Android Police

Articles Tagged:

vulnerability

...

Samsung's new Mobile Security Rewards Program will award researchers up to $200,000 per vulnerability discovered

Many companies give out rewards for vulnerabilities found in their software, and Samsung is now joining those ranks. The Korean tech company's Mobile Security Rewards Program has just gone public, enabling security researchers to receive awards of up to $200,000 per bug found.

Read More
...

Major security vulnerability found in VLC, Kodi, and other media players, Kodi for Android already patched

What's worse than a security vulnerability in a widely-used program? A security vulnerability in several widely-used programs. Researchers from Check Point Software Technologies have uncovered a flaw in a handful of media players (including VLC, Kodi, Stremio, and PopcornTime) that allows hackers to run executable code through subtitle files.

Read More
...

Broadcom WiFi vulnerability allows remote code execution, affects almost all Android devices

We of a certain age remember the days before WiFi was widespread. It sucked. Now, there's a wireless network on every corner bringing you all the wonders (and horrors) of the internet. They can also bring you something else: hacks. A researcher from Google's Project Zero security team has revealed an exploit for Broadcom WiFi chips that can allow an attacker to execute code on your device. They just have to be on the same WiFi network as you.

Read More
...

An Israeli security researcher takes a good look at Samsung's Tizen, labels it the worst code he has ever seen

Android is a hulking beast as far as global user share is concerned — hell, it's the most-used operating system in the world, surpassing even Windows (in terms of internet usage). When Samsung announced that it was creating its own open-source alternative to Google's mobile OS, it was not really a surprise. We've had several upstarts over the years, like Sailfish, Firefox OS, Ubuntu Touch, and so on, but all of them have failed in some form or another. There were a few people, however, who thought Sammy could be the one to unseat Google and Android with a mobile operating system that it called Tizen.

Read More
...

The Guardian alleges that WhatsApp has a "backdoor" that could be used to spy on users [Update]

In what I am sure was on purpose due to it being Friday the 13th, some mild form of privacy panic has hit the world due to The Guardian's article this morning about a critical backdoor in WhatsApp. It postulates that, due to how encryption keys are handled when a device goes offline and messages are not sent (for whatever reason), WhatsApp or its parent company Facebook can intercept user communications. Meanwhile, Gizmodo has reported that this is not the case — how WhatsApp handles encryption is a feature and works as intended.

Read More
...

Critical vulnerability Pork Explosion revealed by jcase, cripples security on some phones

Security has been a hot topic on Android for many years, particularly as smartphones take on increasingly significant roles both at home and at work. A single device acts as your main form of communication, contains personal photos and confidential documents, and may even have access to your finances. Google and other companies have made significant investments in time and money to ensure these devices are very hard to break into. However, a vulnerability was recently discovered in some phones that compromises important security measures and opens devices up to various types of attacks. The worst part is that it was created intentionally by a manufacturing partner contracted to build the phones, and the OEMs that designed the phone had no idea.

Read More
...

Rootjunky bypasses factory reset protection on Samsung phones... again

About nine months ago, Rootjunky managed to bypass the factory reset protection (FRP) on Samsung devices simply by inserting an OTG drive into the phone and installing an app. Then, two months later, he found a vulnerability on LG phones; this time, he circumvented FRP by using talkback settings to open a browser, downloading an APK that opened settings, adding a new user, switching back to the main account, and then resetting without FRP. However, this new exploit for Samsung phones might be the most ingenious yet.

Factory reset protection was added to Android with 5.1 Lollipop, but since different OEMs use different variations of Android, vulnerabilities can arise.

Read More
...

Samsung posts July security bulletin ahead of Google, including 4 Samsung-specific vulnerabilities fixed

Samsung has been diligent about releasing its security patch bulletin along with Google at the beginning of every month, but this month, it took the lead and published the details before even Google got around to doing so.

The report lists the different Android Security Bulletin patches issued by Google to AOSP, which are quite numerous this month. There are 9 critical patches, 26 high-severity ones, 9 moderate, and no low severity patches. As for Samsung's Vulnerabilities and Exposures, 4 new ones have been patched with this release, but the bulletin keeps two a secret probably as to not compromise any devices that might be unguarded and have not already or will not receive the security update.

Read More
...

Verizon Rolls Out Its First Stagefright Fix, And It's For The Galaxy Note Edge - Build LRX22C.N915VVRU2BOG5

Verizon has begun rolling out an update for the Galaxy Note Edge that should address the vulnerability in Stagefright, one of Android's media libraries, that could potentially compromise a user's device. This is the first Stagefright-related fix we're aware of Verizon rolling out.

thewholething

Of course, the changelog doesn't specifically mention Stagefright... but it's really obvious that's what it's for, given the timing of the update and terseness of the document. You can probably expect a slew of Samsung Stagefright fixes (as well as other OEMs, of course) on Verizon to follow, if this is any sign.

Read More
...

[Update: Samsung Rolling Out A Fix] PSA: Keyboard Security Flaw Impacting "600 Million+" Samsung Phones Is Probably Nothing To Worry About

This morning, a company called NowSecure published an exploit claiming to affect SwiftKey on Samsung devices that they assert could impact "600 million+" devices. Well, maybe.

While we cannot verify the true seriousness of the security flaw were an attacker to successfully manage to exploit it, we were able to verify something substantially more important to end user safety - it does not affect the SwiftKey app, only the built-in Samsung IME which is partly developed by SwiftKey.

Read More
Page 1 of 41234