Research from KU Leuven highlights that embedded browsers in devices like smart TVs, e-readers, and gaming applications are often outdated and lack security updates, leaving users vulnerable to cyber threats. Many devices ship with browsers several years behind current versions, and some manufacturers do not provide necessary security patches, raising concerns about device security and regulatory compliance. The study emphasizes the need for regulations to enforce timely updates and security measures for embedded browsers.
Samsung appears to be disabling the ability to unlock bootloaders on more devices with the One UI 8 update, including international models, by removing the OEM Unlock toggle and adding a configuration line that locks the bootloader, which could restrict customization and rooting options for users.
Samsung urges Galaxy users to enable new anti-theft features introduced with One UI 7, including Theft Detection Lock, Offline Device Lock, Remote Lock, Identity Check, and Security Delay, to enhance security and protect data in case of theft or high-risk situations. These features are available on recent Galaxy models in the US, Canada, and the UK, with plans to expand to more devices.
Android 16 introduces a 'Secure Lock' feature that enhances the security of remotely locking a lost device by requiring both credentials and biometrics, potentially integrating with Google's Find Hub to better protect sensitive data when a device is lost.
Detroit police are facing challenges as iPhones in their custody are unexpectedly rebooting, complicating evidence extraction. The reboots, suspected to be linked to iOS 18, revert devices to a more secure state, making data access difficult. Despite being in airplane mode or Faraday boxes, the phones may be communicating and triggering reboots. This phenomenon is hindering forensic investigations, prompting warnings to isolate devices from iOS 18 influences. Apple has not commented on the issue.
The Find My Device network on Android, initially announced at Google I/O, is finally starting to roll out, offering a game-changing feature that leverages the collective strength of Android devices to help users locate lost items. The delay in the rollout was attributed to waiting on Apple to implement protections in iOS for trackers used with Android, reflecting a commitment to fostering a secure and standardized ecosystem. The latest beta version of Google Play Services introduces the "Find your offline devices" feature, providing users with enhanced tracking capabilities, including options to find devices without the network, with the network in high-traffic areas, and with the network all the time. This feature reflects Google's commitment to continuously enhancing the functionality and usability of its services, empowering users with greater control and peace of mind in managing their devices.
Researchers have discovered vulnerabilities in the fingerprint sensors of Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops, which could allow attackers to bypass Windows Hello authentication. The flaws were found in the fingerprint sensors from Goodix, Synaptics, and ELAN, all of which are "match on chip" (MoC) sensors. The vulnerabilities include sensor spoofing, cleartext transmission of security identifiers, and the lack of support for the Secure Device Connection Protocol (SDCP). To mitigate these attacks, it is recommended that OEMs enable SDCP and have the fingerprint sensor implementation audited by independent experts.
Samsung's One UI 6 update introduces the Auto Blocker feature, enhancing device security on Galaxy phones. Users can opt-in to additional security measures such as preventing app installations from unauthorized sources and detecting potential malware apps. Auto Blocker also includes Message Guard, which protects against Zero Click attacks in popular third-party messaging apps. Samsung aims to empower users to choose their own security preferences while enjoying the benefits of their open ecosystem.
