Android Police

Articles Tagged:

hole

7 articles
...

Security Hole In Skype Allows Users To Surreptitiously Connect To Other Users

Reddit user Ponkers posted an interesting find to /r/Android today, pointing out a significant privacy hole in Skype that essentially allows users to force an Android device to answer a call, making eavesdropping nearly effortless.

Ponkers drew a diagram below, which I feel compelled to include based on its artistic merits, but here's the gist of how the process works.

Assume you have three devices, device 1, device 2, and device 3.

Read More
...

HTC Acknowledges Data-Exposing Vulnerability In Some Devices, Promises Over-The-Air Patch Shortly

HTC acknowledged the vulnerability in some of its devices that Android Police together with Trevor Eckhart posted Saturday night. The privilege escalation vulnerability currently allows a potentially malicious app that uses only the INTERNET permission to connect to HTC's HtcLoggers service and get access to data far exceeding its access rights. This data includes call history, the list of user accounts, including email addresses, SMS data, system logs, GPS data, and more.

Read More
...

Massive Security Vulnerability In HTC Android Devices (EVO 3D, 4G, Thunderbolt, Others) Exposes Phone Numbers, GPS, SMS, Emails Addresses, Much More

I am quite speechless right now. Justin Case and I have spent all day together with Trevor Eckhart (you may remember him as TrevE of DamageControl and Virus ROMs) looking into Trev's findings deep inside HTC's latest software installed on such phones as EVO 3D, EVO 4G, Thunderbolt, and others.

These results are not pretty. In fact, they expose such ridiculously frivolous doings, which HTC has no one else to blame but itself, that the data-leaking Skype vulnerability Justin found earlier this year pales in comparison.

Read More
...

[Updated] Google Rolling Out Fix For Wi-Fi Security Vulnerability To All Affected Android Devices

Well, that only took one media firestorm. Google, in response to widespread reports of a potential credential security hole in Android (which not only affects Android, but any OS using authTokens), is starting to roll out a fix for the public Wi-Fi vulnerability to all affected Android devices today. Google's statement, below:

Today we’re starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts.

Read More
...

[Updated] Exclusive: Vulnerability In Skype For Android Is Exposing Your Name, Phone Number, Chat Logs, And A Lot More

Update #1: Skype is investigating the issue, we've been told.

Update #2: Skype's official first response can be found here.

The safety of our personal information is often a concern of mine - who has my email address, my phone number, my date of birth? How can I keep my private information safe while still enjoying the internet? These concerns have prompted me to take a deeper look at Android apps more than once, and often this can yield some frightening information.

Read More
...

Yet Another Android Data-Stealing Vulnerability Uncovered, Affects All Versions Of The OS

Last year, we reported on a serious vulnerability in all versions of Android, found by a security researcher Thomas Cannon. It allowed a remote attacker to download files off a user's SD card upon visiting a webpage with malicious JavaScript code embedded in it. Google's response was swift, and the fix was rolled out in the public release of Gingerbread at the end of 2010.

A new report from eWeek came out today stating that another researcher, Xuxian Jiang, this time from North Carolina State University, stepped forward with a tweak to the very same vulnerability Google reportedly patched.

Read More
...

New Vulnerability Affecting All Versions Of Android Allows Unauthorized Remote SD Card Access

A new vulnerability that affects every Android device currently on the market was discovered and published today by Thomas Cannon, an information and security researcher. The hole in the way the Android browser treats Javascript allows a remote attacker to lure an unsuspecting victim to a malicious web page, which then downloads and executes rogue Javascript with access to the local SD card's file system. While the locations of files on the SD card needs to be known by the attacker in advance, it still represents a clear problem due to many popular applications storing data in the same location.

Read More
Quantcast