It was only yesterday that Cyanogen definitively confirmed AT&T's treacherous move to lock down the Galaxy S4's bootloader, but there is light at the end of that tunnel. No thanks to AT&T but to security researcher extraordinaire and a person I admire Dan Rosenberg, a.k.a. the magician, a.k.a. the root whisperer.
Dan, who is responsible for numerous root and unlock exploits, tweeted this photo of his Galaxy S4 earlier today:
There are no instructions or blog posts explaining the unlock at Dan's blog yet - these should be coming in the future. When, you might ask? This part is not decided just yet, for a good reason (put down your pitchforks).
There's some disturbing news today on the Android security front: an vulnerability has been discovered for Samsung's Exynos 4-powered devices. While the related exploit is useful for the mod scene in that it can be harnessed to gain superuser permissions and root pretty much any device running on an Exynos 4 chip, it's also got some rather disturbing implications. According to an XDA member with the handle "alephzain", who developed the exploit, using this security hole can also grant an app access to all physical memory on a given device - basically, anything stored in RAM is fair game. The virtual directory for memory within the kernel, dev/exynos-mem, is wide open, apparently for access to various camera-related functions.
Update 2: This exploit probably won't work on most Galaxy S III's as long as they have the most recent OTA update, as we demonstrate on video here.
Update: This issue is, unsurprisingly, a lot more nuanced than the video here lets on. The bug is based in the stock Android browser, is in fact quite old, and has been patched in more recent builds of Android - this is probably why Nexus devices running the most recent OTAs are unaffected. The fact is, this is not a Samsung problem, it's an old Android problem that has been known about for some time.
While giving the AT&T HTC One X's firmware a look over, I ran across a a vulnerability that would allow us to gain root access. It turned out not to be all that useful at the time, as another root was released the same day. With the latest 1.85 firmware leak, the previously published root has been fixed, making the one I found earlier useful once again.
Update: AT&T disabled the app installation features of Ready2Go thereby breaking this root process. We don't have an updated root method at this time.
This vulnerability happens to be in carrier bloat - specifically an app called ATT Ready2Go (also know as dashconfig), which is shipping on many new AT&T LTE devices.
Dan Rosenberg, a security researcher and rooting mastermind, has done it again, this time making quick work of the LG Spectrum. In a post to his blog just moments ago, Rosenberg simply states "Yawn. LG loses, users win," and gives instructions on downloading the scripts he provides for Windows, Linux, and OSX.
Considering all that Rosenberg has done (and continues to do) for the community, I'd highly recommend supporting him by hitting the donate button below. Having already taken that possibility into consideration, Rosenberg has the following to say on the subject of supporting his efforts with money:
I encourage anyone thinking of donating in thanks to direct your donation to the American Red Cross or another reputable charitable organization.
After learning that yesterday's XYBoard root (which was thought to work on all Gingerbread/Honeycomb Moto devices) didn't play nice with Motorola's Xoom Family Edition, highly respected security researcher Dan Rosenberg decided to have a look, hoping to bring root back to the FE.
In a post to his blog earlier today, Rosenberg announced that he has found a working exploit for rooting the Xoom Family Edition. Rosenberg has again beaten others to the punch, namely a developer called Evil_DevNull, who Rosenberg calls out in the post for the alleged plagiarism of a previous FE exploit.
The post goes on to explain the "stupidest root ever," making clear a convenient vulnerability that was evidently begging to be exploited:
The first few arguments cmdclient supports are “ec_recovery”, “ec_btmac”, “ec_snid”, “ec_skunumber”, and “ec_imeiwithbarcode”.
Following the discovery of two security exploits within Google Wallet, the Vice President of Google Wallet and Payments, Osama Bedier, released a statement reassuring readers that Google takes "concrete actions" to protect its users. The statement further indicated that, in response to Wallet's security scare, Google has put prepaid card provisioning on hold, at least until a permanent fix is issued (which should happen "soon").
Update 2/14/12: Prepaid card provisioning has been restored:
Yesterday afternoon, we restored the ability to issue new prepaid cards to the Wallet. In addition, we issued a fix that prevents an existing prepaid card from being re-provisioned to another user.
Update: You can download a batch script to root your DROID 4 now (you'll need to have USB debugging and Unknown Sources enabled in the Application settings menu). Find the file on this page, and if you can spare it, take the time to donate to Dan Rosenberg for finding the exploit. All proceeds will go directly to charity, in this case, the American Red Cross.
Widely known and respected security researcher Dan Rosenberg has evidently uncovered a root method for the Droid 4, in addition to a universal Motorola root method. Though the Droid 4's root access was discovered less than a day after its release, both exploits are being withheld until a $500 bounty is raised.
Yesterday, a security firm called zvelo demonstrated a vulnerability within Google Wallet, cracking its PIN verification system using brute force, giving Wallet access to anyone who had the exploit. It was also revealed that the hack only worked on rooted devices, and Google swiftly reported that a fix for the bug was already being worked on.
Adding to Google Wallet's security worries, a new hack was posted online today, claiming to give access to Google Wallet (sans PIN) on non-rooted devices, requiring just a few steps to gain user information (and funds).
The Smartphone Champ reported on the newly-discovered flaw, explaining just how the exploit works:
The security flaw is painfully easy to do and requires no extra software nor does it require root. All a person who wants to access your Google Wallet has to do is go into the application settings menu and clear the data for the Google Wallet app. After doing that your Google Wallet app will be reset and will prompt for you to set a new pin the next time you open it. The problem here is that since Google Wallet is tied to the device itself and not tied to your Google account, that once they set the new pin and log into the app, when they add the Google prepaid card it will add the card that is tied to that device. In other words, they’d be able to add your card and have full access to your funds.