Risky Bulletin: Android Looks Set to Get Its Own Lockdown Mode

Podcast Information:

• Title: Risky Bulletin
• Host/Author: risky.biz
• Description: Regular cybersecurity news updates from the Risky Business team...
• Episode: Risky Bulletin: Android looks set to get its own Lockdown Mode
• Release Date: April 4, 2025

Introduction

In the April 4, 2025 episode of Risky Bulletin, host Claire Aird delves into a spectrum of pressing cybersecurity developments. From enhancements in mobile security to significant breaches and legislative changes globally, this episode provides a comprehensive overview of the current threat landscape and the measures being taken to mitigate risks.

Android Advanced Protection Mode

One of the standout topics is Google's initiative to bolster Android security by introducing the Android Advanced Protection Mode.

Claire Aird [00:04]: "Google is working on an extra secure mode for Android that will mimic Apple's lockdown mode."

This new mode aims to disable 2G connections, block app sideloading, and reinforce the operating system against memory corruption attacks. Notably, devices will automatically reboot if locked for over three days, enhancing security against unauthorized access. Google plans to unveil this feature at its annual developer conference, with an anticipated rollout alongside Android 16 later in the year.

UK Government's Cybersecurity Bill

The UK is set to expand its definition of critical infrastructure under a forthcoming cybersecurity bill.

Claire Aird [02:15]: "The bill will increase the cybersecurity compliance requirements for critical sectors and organisations that support them."

This expansion includes more data centres and managed service providers. Companies failing to adhere could face hefty fines of up to £100,000 per day, underscoring the government's commitment to strengthening national cybersecurity defenses.

China's Overhaul of Cybersecurity and Privacy Laws

China is intensifying its regulatory framework around cybersecurity and privacy.

Claire Aird [05:30]: "Fines will increase for organisations that fail to report security breaches, collect personal data without consent, and sell products that don't meet security standards."

The Cyberspace Administration of China is revising privacy laws to include stringent rules on app design, the use of SDKs, and data handling practices. While fines are escalating, there are provisions for reductions in cases of first-time violations, minor breaches, or prompt remedial actions.

Greece's Intelligence Agency Hiring

In response to evolving cyber threats, Greece's intelligence service is expanding its cybersecurity workforce.

Claire Aird [08:45]: "The agency has a controversial public image in Greece because of the 2022 Predator gate surveillance scandal."

Plans are in place to hire 30 new agents this year, bringing the total to 300 roles by 2025. This expansion aims to enhance Greece's cyber defense capabilities, especially after past controversies involving the misuse of surveillance tools against journalists and political figures.

Civic Platform Hack in Poland

Poland's pro-EU ruling party, Civic Platform, has fallen victim to a significant cyberattack.

Claire Aird [12:10]: "Polish Prime Minister Donald Tusk described the attack as having an eastern footprint and called it election interference."

With the presidential election looming next month, the breach raises concerns about potential foreign interference and the integrity of the electoral process.

Avanti Security Updates

Avanti has proactively released security patches addressing an actively exploited zero-day vulnerability in its enterprise gateways.

Claire Aird [15:25]: "The patch fixes a buffer overflow that attackers were exploiting for pre-auth remote code execution."

Attribution points to a Chinese APT group known for targeting Ivanti products, highlighting the ongoing threat from state-sponsored actors.

Royal Mail Data Breach

A massive data leak has compromised 144 gigabytes of the UK's Royal Mail data.

Claire Aird [18:40]: "The leak allegedly contains customers' personal information, zoom recordings, mailing lists, and delivery locations."

Originating from Spectos, a German postal and logistics software provider, Royal Mail has confirmed the breach, raising alarms about customer privacy and data security.

T-Mobile's Sync Up Glitch

T-Mobile experienced a significant glitch in its Sync Up tracking service.

Claire Aird [21:55]: "One parent reported being able to see the location of eight random children, but not her own."

This incident, stemming from a planned technology update, exposed vulnerabilities in location-based services, although T-Mobile has since resolved the issue.

Crypto Platform UPCX Hack

A substantial cyber heist has shaken the cryptocurrency payment platform UPCX.

Claire Aird [25:15]: "A hacker has stolen more than $70 million in crypto assets from cryptocurrency payment platform UPCX."

Despite suspending operations to investigate, UPCX assures users that all funds remain secure. This episode marks the year's second-largest crypto theft, trailing only behind Bybit's $1.5 billion incident.

Microsoft's New Windows 11 Feature

Microsoft introduces a novel feature for Windows 11 aimed at streamlining security updates.

Claire Aird [28:30]: "The new hot patch feature will mean customers only have to reboot once per quarter."

Designed exclusively for enterprise users, this feature minimizes downtime by applying security updates without requiring immediate restarts.

Apple's Automatic Updates for macOS and iOS

Apple has activated automatic updates for its macOS and iOS users.

Claire Aird [31:50]: "The move may surprise some sysadmins who want to control when updates are applied to their whole fleet."

This shift ensures that devices receive the latest security patches promptly, albeit at the expense of centralized update management preferred by system administrators.

Draytek Router Vulnerability Exploitation

Taiwanese firm Draytek reports recent security issues with its routers.

Claire Aird [35:05]: "Only routers that ran outdated firmware were affected."

The disconnects and reboot loops were traced back to exploiting a vulnerability patched in 2020, emphasizing the critical need for regular firmware updates.

Ngrok Blocks Russian Users

In response to escalating cyber threats, Ngrok has ceased services for Russian users.

Claire Aird [38:20]: "Ngrok joins a growing list of Western companies blocking Russian users."

This decision aligns with US sanctions and aims to curb the abuse of the tunneling service by Russian cybercrime groups seeking to obfuscate their activities.

Conclusion

The April 4th episode of Risky Bulletin underscores a dynamic and challenging cybersecurity environment. From proactive measures like Google's Advanced Protection Mode for Android to the persistent threats posed by state-sponsored attacks and cybercriminals, the landscape requires continuous vigilance and adaptive strategies. Legislative changes across the UK and China further highlight the global emphasis on strengthening cybersecurity frameworks. As organizations and governments navigate these complexities, staying informed through updates like those provided by Risky Bulletin remains essential.

This summary encapsulates the key discussions and insights from the "Risky Bulletin: Android looks set to get its own Lockdown Mode" episode, providing a comprehensive overview for listeners and non-listeners alike.