CyberSecurityBoard
Sponsor Register Login

Google adds Android auto-reboot to block forensic data extractions

To solve this, GrapheneOS for Android devices introduced an auto-reboot mechanism that restarted the system after 18 hours of inactivity, bringing the device back into the "Before First Unlock" (BFU) state. When an Android phone is first started, it enters a Before First Unlock (BFU) state, where most user data remains encrypted and inaccessible until the device is unlocked for the first time. Google is rolling out a new security mechanism on Android devices that will automatically reboot locked, unused devices after three consecutive days of inactivity, restoring memory to an encrypted state. Although the tech giant has not commented on the exact motives behind the addition of this feature, it is expected to make data extraction by advanced forensic tools harder by bringing devices into a non-exploitable state more often. Once the user unlocks it with their PIN or biometrics, the device enters the After First Unlock (AFU) state, which decrypts the user's data, making it accessible for data extraction or surveillance. Devices seized or stolen are typically already in the AFU state, so even if the screen is locked, forensic tools can extract at least some user data from them. Important security updates for Android devices are also made available through Settings > Security & privacy > System & updates > Google Play system update. In January 2024, the developers behind the privacy-centric GrapheneOS warned of firmware flaws in Android that digital forensic companies are leveraging to extract data without the user's authorization. Amnesty International uncovered earlier this year that Cellebrite tools leveraged USB kernel driver flaws in Android to unlock locked devices that had been confiscated. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. To further strengthen physical security, it is recommended to turn off USB data transfer when the device is locked.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 15 Apr 2025 13:55:19 +0000


Cyber News related to Google adds Android auto-reboot to block forensic data extractions

How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
6 months ago Aws.amazon.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
10 months ago Securityaffairs.com
Google adds Android auto-reboot to block forensic data extractions - To solve this, GrapheneOS for Android devices introduced an auto-reboot mechanism that restarted the system after 18 hours of inactivity, bringing the device back into the "Before First Unlock" (BFU) state. When an Android phone is first ...
8 hours ago Bleepingcomputer.com
CVE-2025-21631 - In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() Our syzkaller report a following UAF for v6.6: BUG: KASAN: slab-use-after-free in bfq_init_rq+0x175d/0x17a0 ...
2 months ago Tenable.com
What Is Android System WebView and Should You Uninstall It? | Definition from TechTarget - Android developers use WebView when they want to display webpages or Hypertext Markup Language content in a Google app or other application. Android System WebView is a system component for the Android operating system (OS) that enables Android apps ...
6 months ago Techtarget.com
Android 15, Google Play get new anti-malware and anti-fraud features - Today, Google announced new security features coming to Android 15 and Google Play that will help block scams, fraud, and malware apps on users' devices. Announced at Google I/O 2024, the new features are designed not only to help end users but also ...
11 months ago Bleepingcomputer.com
Google Cloud Next 2024: New Data Center Chip Joins Ecosystem - Google Cloud announced a new enterprise subscription for Chrome and a bevy of generative AI add-ons for Google Workspace during the Cloud Next '24 conference, held in Las Vegas from April 9 - 11. Overall, Google Cloud is putting its Gemini generative ...
1 year ago Techrepublic.com
Ahead of Regulatory Wave: Google's Pivotal Announcement for EU Users - Users in the European Union will be able to prevent Google services from sharing their data across different services if they do not wish to share their data. Google and five other large technology companies must comply with the EU's Digital Markets ...
1 year ago Cysecurity.news
AutoSpill attack steals credentials from Android password managers - Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation. In a presentation at the Black Hat Europe security conference, researchers from the International ...
1 year ago Bleepingcomputer.com
CVE-2021-47275 - In the Linux kernel, the following vulnerability has been resolved: ...
10 months ago
$25M gone in 12 seconds! Brothers accused of Ethereum heist The Register - These transactions are grouped onto blocks that are chained together, hence the name. As the name suggests, validator bots attest that proposed blocks of Ethereum transactions are valid and send those blocks to a committee of fellow validators to ...
10 months ago Go.theregister.com
Google promises a rescue patch for Android 14's "ransomware" bug - So Android 14 has this pretty horrible storage bug for upgrading users. Bugs are always going to happen, but the big problem with this is that Google has seemingly been ignoring it, and on Friday we wrote about how users have been piling up hundreds ...
1 year ago Arstechnica.com
Bitwarden's new auto-fill option adds phishing resistance - The Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the risk of user credentials being stolen through malicious form fields. The issue was highlighted nearly a year ago when Flashpoint ...
1 year ago Bleepingcomputer.com LockBit
GrapheneOS: Frequent Android auto-reboots block firmware exploits - The GrapheneOS team behind the privacy and security-focused Android-based operating system with the same name is suggesting that Android should introduce an auto-reboot feature to make exploitation of firmware flaws more difficult. The project ...
1 year ago Bleepingcomputer.com
Google Fi User Data Breached Through T-Mobile Hack - According to Google Fi's email sent to its customers on Monday, a limited amount of their customer data was exposed in T-Mobile's breach after suspicious activity was noted in a system that contained Google Fi's customer data. Google Fi, Google's ...
2 years ago Hackread.com
Google Silently Tracks Android Device Even No Apps Opened by User - The research examined cookies, identifiers, and other data stored on Android handsets by Google Play Services, the Google Play Store, and other pre-installed Google apps. When a user searches within the Google Play Store, “sponsored” ...
1 month ago Cybersecuritynews.com
CVE-2024-35807 - In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize We observed a corruption during on-line resize of a file system that is larger than 16 TiB with 4k block size. With having more then 2^32 ...
10 months ago Tenable.com
The Limitations of Google Play Integrity API - This overview outlines the history and use of Google Play Integrity API and highlights some limitations. We also compare and contrast Google Play Integrity API with the comprehensive mobile security offered by Approov. Google provides app attestation ...
1 year ago Securityboulevard.com
CVE-2024-53170 - In the Linux kernel, the following vulnerability has been resolved: block: fix uaf for flush rq while iterating tags blk_mq_clear_flush_rq_mapping() is not called during scsi probe, by checking blk_queue_init_done(). However, QUEUE_FLAG_INIT_DONE is ...
3 months ago Tenable.com
Researchers Claim Design Flaw in Google Workspace Puts Organizations at Risk - Google is disputing a security vendor's report this week about an apparent design weakness in Google Workspace that puts users at risk of data theft and other potential security issues. According to Hunters Security, a flaw in Google Workspace's ...
1 year ago Darkreading.com Hunters
Versions 14 and 13 of Android are Vulnerable to New Lock Screen Bypass Exploits - Using Android 14 and 13 smartphones, a newly discovered bug allowing the user to bypass the lock screen can compromise sensitive information from Google accounts stored in users' Google accounts, according to security researcher Jose Rodriguez. It ...
1 year ago Cysecurity.news
Denmark orders schools to stop sending student data to Google - The Danish data protection authority has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools. The matter was brought to the agency's attention ...
1 year ago Bleepingcomputer.com
BadBox malware disrupted on 500K infected Android devices - The BadBox Android malware botnet has been disrupted again by removing 24 malicious apps from Google Play and sinkholing communications for half a million infected devices. HUMAN says it also discovered 24 Android apps in the official app store, ...
1 month ago Bleepingcomputer.com
CVE-2024-47706 - In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible UAF for bfqq->bic with merge chain 1) initial state, three tasks: Process 1 Process 2 Process 3 (BIC1) (BIC2) (BIC3) | ? | ? | ? | | | | | | V | V | V | ...
5 months ago Tenable.com
Google Chrome's new "IP Protection" will hide users' IP addresses - Google is getting ready to test a new "IP Protection" feature for the Chrome browser that enhances users' privacy by masking their IP addresses using proxy servers. Recognizing the potential misuse of IP addresses for covert tracking, Google seeks to ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)