite unexpected way.

Ed Miliband, the previous Labour leader and a critic of the Murdoch family, stated: 
"This last-minute deal is yet another case of the Murdochs going to extraordinary lengths to prevent detailed scrutiny of what really happened at their newspapers. It shows why we need the Leveson 2 [press] inquiry to get to the truth."

Rupert Murdoch's 21st Century Fox is as yet looking for administrative endorsement from the Opposition and Markets Specialist and Authority for a full takeover of the satellite broadcaster Sky, albeit some resistance government officials, including Miliband, have said the media big shot ought to be kept from closing the deal, halfway on account of the phone-hacking allegations.