Two Android browsers vulnerable to exploit
We are aware of multiple companies we work with where users utilize the Dolphin web browser on Android phones. Zero-day flaws found in Dolphin and Mercury Android browsers could allow hackers to perform remote code execution. Both browsers are available on Android devices with over 100 million downloads between the two. The Dolphin remote code execution exploit allows a hacker to replace the browser’s theme package with an infected counterpart.
Sunrise Calendar for iOS and Android adds direct Office365 integration
OneDrive for Android Updated
OneDrive for Android has been updated to include support for Android wear, the operating system running on Google watches. The update so far ads only cosmetic functionality enabling OneDrive watch face on your Android Wear watch, so that each time you activate the watch, you’ll see one of your photos from the last 30 days.
It is expected in the future that Android wear devices will get more OneDrive functionality added, most likely the voice search feature available on Windows Phone.
Outlook for Mobile Updated
Microsoft is picking up the pace with changes to the newly christened Outlook Mobile. This most recent update adds greater functionality to the Agenda widget and includes general performance improvements. Unfortunately the underlying Calendar the agenda widget uses is still less featured and less user friendly than Microsoft’s Sunrise Calendar which remains our recommended Calendar app for Mobile.
Android Locker Trojan in the wild
Android package file
The Trojan may arrive as a package with the following characteristics:
Package name: Nero.lockphone
Version number: 1.0
When the Trojan is being installed, it requests permissions to perform the following actions:
- Access information about the Wi-Fi state.
- Change Wi-Fi state
- Start once the device has finished booting
- End background processes
- Access list of current or recently running tasks
- Prevent processor from sleeping or screen from dimming
- Send SMS messages
Once installed, the application will display an icon with a picture of a red-haired boy on a bicycle.
When the Trojan is executed, it creates a service with the following name:
Next, the Trojan locks the screen to block the user from accessing the compromised device.
Outlook Mobile update released: People / Contacts integration
Outlook Mobile (Formerly Acompli) is in use at most of our clients as their mail client to access on premises Exchange servers as well as Office 365. While the program has remained mostly unchanged from Acompli since the purchase by Microsoft today’s update is a major shift. Previously your full contact information was not available from within Outlook. When using People it would only provide you with a contacts email address. Now you have full access to all of the information in your Exchange contacts including notes.
This update will enable users to stop using the Android contacts application and brings the Outlook mobile client very close to being as full featured as a desktop mail client.
OneDrive for Android updated
Personal Mobile Devices with access to corporate networks should be secured
Your employees phone and or tablet more than likely has access to their corporate email account. In many cases they have access to corporate documents in the cloud or via VPN.
The simple act of enabling a password or PIN number on a phone can save you a tremendous amount of hassle. This is the simplest front line of defense. While people don’t deliberately forget their phone in a public restroom, gym, or restaurant, we all know it happens. So, make sure you have the appropriate device lock in place, either a pin code, or screen pattern lock. If you have a pattern lock (this is where you join the dots to unlock your phone) make sure you wipe the screen to avoid leaving smudges that can reveal your pattern. (We actually recommend not using a pattern lock for this reason).
On iOs (Varies slightly by version) Click on Settings, General and Passcode Lock (you may have to scroll down a bit). This will bring you to the Passcode Lock menu, although if you already have a PIN or password set, you’ll have to input it first.
Turn Passcode On is the first and most tempting option here, but don’t click on it yet. First, you have to make a decision: Do you want a four-digit PIN, or a more complex alphanumeric password? If four digits suit you fine, ensure that Simple Password is turned on. If not, leave it off.
Although a PIN has fewer characters than a password, it’s generally just as hard for a casual thief to guess.
While a four-digit PIN has only 10,000 possible combinations, a long alphanumeric password of 10 or more digits that includes upper- and lowercase letters, numbers and punctuation marks will have trillions.
Android can be a bit more complex as there are an almost endless variety of devices with vendor specific “skins” and security settings. Generally however you will find a setting called Lock Screen under settings.
Important to note with Android; there are many lock screen replacements available and many include their own lock methods. There are programs that run and many can be circumvented more easily than the operating systems locks and their locks should be avoided.
Outlook for iOS and Android updated
Outlook implements password enforcement using Exchange ActiveSync. If your company email policy requires that devices have a password in order to sync mail, Outlook will enforce this at the device level.
On iOS devices, Outlook will check to make sure a passcode is properly set. In the event a passcode is not set, it will prompt users to set one up in iOS settings.
On Android devices, Outlook will enforce screen lock rules. Further, Google provides controls that allow Outlook to honor additional Office 365 and Exchange policies regarding password length and complexity requirements and the number of allowable screen-unlock attempts before wiping the phone. It will also encourage storage encryption if it is not enabled.
Devices that do not support these security settings will not be able to connect to an account.
In addition to this security enhancement several new features have been added:
Outlook for iOS: You can now disable the app’s default Conversation view, which groups all messages from the same thread together.
Outlook for Android: You can now customize what happens when you swipe left or right on an email message or other item. To customize these gestures, visit Settings, Swipe Options.
Outlook released for iOS and Android
We have been recommending Accompli as an email/contacts/cal solution on iOs and Android for some time now. While not perfect they gave business users a closer approximation of the experience most of our clients have with Microsoft Outlook.
It turns out we were not the only ones to see the similarities as Microsoft has purchased the company that produced Accompli and released a re-branded version named unsurprisingly Outlook.
While this version is virtually if not identical to Accompli it is a separate build and you will want to be using this version as it will be the one receiving new features moving forward. Outlook can downloaded from the links below: