Tag: devices

By Davey Winder for Forbes

At the start of May, I reported on a critical security vulnerability that could impact every Samsung Galaxy smartphone sold from late 2014 onwards. That zero-click bug scored a perfect 10 on the vulnerability severity scale. The good news was that it had been patched in the Samsung May 2020 security update. Just as Android users were recovering from that security shocker, and some have yet to get that update on their devices, it should be noted, along comes one more.

This time it’s in the form of another critical vulnerability, but rather than applying to Samsung devices only, it’s an issue that exists in almost every version of Android. Only users of Android 10 need have no concern here, all other versions of Android, however, are potentially affected. Given that, in April, Android 10 only accounted for around 16% of users, and Google itself says there are at least 2 billion Android users out there, that’s north of 1 billion Android devices potentially at risk.

The risk being that, if exploited by an attacker, this vulnerability could lead to an elevation of privilege and give that hacker access to bank accounts, cameras, photos, messages and login credentials, according to the researchers who uncovered it. What’s more, it could do this by assuming “the identity of legitimate apps while also remaining completely hidden.”

What is StrandHogg 2.0?
Researchers at a Norwegian security company called Promon discovered CVE-2020-0096, which they called StrandHogg 2.0: the more cunning “evil twin” to the original Android StrandHogg vulnerability it also found last year. “While StrandHogg 2.0 also enables hackers to hijack nearly any app,” the researchers said, “it allows for broader attacks and is much more difficult to detect.”

Rather than exploit the same TaskAffinity control setting as the original StrandHogg vulnerability, StrandHogg 2.0 doesn’t leave behind any markers that can be traced. Instead, it uses a process of “reflection,” which allows it to impersonate a legitimate app by using an overlay into which the user actually enters credentials. But that’s not all; it also remains entirely hidden in the background while hijacking legitimate app permissions to gain access to SMS messages, photos, phone conversations, and even track GPS location details. Using the “correct per-app tailored assets,” the Promon researchers said, StrandHogg 2.0 can “dynamically attack nearly any app on a given device simultaneously at the touch of a button.”

Stealthier than your average StrandHogg
Detection would also appear to be more complicated than the previous StrandHogg vulnerability. “No external configuration is required to execute StrandHogg 2.0, it allows the hacker to further obfuscate the attack,” the researchers said, “as code obtained from Google Play will not initially appear suspicious to developers and security teams.”

However, Google told TechCrunch, which broke the StrandHogg 2.0 news, that it had not seen any evidence of the vulnerability being exploited to date. I reached out to Google and a spokesperson told me: “We appreciate the work of the researchers, and have released a fix for the issue they identified. Additionally, Google Play Protect detects and blocks malicious apps, including ones using this technique.” The latter being important as exploitation of the vulnerability requires the device to already be infected by a malicious app.

How can you mitigate this critical Android vulnerability?
It’s not all bad news for Android users, though. Those with devices running Android 10 are not impacted. There’s more good news for those of you who are, however, running Andorid 9 or earlier, as Google included a patch for CVE-2020-0096 in the May 2020 Android security update. It was described there as a critical vulnerability that could enable a local attacker to use a specially crafted file to execute arbitrary code within the context of a privileged process. The usual fractured ecosystem warnings from me have to be flagged up at this point: many users will not see that update rolling out to them immediately, and some may never see it at all if they have an older unsupported device.

Tod Beardsley, research director at Rapid7, said that “since the fix for this bug is part of the core Android operating system, Android users are once again at the mercy of their handset manufacturers and their service providers, who are often slow to act when it comes to distributing security patches. People who are worried about this bug in particular should keep a close eye on when the fix for CVE-2020-0096 hits their particular distribution.”

“Attackers looking to exploit StrandHogg 2.0 will likely already be aware of the original StrandHogg vulnerability, and the concern is that when used together, it becomes a powerful attack tool for malicious actors,” Tom Lysemose Hansen, Promon CTO and founder, said. He recommends Android users update to the latest firmware as soon as they can, and advises app developers to “ensure that all apps are distributed with the appropriate security measures in place in order to mitigate the risks of attacks in the wild.”

“Android device users need to be cautious of the apps they choose to install. Even as Google works to protect their users, malicious apps will still likely slide past their screening process on occasion,” Boris Cipot, a senior security engineer at Synopsys, said. “One way that users can stay alert and mindful is to do a bit of research on the app developers before downloading a given app. Check where the app comes from and if anything seems off, then think twice before proceeding with installation,” Cipot concluded.

Promon has issued a disclosure timeline, which shows it notified Google of the vulnerability on December 4, 2019, and an ecosystem partner patch was rolled out in April 2020 before the public fix within the latest Android security updates for users.

By Jodie Cook for Forbes

We win at life when we are in control of the devices that we use to facilitate our day-to-day. We lose at life when they control us.

Addiction is defined as a compulsion towards a particular substance or activity. Being addicted to your smartphone, specific apps or the internet zaps your energy, reduces productivity and has harmful implications including anxiety, compulsion and inability to focus. The Centre for Internet and Technology Addiction designed a test to see if you’re addicted to your phone.

In Cal Newport’s book, Digital Minimalism, he differentiates between compulsory and optional technologies. Compulsory technologies are those devices, apps and actions that you absolutely need to do – to keep your job and pay your bills. Optional technologies include everything else. Within the book he advises that readers conduct an analysis on those technologies that are compulsory and optional to them, then take steps to reduce or eliminate those they deem optional.

In Thrive, by Arianna Huffington, she talks about training your mind to resist checking your smartphone. It’s not easy, but it can be done and she describes the benefits in happiness and wellbeing of achieving this level of control over your device.

In a nutshell, the way you stop your smartphone ruining your life is by using it less. Sounds simple, but unless there’s a plan in place it probably won’t happen. Here’s the plan:

Wear a watch
If every time you want to check the time you reach for your phone, you run the risk of regularly starting the spiral of scrolling and checking that you’re trying to avoid. In James Altucher’s book, Choose Yourself, he talks about the loop he finds himself in whenever he picks up a device. Checking his blog comments, Twitter mentions, Amazon rankings and others is a 20-minute loop that he can do multiple times per day if he’s not careful.

Part of not letting your smartphone ruin your life is breaking habits. Wear a watch and reduce the number of times you need to pick it up all together.

Buy an alarm clock
Start your day the best possible way by being in control of it. If your smartphone is your alarm clock, it’s the first thing you touch in the morning, which probably means your first few minutes are dictated by whatever happens to be on your screen. If that’s a new text or an email you need to respond to, suddenly you’re not in control of how you spend your time. Buy an alarm clock that goes next to your bed and wakes you up without you needing to touch your phone, and then only pick your device up once you’re washed, dressed and ready to attack the day.

Get better at describing and remembering
You’re in a conversation and trying to name that actor in that film that was also in that other film. Or you’re talking about that video you saw of that dog doing that cool thing with the frisbee, the next thing you know, you’re pulling out your phone to look it up or to show your mate. Instead of giving in to this compulsion, cultivate your skills in remembering and describing. If you can always Google something, your brain learns that it doesn’t need to retain information. It learns to rely on your smartphone. Furthermore, if you can always show someone a picture, you won’t need to be good at describing anything. Practice recalling information and telling stories without the need for visual aids. It’s an art.

Set some rules
It seems crazy that our smartphones can connect with long lost friends from all over the world, yet we use them just as often to ignore the close friends right in front of us. There’s a word, ‘phubbing’, that means snubbing someone by being on your phone in their company. The person opposite you wants to spend time with you, as you do with them. You’re not going to live forever, your time on this planet is finite and then you’ll never see them again, so make the most of them whilst they’re here and give them your attention. Some personal rules I follow: don’t use your phone in company; don’t use your phone when you’re walking somewhere. The first is to develop friendships; the second is to avoid walking into lampposts.

Use the screen time monitor
Apple iPhones have a feature where they monitor your screen time and give you usage reports, including percentage change week to week. In 2017 the average American adult spent 2 hours and 51 minutes on their phone each day. Paying attention to this guidance is useful for gaining awareness of how much you’re looking at a screen. However, don’t just swap one screen for another. It’s all very well deleting Facebook from your phone but if you’re just going to use it on your laptop you haven’t changed your actions, just swapped which screen you’re looking at. Read a book, get outside, go for a meal – find alternatives to looking at screens all together.

Use the downtime function
Another feature of the iPhone is the ability to set a downtime timer, when your apps are blocked and out of use unless you manually override the block. My smartphone is set to ‘downtime’ between 10pm and 7am. One day soon it will be 9pm and 8am but I’m taking baby steps! See what you can do and experience how good it feels.

Turn off notifications
I read an article from the blog of Joel Gascoigne, founder of Buffer, whereby he conducted an experiment and turned all his smartphone notifications off. Notifications, really, are someone else’s priorities entering your space. Joel discovered that, at first, turning notifications off led to him checking apps more regularly, but then he grew to enjoy not having any and noted its positive influence on his focus and productivity, “with zero notifications, I feel like I can get my head stuck into a problem much more easily than I did before. I never realised when I had those notifications on that they truly could throw me off my current thought and cause me difficulty getting that focus back.”

Join the zero notification movement and see if it works for you!

Batch activities
You could check your emails, messenger and social networks every five minutes, or you could check them once a day and whizz through deleting, responding and delegating in one go. I’d wager that doing that latter would take far less time and break your concentration far less. What else could you batch? In Greg McKeown’s Essentialism, his motto is “less, but better”. Less checking email regularly but better responses when you do, because you’re focused on one task. Less checking social networks throughout the day but more enjoyment when you commit to catching up with your newsfeed once in the evening.

Switch to greyscale
If the above haven’t reduced your smartphone usage, try this. On your iPhone, go to settings > general > accessibility. Then under the ‘vision’ setting locate ‘greyscale’ and toggle on. This setting turns your entire phone to greyscale, and makes it look far less inviting. The app icons for social media platforms are designed to be bright, colourful and inviting. They’re designed to catch your attention and pull you in. Take away their power by making them look very boring indeed!

Have a higher purpose
Finally, and perhaps the most philosophical of all the ten ways to stop your smartphone ruining your life, is to have a higher purpose. Were you really put here, on this planet, to scroll apps, live on WhatsApp and respond to emails? Of course you weren’t! If you’re allowing yourself to get distracted easily, do you need to look further inside and find out what you’re trying so hard to avoid? Addiction and compulsion is one thing, but procrastination to avoid your work is another. Find a role doing work you get happily absorbed by, actively cultivate conversation with the person right in front of you, pick up a new sport or hobby, or just hang out with people who make you forget to check your phone.

Many of us do just fine without paper, thank you very much. It’s the 21st century, after all: letters, books, notepads and calendars have all been replaced by an array of more convenient screens.

But perhaps we shouldn’t be so quick in our collective haste to abandon the archaic medium.

As I’ve written about before, writing notes down by hand (as opposed to typing them out on a laptop) has been shown to improve comprehension and retention among college students.

And, according to new research, we also derive benefits from reading on paper that are lost when we transition to reading on a screen.

In a new study, researcher Anne Mangen of Stavanger University in Norway gave 50 participants the same 28-page piece of writing (a short story by Elizabeth George) to read, The Guardian reported. Half consumed the short story on a Kindle, while the others read the paperback version. Afterwards, the readers were tested on a range of variables, including plot, character, objects and settings.

Mangen told the Guardian that while she expected reading on a screen, instead of on paper, would cause participants to display different “emotional responses” to the story, that didn’t turn out to be the case.

Instead, e-readers and paper readers’ performances were very similar in all categories save for one: The Kindle readers performed “significantly worse” on plot reconstruction – i.e., correctly listing 14 events in chronological order –then the paperback readers.

Why? Mangen speculates that the act of physically turning the pages helped paperback readers orient themselves within the plot, and later recall the proper sequence of events. (“When you read on paper you can sense with your fingers a pile of pages on the left growing, and shrinking on the right,” she told the outlet).

The study’s sample size was admittedly small, but previous research suggests that Mangen is onto something. As Scientific American notes, our brains are hardwired to register individual letters as part of the physical landscape – when we read, we often root a text’s meaning to its structure. Have you ever taken a test and mentally “seen” the answer to a question in the textbook, down to its position on the page, for example? Or read a novel, and later remember that a major plot point took place at the top of the right-hand page towards the middle of the book?

It’s easier to do this – to use a text’s structure to recall its content – on paper, especially in a book where the geography is more distinct (there are right-hand and left-hand pages, and by flipping through them you can physically see as well as feel how close you are to both the start and end of the text).

In all likelihood, we still probably have a very limited understanding of how the device on which we read impacts how we process information. Luckily, Mangen is on it. According to the Guardian, she will soon chair a European research network dedicated to exploring the topic.

By Laura Entis for www.entrepreneur.com

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top