Critical Google Messages Security Update For 1 Billion Users Confirmed
Google Messages is about to get a lot safer with Key Verifier feature.
Although Android 16 has now launched, at least for some device users, and brought with it long-overdue and highly welcome new security protections, users of Google Messages will need to wait a little longer for one critical update. Don't worry, this Google Messages update is coming to an Android device near you very soon indeed, and it really is an anti-scam security game-changer. Here's everything you need to know about the new key verifier feature.
Although there's no doubt that Android 16 is a step up in security terms, particularly when it comes to anti-scam protections such as preventing the user from disabling Google Play Protect, sideloading an app or changing app accessibility permission during a call, there is still more work to be done. The good news is not only that Google knows this, but it is acting upon it. I don't use the term critical lightly, when it comes to cybersecurity that would be a poor show indeed, but if ever a new security function deserved the epithet, then Key Verifier for Google Messages is it.
Dave Kleidermacher, the vice president of engineering with Google's Android security and privacy team, described the key verifier for Google Messages as providing 'an extra layer of assurance that the person on the other end is genuine' when in conversation with someone.
The technical explanation is that the key verifier function is a tool that validates the identity of the person you are in conversation with when using Google Messages by way of public encryption keys that protect the end-to-end messaging. It verifies the contact keys in your Google Contacts, either by you scanning a QR code (yes, I know, but anti-scam protections can also use tools that are abused by scammers) or straightforward number comparison.
The non-technical explanation, as Kleidermacher explained, is that it provides a visual way to easily and efficiently confirm that these secret encryption keys match. 'If an attacker gains access to a friend's phone number and uses it on another device to send you a message,' Kleidermacher said, 'their contact's verification status will be marked as no longer verified in the Google Contacts app, suggesting your friend's account may be compromised or has been changed.'
Is it perfect? No. Can it provide a 100% guarantee that you are not being scammed? No. Is it a critical weapon in the fight against scammers? Heck yes. Anti-scam protection revolves around a central hub of trust, and the Google Messages key verifier will add confidence to your communications that you are in conversation with the person you think you are, and not a scammer.
'Key Verifier will launch later this summer in Google Messages on Android 10+ devices,' Kleidermacher confirmed. Not long to wait, but in the meantime, continue to be careful out there and stay alert to the phishing threat.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
an hour ago
- Yahoo
Elon Musk biographer says major Tesla merger could be imminent: 'I think it's going to happen'
Could Tesla eventually merge with another of Elon Musk's companies, xAI? A prominent insider thinks such a move is increasingly likely. Walter Isaacson, the prominent Musk biographer who has received unprecedented access to Tesla's CEO, recently said he expects the two companies to eventually merge, Not a Tesla App reported. During a CNBC interview, Isaacson said combining Tesla and xAI would ultimately better serve each company's mission. "I think it's going to happen," Isaacson said, per "Because Musk, even in my book when he's starting xAI, [was] talking about [how] these chatbots are fine, but what you need is real-world AI. You need to be able to not only take all the texts and tweets that have ever been written, but all the videos from Teslas and all the Optimus robot [is] seeing and hearing." Tesla was a pioneer in electric vehicles and still has the top-selling vehicles in the space — although its sales numbers have dipped this year. But Musk has repeatedly said that the future of the company is tied in more than just cars, including "vast numbers of autonomous humanoid robots." That makes xAI seem like a natural partner for Tesla. It is behind the artificial intelligence assistant Grok, which will reportedly power Tesla's upcoming smart assistant. Musk has also said he expects Grok to be incorporated into Tesla's Optimus humanoid robots, with hopes of sending them to Mars in the near future. In May, Musk said in a CNBC interview, per Business Insider, that "there are no plans" to merge the companies, but that "it's not out of the question." Tesla's sales may have had a bumpy start to the year, but there's no denying the role it has played in bringing millions of cleaner cars onto roads around the world. Studies have shown that driving an EV can reduce carbon pollution by two-thirds compared to gas-powered cars. EVs can be even greener when paired with a renewable energy source for charging, such as solar. In addition, if you have solar panels, that energy is considerably cheaper than relying on the grid or public charging stations. EnergySage allows homeowners to save thousands on solar-panel installation costs by comparing quotes from local, vetted installers. And if the upfront costs of solar are too daunting, Palmetto's LightReach program allows people to lease solar panels, providing locked-in, low energy rates, and a lower carbon footprint, with no down payment. Do you think electric vehicles are efficient enough to replace gas cars? Totally Definitely not They're almost there They need a lot more work Click your choice to see results and speak your mind. Join our free newsletter for good news and useful tips, and don't miss this cool list of easy ways to help yourself while helping the planet.
Forbes
an hour ago
- Forbes
What Investors Should Know As Meta Gets (Back) Into Crypto
Meta (formerly Facebook) is getting back into crypto Markets and investment trends tend to move in cycles, and the cryptoasset sector is no exception to this rule of the marketplace. As TradFi institutions continue to deploy blockchain affiliated projects, including the launch of a stablecoin by SocGen running on the Ethereum blockchain, the adoption and acceleration of cryptoassets continues virtually unabated. Even as the sentiment toward crypto improves, prices of bitcoin and other cryptocurrencies increase, and the policy landscape pivots toward a pro-growth outlook there remain significant obstacles to mainstream utilization. For example, the tax treatment of crypto is an inhibitor to retail utilization of crypto as a method of payment, and the lack of insurance available for crypto and crypto-adjacent products can make it difficult for institutions to allocate substantial funds to cryptoassets. Against this landscape, exemplified both the increasing adoption and understanding of cryptoassets and applications with the continued limitations to institutional usage, one company stands apart for several reasons. Meta (formerly Facebook) recently has been questioned by Senators Warren and Blumenthal related to its support for the GENIUS Act, and specifically whether or not the firm would block a prohibition on Big Tech firms from owning stablecoin issuers. The specifics of the questioning by the senators will most assuredly change over time, but the letter that has been made publicly available detail that the senators desire specifics as to what the stablecoin plans for Meta are. Let's take a look at why this letter and these questions are important, not only for Meta, but for the cryptoasset marketplace at large. Meta, then operating as Facebook, already attempted to launch of a native stablecoin in 2019 via the Libra project which was subsequently rebranded as Diem. This previous effort occurred during an entirely different economic and policy landscape, and occurred as the organization was still contending with intense scrutiny following the 2016 U.S. Presidential election. Issues that were raised at the time dealt with the potential of a stablecoin issued by Facebook serving to weaken competition, compromise user privacy, and lead to continued fractionalization of which entity or organization sets policy for U.S. monetary and fiscal policy. While the cryptoasset landscape and policy outlook for crypto projects has definitively shifted to a more permissive stance the very same issues that were raised during 2019 loom large as Meta returns to the stablecoin marketplace. Specifically, the letter from the Senators cited the track record of privacy violations, scams, and fake news that continue to occur on the platform as risks that a native stablecoin could amplify. Even as stablecoins increasingly become more mainstream, and are approaching a market capitalization nearing $300 billion, Meta might find many of the same issues that stymied earlier efforts being dragged back to the surface. Since Meta is one of the few returning players to the stablecoin space this provides an opportunity for crypto native stablecoins such as Circle, which continues to ride high following its IPO in June. As Meta edges closer to launching its own stablecoin, the spotlight on Big Tech's role in digital money is about to get a lot brighter, especially as these same tech firms continue to invest billions in AI initiatives. For crypto-native firms like Circle, that's not a threat - it's an opportunity. Meta's sheer size and complicated history with data privacy all but guarantee it will draw intense regulatory scrutiny. And that scrutiny will set a new bar for how stablecoins are viewed and governed both in the U.S. and abroad. That's where Circle can shine. Unlike tech giants pivoting into payments, Circle was built in crypto — with regulatory engagement and transparency as core pillars. While Meta faces inevitable trust questions and regulatory hurdles, Circle can double down on its position as the safer, more compliant alternative. In the coming months, expect firms like Circle to lean into this advantage, especially as institutional partners and consumers alike grow more cautious about Big Tech controlling their money. Notably, the ongoing partnership between Circle and Coinbase – two of the largest crypto native firms that are publicly traded in the U.S. – can also serve to assuage concerns of policymakers. Regardless of this specific stablecoin project plays out the following reality is becoming increasingly clear, and some would say urgent, for the crypto marketplace. With tens of billions flowing into the sector, TradFi firms deploying blockchain based solutions and native stablecoins, and policymakers actively debating the GENIUS Act, the crypto audit and attestation narrative continues to seem stuck. While the AICPA continues to issue guidance and updates related to digital asset attestation, controls, and valuation, the authoritative standard setters remain behind the proverbial curve. As stablecoins become more important and integrated with payment, treasury, and lending systems the urgency for definitive and standardized auditing best practices will continue to elevate in importance.
Forbes
an hour ago
- Forbes
Counterfeit Bitdefender Website Snares Victims
CHINA - 2023/11/03: In this photo illustration, the Romanian cybersecurity and anti-virus software ... More company Bitdefender logo seen displayed on a smartphone with an Artificial intelligence (AI) chip and symbol in the background. (Photo Illustration by Budrul Chukrut/SOPA Images/LightRocket via Getty Images) Bitdefender is a trusted cybersecurity and anti-virus software company that provides a variety of products to protect your computer and digital devices from malware and other online threats which is why it is particularly disturbing when scammers were recently discovered to have set up a counterfeit Bitdefender website where if you go to download what you think is protective security software from the website, you actually are downloading malware that can steal your passwords and sensitive personal information from your computer or cell phone that will result in your becoming a victim of identity theft and your accounts, such as online bank accounts hacked. Making this story even more disturbing is that the malware used as a part of this scam is readily available for sale on the Dark Web, that part of the internet where criminals buy and sell goods and services. The internet has three distinct layers. The first is the Surface Web, where most people do searches using their standard browsers, such as Google Chrome. The second is the Deep Web, which is not indexed in standard search engines and is accessed by logging in directly to a site; it often requires authentication for access. Online banking and accessing your medical records are two examples of the use of the Deep Web. Finally, there is the Dark Web, which is only accessible through specific browsers, most commonly Tor, which encrypts all traffic and allows users to remain anonymous. Cybercrime-as-a-service (CaaS) is the business model for cybercriminal geniuses who create and provide services for creating phony or counterfeit websites, malware and delivery systems on Dark Web sites It is on these criminal Dark Web sites where criminals sell or lease all kinds of malware, including ransomware. Other things sold on the Dark Web include login credentials to bank accounts and personal information stolen through data breaches. These Dark Web sites look amazingly like regular retail websites. They have ratings and reviews, tech support, software updates, sales and loyalty programs. Many also offer money laundering services as well. Thus even relatively unsophisticated cybercriminals can access the latest tools to commit their crimes. Creating a counterfeit, but legitimate appearing website such as occurred with the counterfeit Bitdefender site is only the first step to accomplishing the criminal's goal. Next, victims must be steered to the website. The sophisticated cybercriminals who design these counterfeit websites are also adept at manipulating the algorithms that determine a high position in a search engine search. They do this in several ways including stuffing their sites with keywords making the site appear more relevant to the algorithms the search engines use to determine placement in a search engine search. In other instances, the criminals merely pay the search engine to have their counterfeit website appear high in a search engine search. Payment for a high position in a search engine search is a profitable advertising tactic for search engines. So how do you protect yourself from these phony and counterfeit websites that, particularly in the era of AI, appear to be so legitimate? First of all, this scam points out the importance of having dual factor authentication on all of your important accounts so that even if someone managed to steal your username and password, when you provided it to the counterfeit website they would be unable to access your account with the real company. Trust me, you can't trust anyone. It is more important than ever when you go online to make sure that you are on the legitimate websites you seek rather than a criminal's counterfeit website. If you know the URL of a website, make sure you type the URL in carefully to avoid going to a criminals' website. You can also confirm a website's legitimacy by going to to see who actually owns the website and how long it has been in existence. The Google Transparency Report will also help indicate whether a website is legitimate or not. Another very good tool is which is a free online service where you provide the URL of the website you are checking on and virustotal will send the file to dozens of antivirus companies including Bitdefender to see if it is legitimate. . Also Google Chrome has its AI powered Enhanced Safe Browsing feature which will allow you to check on the legitimacy of a particular URL and will warn you if it is a scam.
