Endpoint

10/10/2017
09:00 AM
Dawn Kawamoto
Dawn Kawamoto
Slideshows
50%
50%

Key New Security Features in Android Oreo

Android 8.0 Oreo marks a major revamp of Google's mobile operating system, putting in a number of new security-hardening measures.
Previous
1 of 8
Next

Image Source: Maria Babak via Shutterstock

Image Source: Maria Babak via Shutterstock

Google is serving up a number of new security features in it new Android 8.0 Oreo - one of which is expected to put it on par with Apple's iOS when it comes to delivering software updates, say security researchers.

Android devices, which are notorious for falling behind on operating system (OS) updates and patches, should have a speedier path to the latest version of the OS under Oreo's so-called Project Treble feature.

"Enterprises will be able to maintain a more up to date fleet of devices that are patched against vulnerabilities that can lead to the loss of data," says Andrew Blaich, security researcher at Lookout.

The downside, however, is that existing devices that are not capable of supporting Android's Project Treble are likely to be left behind. As a result, Blaich adds, enterprises that fall into that camp will need to shell out more money on newer devices to take advantage of the new security features.

Oreo, which launched in August, is available on Google's Pixel and Nexus mobile devices. It will be rolled out in phases by the end of the year to other Android device manufacturers such as, Samsung, Motorola, LG, HTC, and others, according to Google's developers blog.

Most phone vendors are actively porting the Project Treble abstraction layer over to their platforms, says Brian Chappell, senior director of enterprise and solutions architecture for BeyondTrust.

Even so, not all older Android devices updated with Oreo will also have Project Treble support, Blaich cautions.

Here are seven of the hottest new security features in Android Oreo, including Project Treble: 

 

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mr Phen375
50%
50%
Mr Phen375,
User Rank: Apprentice
10/17/2017 | 4:04:47 AM
Do They Work
I doubt if these security features work.
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12242
PUBLISHED: 2018-09-19
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network.
CVE-2018-12243
PUBLISHED: 2018-09-19
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths i...
CVE-2018-14792
PUBLISHED: 2018-09-19
WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files.
CVE-2018-16607
PUBLISHED: 2018-09-19
Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field.
CVE-2018-16785
PUBLISHED: 2018-09-19
XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell