Android Police

Articles Tagged:

vulnerability

22 articles
...

Critical Vulnerability In Verizon FiOS Mobile API Allowed Easy Access To Any User's Email Info

Verizon isn't making many friends when it comes to keeping private information private. Just two days after news broke that Verizon Wireless is collecting and in some cases selling web browsing info, its parent company has been given a black eye for insecure practices associated with the FiOS Internet service. Security researcher Randy Westergren discovered a way to access any FiOS user's Verizon email account by using the mobile API.

Read More
...

Android 4.4.3 Patch Finally Closes Up An Ancient Vulnerability, Shuts Down Several Serious Security Exploits

Ask anybody that spends time in the security circles and they'll tell you that every large software project is bound to have a few long-standing vulnerabilities in the code. Fortunately, there are usually a few people who are paid to close up those holes so you, the customer, don't find yourself the victim of nefarious evildoers someday. Like so many before it, the latest update to Android came with a boatload of changes, at least one of which fixes a potentially dangerous vulnerability that can be used for numerous attacks, including a way to acquire root.

Read More
...

Samsung Addresses The Knox Vulnerability That Wasn't

Described by the Wall Street Journal as "a vulnerability that could allow malicious software to track emails and record data communications," a potential vulnerability in Samsung's Knox platform was discovered in late December by researchers at Israel's Ben-Gurion University. The researchers said the vulnerability would allow those with malicious intent to "easily intercept" secure data from Knox users. Samsung's initial response was that the problem may be less serious than researchers implied, and that it would investigate the situation thoroughly.

Read More
...

SMS Vulnerability In Nexus Phones Can Be Exploited To Force A Reboot Or Kill Cellular Connectivity

Today, at the DefCamp Security Conference in Bucharest, Romania, details were revealed about a potentially serious SMS vulnerability found in all current Nexus phones. The person responsible for the discovery is Bogdan Alecu, a system administrator at Levi9 and independent security researcher in Romania. When exploited, the attack can force the phone to reboot or destabilize certain services.

2013-11-29_10-53-59

The method of attack simply relies on sending a series of Class 0 "Flash" messages to the target phone.

Read More
...

Second Mobile Pwn2Own Competition Announced With Plenty Of Android Targets To Crack And $300,000 In Prizes

The second annual Mobile Pwn2Own competition, run by HP TippingPoint's Zero Day Initiative, is fast approaching. This year's event will take place at the PacSec Applied Security Conference in Tokyo from November 13-14, and over $300,000 in cash and prizes is up for grabs. The Pwn2Own contest challenges security researchers to find and exploit vulnerabilities on mobile devices and rewards them by giving them the device they were able to compromise.

Read More
...

[Update: Fix In Place] Serious Security Hole Discovered In Cerberus Anti Theft, Gives Attackers Near-Total Access To Your Phone, Fix In The Works

When it comes right down to it, few things are much scarier than finding out somebody can track your movements, read your call log and text messages, and even record audio and take pictures of whatever the phone can get, all without your knowledge. Here's the thing - as careful, security-conscious people, many of us already install software like that for our own purposes, usually to recover a phone in the event it should fall into the hands of thieves.

Read More
...

[New App] Duo Security And NEU SecLab Releases ReKey Master Key Vulnerability Patch For Rooted Android Users Still Waiting On Their Carriers

A few weeks ago the "Master Key" APK verification vulnerability rocked the Android security landscape... then immediately stopped rocking it, once Google revealed that they had patched the vulnerability months ago. Still, that's little comfort to users who aren't on a brand-new 4.2 phone (or, you know, a Nexus device that gets real updates). CyanogenMod has responded by patching all of its official ROMs (twice), and now noted security firm Duo has teamed up with Northeastern University's SecLab to do the same for all Android rooted users, regardless of their device.

Read More
...

Security Researcher Demonstrates GPS Vulnerability That Could Let Hackers Track Users' Location, Take Over Phone

Over at Black Hat USA 2012, security researcher Ralf-Phillip Weinmann demonstrated a vulnerability in several Android devices that utilized A-GPS to send illicit messages to the device which could, he explained, be used to send a report of the device's location any time an A-GPS message was sent or even be used to gain complete control of the device.

In describing the attack, Weinmann pointed out that, for example, a malicious WiFi network could instruct a phone to relay all future A-GPS requests, even once the device has left the WiFi network's range.

Read More
...

Google Wallet's PIN Verification Cracked (Again), No Root Access Required

Yesterday, a security firm called zvelo demonstrated a vulnerability within Google Wallet, cracking its PIN verification system using brute force, giving Wallet access to anyone who had the exploit. It was also revealed that the hack only worked on rooted devices, and Google swiftly reported that a fix for the bug was already being worked on.

Adding to Google Wallet's security worries, a new hack was posted online today, claiming to give access to Google Wallet (sans PIN) on non-rooted devices, requiring just a few steps to gain user information (and funds).

Read More
...

[Public Disclosure] Vulnerability In HTC Android Devices Exposed Wi-Fi Credentials To Apps Which Knew How To Ask (But, Thankfully, Didn't)

A serious vulnerability that affected the way some popular HTC Android phones handle 802.1x usernames, passwords, and SSIDs was disclosed publicly today by engineers Chris Hessing and Bret Jordan. The bug allowed applications with only an ACCESS_WIFI_STATE permission to read your Wi-Fi SSIDs, usernames, and, most importantly, passwords on at least the following devices:

  • Desire HD  (both "ace" and "spade" board revisions) - Versions FRG83D, GRI40
  • Glacier - Version FRG83
  • Droid Incredible - Version FRF91
  • Thunderbolt 4G - Version FRG83D
  • Sensation Z710e - Version GRI40
  • Sensation 4G - Version GRI40
  • Desire S - Version GRI40
  • EVO 3D - Version GRI40
  • EVO 4G - Version GRI40

Of course, if a malicious application also happens to have access to the Internet, SMS, or other means of sending out information, credentials could leak out from a vulnerable device to a remote location.

Read More
Page 1 of 3123
Quantcast