20
Apr
android_skype

Skype App For Android Updated To 1.0.0.983, Fixes Personal Info Vulnerability And Adds 3G Calling In The U.S.

Posted by in Applications, Apps/Games, News

Skype released an update to its Android app this morning, remedying the vulnerability which exposed tons of personal info that we revealed last week. Our own Justin Case who originally found the issue has taken a look at the updated version of the app and confirmed that the exploit he developed to demonstrate the vulnerability no longer functions.

Specifically, Skype has changed the permissions of the databases (which contain the personal information) in question. This update will not remedy the vulnerability on the leaked video version of the app, so continued use is at your own risk. Skype will incorporate the fix into the video version of the app when it is officially released.

14
Apr
android_skype

[Updated] Exclusive: Vulnerability In Skype For Android Is Exposing Your Name, Phone Number, Chat Logs, And A Lot More

Posted by in Development, Exclusives, News
Last Updated: June 5th, 2012

Update #1: Skype is investigating the issue, we've been told.

Update #2: Skype's official first response can be found here.

The safety of our personal information is often a concern of mine - who has my email address, my phone number, my date of birth? How can I keep my private information safe while still enjoying the internet? These concerns have prompted me to take a deeper look at Android apps more than once, and often this can yield some frightening information.

On April 11, a leaked version of Skype Video hit the web and, having a Thunderbolt, I had to try it.

29
Jan
image

Yet Another Android Data-Stealing Vulnerability Uncovered, Affects All Versions Of The OS

Posted by in Android OS, Gingerbread 2.3, News

Last year, we reported on a serious vulnerability in all versions of Android, found by a security researcher Thomas Cannon. It allowed a remote attacker to download files off a user's SD card upon visiting a webpage with malicious JavaScript code embedded in it. Google's response was swift, and the fix was rolled out in the public release of Gingerbread at the end of 2010.

A new report from eWeek came out today stating that another researcher, Xuxian Jiang, this time from North Carolina State University, stepped forward with a tweak to the very same vulnerability Google reportedly patched. The new method circumvents protection put in place and allows an attacker, yet again, to access a user's SD card as well as the /system directory and directories that are open for reading in the Android sandbox.

23
Nov
image

New Vulnerability Affecting All Versions Of Android Allows Unauthorized Remote SD Card Access

Posted by in News

A new vulnerability that affects every Android device currently on the market was discovered and published today by Thomas Cannon, an information and security researcher. The hole in the way the Android browser treats Javascript allows a remote attacker to lure an unsuspecting victim to a malicious web page, which then downloads and executes rogue Javascript with access to the local SD card's file system. While the locations of files on the SD card needs to be known by the attacker in advance, it still represents a clear problem due to many popular applications storing data in the same location. Additionally, photo files tend to use similar naming schemes, and the attacker would be easily able to harvest some of your private pictures.

29
Sep
root_android

2.2.1 Update For Nexus One Breaks Universal Androot, Swype, And Other Aftermarket Keyboards

Posted by in Android OS, News, Nexus One (Passion)

A few days ago, the code for the Nexus One's 2.2.1 update went AOSP (Android Open Source Project), meaning that the source code became available to developers. It was comprised mostly of bugfixes and other things that weren't major... oh, and it also patched the exploits that allowed Universal Androot to unlock your device. We had a short conversation about it on Twitter with Cyanogen (the conversation starts at the bottom and goes up):

Image 9

As if breaking Universal Androot wasn't enough, apparently the new update also prevents existing installations of Swype and some other aftermarket keyboards from working. An easy solution exists though - just uninstall your existing keyboard and reinstall it.

Page 2 of 212