10
Apr
1

Dan Rosenberg: 'I See This As The End Of An Era For Motorola Rooting And Modding'

Posted by in Motorola, News

When it comes to root and mod action on Motorola devices from the last couple of years, all eyes turn to brilliant Android hacker Dan Rosenberg. Since the Droid 3 was released two years ago, Rosenberg has successfully found root exploits for every Motorola device, including the D3, Bionic, RAZR, Droid 4, Xoom 2, Atrix HD, RAZR HD, and RAZR M. Add to that the fact he just released a tool that unlocks the bootloaders on the most modern Moto phones (RAZR HD, M, and Atrix HD), and it's not hard to see why he's such an important part of the Motorola modding community.

27
Feb
secuniatiny

Secunia PSI Is A Tech Preview Of A 'Security' App That Scans A Few Other Apps And Gives You Useless Information

Posted by in Applications, News

There are a lot of security apps for Android that go a little ways into overkill territory. Whether you're talking about superfluous task managers or "virus scanners" that may provide some minimal protection while generating more fear than is warranted, Android has a persistent problem with companies applying a Windows-era mentality on a completely different OS. Secunia PSI, however, takes the cake for being one of the least effective apps on the Play Store.

secunia1 secunia2 secunia3

Here's how it works: Secunia scans your apps for possible vulnerabilities. Not actual infections, mind you. It just checks to see if the currently installed versions of your application match any known security holes.

25
Sep
home-bugdroid

[Update: Not Just Samsung] Exploit Could Force Factory Reset On Many Android Phones

Posted by in News, Samsung

Update 2: This exploit probably won't work on most Galaxy S III's as long as they have the most recent OTA update, as we demonstrate on video here.

Update: This issue is, unsurprisingly, a lot more nuanced than the video here lets on. The bug is based in the stock Android browser, is in fact quite old, and has been patched in more recent builds of Android - this is probably why Nexus devices running the most recent OTAs are unaffected. The fact is, this is not a Samsung problem, it's an old Android problem that has been known about for some time.

23
Jul
image

[New App] X-Ray For Android From Duo Security Scans Your Device For Root Vulnerabilities, Unfortunately Can't Fix Them

Posted by in Apps/Games, News

We've all read the horror stories: a new virus is crawling through the third-party stores, aiming to steal your personal information, identity, and first born child. More often than not, this type of malicious app is made possible because of one of the various root vulnerabilities that have been discovered throughout the various versions of Android.

X-Ray is a new app that lets you see exactly how vulnerable your device is by scanning it against several of these exploits, including RageAgainstTheCage, Gingerbreak, Mempodroid, Levitator, and a few more.

It's extremely easy to use: simply install it and run a scan. It will run through each exploit in a matter of minutes and display whether or not the device is vulnerable.

23
Apr
26-Android-security_thumb

Dan Rosenberg's Presentation On Android Modding For The Security Practitioner Is A Must-Read

Posted by in Android OS, News

While not everyone who owns an Android device roots, the Android modding community is at the very heart of everything we love about our little green buddy. Security researcher Dan Rosenberg recently gave a presentation where he elaborates on root and modding methods, as well as expounding on the security implications of modding Android phones.

Rosenberg also had quite a lot to say about how carriers influence the Android landscape. Said Rosenberg:

"Of the 10 vulnerabilities that I discovered and used for rooting on Android, 9 of them are related to "stupid" file permissioning not present in the stock Android code, but introduced by the manufacturers"

This won't come as any surprise to anyone who's not fond of carrier skins.

25
Oct
htc-logo

[Updated] Carriers Sending Out An OTA Update To Fix Massive Security Flaw In Several HTC Devices

Posted by in EVO 3D (Shooter), EVO 4G (Supersonic), EVO Design 4G, EVO View 4G, News, Thunderbolt (Mecha)

At the beginning of the month, we broke the news about a huge security vulnerability in several HTC phones, including the Thunderbolt, EVO 3D, EVO 4G, and possibly more. Not long after word of this issue hit the 'net, HTC issued a response acknowledging it, as well as promising to deliver a patch to correct it. Looks like they are making good on that promise now, as several HTC devices are currently receiving an OTA update to correct this vulnerability.

So far, we've confirmed that the EVO 3D, EVO 4G, EVO View 4G, and EVO Design 4G on Sprint are all receiving an OTA update.

17
May
26-Android-security

Security Vulnerability In Most Versions Of Android Allows Attackers To Steal Your Login Credentials

Posted by in Android OS, News

Regardless of where you sit in the tech world, there is one thing that affects us all: security vulnerabilities. Unfortunately, our little green robot is no exception this rule, and The Register recently dropped a report on a potentially bad exploit.

Apparently, in Android 2.3.3 and below, there is a vulnerability that would allow attackers to collect digital tokens that are stored on the device after users login to Google Calendar, Facebook, Twitter, and "several other accounts."

Here's how it works: when you login to an account, an authToken is stored locally on your device for 14 days, allowing you to re-access the service without hassle.

03
Jun
unrevoked

"UnrEVOked" - A Painless EVO 4G Rooting Method, Coming Tomorrow. Creator Says EVO Vulnerable To Hackers Unless Rooted

Posted by in Carriers, Devices By Manufacturer, EVO 4G (Supersonic), Hero (Sprint, HeroC), HTC, News, Sprint

Well, this is fun. Minutes after I completed and published my post further detailing how to root your EVO, I catch a teaser for ‘unrevoked’ - a ‘painless’ EVO rooting method that’s to be released tomorrow. Unrevoked is the work of Matt Mastracci, who gave us our first sneak peak at a rooted EVO, and one of the developers who contributed to the hack.

unrevoked

As Matt details here, there are several critical security flaws present in the custom Sprint software included on the EVO, and these flaws were the driving force behind releasing an easy ‘anyone can do it’ rooting method for the EVO.