Security and your right to repair – Scams offer fake COVID-19 vaccines and ask for Bitcoin – Jail time for a disgruntled IT contractor
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Security and your right to repair – Scams offer fake COVID-19 vaccines and ask for Bitcoin – Jail time for a disgruntled IT contractor
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
When the Pixel 3 launched in 2018, it had a new tamper-resistant hardware enclave called Titan M. In addition to being a root-of-trust for Pixel software and firmware, it also enabled tamper-resistant key storage for Android Apps using StrongBox. StrongBox is an implementation of the Keymaster HAL that resides in a hardware security module. It is an important security enhancement for Android devices and paved the way for us to consider features that were previously not possible.
StrongBox and tamper-resistant hardware are becoming important requirements for emerging user features, including:
All these features need to run on tamper-resistant hardware to protect the integrity of the application executables and a user’s data, keys, wallet, and more. Most modern phones now include discrete tamper-resistant hardware called a Secure Element (SE). We believe this SE offers the best path for introducing these new consumer use cases in Android.
In order to accelerate adoption of these new Android use cases, we are announcing the formation of the Android Ready SE Alliance. SE vendors are joining hands with Google to create a set of open-source, validated, and ready-to-use SE Applets. Today, we are launching the General Availability (GA) version of StrongBox for SE. This applet is qualified and ready for use by our OEM partners. It is currently available from Giesecke+Devrient, Kigen, NXP, STMicroelectronics, and Thales.
It is important to note that these features are not just for phones and tablets. StrongBox is also applicable to WearOS, Android Auto Embedded, and Android TV.
Using Android Ready SE in a device requires the OEM to:
We are working with our ecosystem to prioritize and deliver the following Applets in conjunction with corresponding Android feature releases:
We already have several Android OEMs adopting Android Ready SE for their devices. We look forward to working with our OEM partners to bring these next generation features for our users.
Please visit our Android Security and Privacy developer site for more info.
Money doesn’t buy you happiness – cryptocurrency doesn’t buy you a genuine COVID-19 vaccine
The post Warning issued over scams touting fake COVID‑19 vaccines, asking for Bitcoin appeared first on WeLiveSecurity
The company was left to deal with three months’ worth of IT problems
The post Vengeful IT worker gets jail time for deleting company’s Microsoft user accounts appeared first on WeLiveSecurity
Nearly half of reported cybercrime losses in 2020 were the result of BEC fraud, according to an FBI report
The post Almost $2 billion lost to BEC scams in 2020 appeared first on WeLiveSecurity
How do you balance the right to repair with the requirement to remain secure?
The post When repairing things you own may make you an outlaw appeared first on WeLiveSecurity
Why do many organizations have a hard time keeping up with the evolving threat landscape and effectively managing their cyber-risks?
The post 5 reasons why (not only) financial companies struggle with cybersecurity appeared first on WeLiveSecurity
A banking trojan masquerades as Clubhouse for Android – The implications of the Verkada breach – A zero-day patched in Chrome
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Follow these easy steps to prevent your Twitter account from being hacked and to remain safe while tweeting
The post 7 steps to staying safe and secure on Twitter appeared first on WeLiveSecurity
When a breach captures a part of us that is unchangeable, does it mean that we have allowed technology to pry too deeply into our lives?
The post Trust your surveillance? Why hacked cameras are very bad appeared first on WeLiveSecurity