Blackberry Android QNX Hypervisor and More

QNX_Hypervisor_BB10_Android

To say that BlackBerry is testing various implementations of Android on reference hardware, testing ARM, Exynos, Qualcomm and other SOC pairings to see how best to deliver their future hardware solutions, is not out of the realm of possibility. We’ve already seen BlackBerry (Secusmart) hardware and the Secusuite software portfolio ported to Android-based Samsung tablets with an IBM secure app container. To further tout the power of BES12, BlackBerry will likely make an incremental move and release Android-based devices.

However, if the implementation were to come by way of the QNX Hypervisor, which is a Type 1 hypervisor, it would function dissimilar to the Dalvik which is basically just an application running on BlackBerry 10 (Android Player). The hypervisor would allow a seamless and secure switch between the two environments, BlackBerry 10 and Android, and would, from a code perspective, be the closest to true compatibility and optimal performance.

Source: The Future of Android on BlackBerry

Malware Is Still Spying On Android After Your Mobile Is Off

As posted on the AVG blog, a new piece of Android Malware has been found.

After pressing the power button, you will see the real shutdown animation, and the phone appears off. Although the screen is black, it is still on.

While the phone is in this state, the malware can make outgoing calls, take pictures and perform many other tasks without notifying the user.

How does this happen?

First, we have to analyze in detail, the shutting down process.

On Android devices, when the power off button is pressed it will invoke the interceptKeyBeforeQueueingfunction of the class interceptKeyBeforeQueueing.interceptKeyBeforeQueueing will check if the power off button is pressed and go to certain process.

Malware Is Still Spying On You After Your Mobile Is Off.

The New QNX Hypervisor, Read more!

Blackberry QNX Hypervisor

Efficiency Through Software: New QNX Hypervisor Enables Cost-Effective, Consolidated Embedded Systems

Hypervisor Reduces System Costs of Medical, Industrial, and Automotive Devices by Enabling Critical and Non-Critical Applications to Run on a Single Hardware Platform

OTTAWA, ONTARIO–(Marketwired – Feb. 18, 2015) – QNX Software Systems, a subsidiary of BlackBerry Limited, today announced the QNX® Hypervisor 1.0, a realtime Type 1 hypervisor for medical devices, industrial automation systems, and automotive applications such as car infotainment systems, advanced driver assistance systems (ADAS), and digital instrument clusters. By using the QNX Hypervisor, embedded system developers can consolidate multiple operating systems onto a single compute platform or system-on-chip (SoC), thereby reducing the cost, size, weight, and power consumption of their products.

The QNX Hypervisor simplifies the certification process for safety-critical systems by allowing developers to keep safety-related and non-safety-related software components fully isolated from each other. Safety-related components can run on one OS while non-safety components run on another OS, which the hypervisor hosts in a separate virtual machine. This technique complements the advanced isolation mechanisms of the QNX Neutrino® OS, which prevent software components from corrupting or consuming system resources needed by other components or by the OS itself.

The QNX Hypervisor employs patent-pending technology to reduce development time for consolidated systems. With this technology, multiple operating systems can use a single display controller to render graphical content on two or more displays, such as an automotive digital instrument cluster and infotainment touchscreen. The QNX Hypervisor can also simplify the sharing of other resources, including network connections, file systems, and input/output devices such as the I2C serial bus. Developers are spared the effort of writing custom shared-device drivers that increase testing and certification costs and that typically exhibit lower performance than vendor-supplied device drivers.

The QNX Hypervisor also helps companies preserve their software investments by minimizing the work required to port software from legacy systems to new hardware platforms.

QNX Software Systems’ business is deeply focused on markets that, according to recent data from VDC Research, will significantly increase adoption of hypervisors and other virtualization techniques over the next three years. These markets include automotive, medical, industrial automation, and rail and transport.

“More and more engineering organizations are consolidating previously discrete systems, requiring the adoption of new software solutions. By leveraging a hypervisor, system designers can separate safety functions from non-safety functions, saving on hardware costs and potentially streamlining the certification process,” said Christopher Rommel, executive vice president, VDC Research. “QNX Software Systems has a proven history in mission-critical embedded systems and, with the release of the QNX Hypervisor, it is providing yet another option for its customers to optimize their next-generation designs.”

The QNX Hypervisor supports the QNX Neutrino OS and other operating systems, including Linux and Android. The QNX Hypervisor complies with standards such as IEC 61508 for industrial safety, ISO 26262 for automotive safety, and IEC 62304 for medical device software.

Designed for fast, predictable performance, the QNX Hypervisor supports time-critical applications for automotive, medical, and industrial devices, including, for example, backup cameras that require extremely short boot times.

“With the release of the QNX Hypervisor, QNX Software Systems offers the core components for building consolidated, safety-certified, realtime solutions. These include microkernel OS architecture, adaptive partitioning technology, certified OS products, and now, a virtualization solution for isolating multiple operating systems on a single platform,” said Grant Courville, director of product management, QNX Software Systems. “The unique capabilities of our hypervisor solution reflect our commitment to reducing development efforts and enabling customers to place a greater focus on product differentiation and time-to-market.”

Availability

Select customers will begin evaluating the QNX Hypervisor 1.0 in April 2015. It is scheduled for general release in Q3 2015.

via Efficiency Through Software: New QNX Hypervisor Enables Cost-Effective, Consolidated Embedded Systems.

Remotely install and launch Android apps from the Play Store Vulnerability

Lucky for me… i am using a Blackberry Passport! 

Vulnerability Summary

Android Metasploit

Due to a lack of complete coverage for X-Frame-Options (XFO) support on Google’s Play Store web application domain, a malicious user can leverage either a Cross-Site Scripting (XSS) vulnerability in a particular area of the Google Play Store web application, or a Universal XSS (UXSS) targeting affected browsers, to remotely install and launch the main intent of an arbitrary Play Store provided Android package (APK).

 

Affected Platforms

Many versions of Android 4.3 (Jelly Bean) and earlier ship with browsers with UXSS exposures, as discussed in this Rapid7 blog post. Users of these platforms may also have installed vulnerable aftermarket browsers, as discussed in this TrendLabs blog post. Of the vulnerable population, it is expected that many users are habitually signed into Google services, such as Gmail or YouTube. These mobile platforms are the the ones most at risk. Other browsers may also be affected.

 

Simplified Demonstration of the XFO Gap

The following Javascript is sufficient to elicit a response from the play.google.com domain without an appropriate XFO header:

via Metasploit: R7-2015-02: Google Play Store X-Fra… | SecurityStreet.

Snap v3 Beta ready for download!

Android apps on your Blackberry 10 Device? yes u can with the new and improved SNAP V3. Still in Beta but worth a Try

What has changed prior to V2

Snap V3

Snap v3 Beta 1 (2.9.9.0)

  • Complete rewrite of Snap v2
  • New user interface inspired by the latest version of Google Play Store
  • Browse more app categories and view suggested apps
  • Read app reviews
  • Search Snap via BB10 extended search
  • Pause and resume downloads
  • View screenshots full screen
  • Download of additional files (such as .obb)
  • Remove apps from “My Apps”

Snap v3 Beta – Red Light Of Love, Ltd..