Android Police

Articles Tagged:

vulnerability

22 articles
...

Report: Security Vulnerability In Many Android Phones Allows Malicious Apps To Record Audio, Track Location, And More Without User Permission

According to a group of computer scientists at North Carolina State University, a vulnerability exists within many Android devices that would allow hackers (or malicious apps) to bypass the permissions request process and tap into audio and location, wipe apps and data, or send unauthorized SMS messages, all without the user knowing.

This news may sound a bit sensational, but the researchers have created and tested a dummy app which effectively demonstrates the exploit:

Among the eight phones tested with the researchers' diagnostic app (Woodpecker), HTC's Evo 4G seemed to be the most vulnerable, able to "leak" eight different capabilities to their dummy app, which was not explicitly granted appropriate permissions by the user.

Read More
...

[Updated] Carriers Sending Out An OTA Update To Fix Massive Security Flaw In Several HTC Devices

At the beginning of the month, we broke the news about a huge security vulnerability in several HTC phones, including the Thunderbolt, EVO 3D, EVO 4G, and possibly more. Not long after word of this issue hit the 'net, HTC issued a response acknowledging it, as well as promising to deliver a patch to correct it. Looks like they are making good on that promise now, as several HTC devices are currently receiving an OTA update to correct this vulnerability.

Read More
...

HTC Security OTA Appearing On European Sensations [Update: And Now The GSM EVO 3D, Too]

Originally Posted October 12th.

It's been eleven days since Android Police published this story detailing the discovery by Trevor Eckhart of some serious security issues within HTC's more recent software. Three days after that HTC responded, and now, a further week or so later, we are seeing reports of an "important security update" being pushed to HTC Sensations throughout Europe.

image

Screencap by FG1234 of Android-Hilfe.de

While HTC does not specify exactly what the ~9 MB update addresses, the timing seems right to relate to the preceding story.

Read More
...

HTC Acknowledges Data-Exposing Vulnerability In Some Devices, Promises Over-The-Air Patch Shortly

HTC acknowledged the vulnerability in some of its devices that Android Police together with Trevor Eckhart posted Saturday night. The privilege escalation vulnerability currently allows a potentially malicious app that uses only the INTERNET permission to connect to HTC's HtcLoggers service and get access to data far exceeding its access rights. This data includes call history, the list of user accounts, including email addresses, SMS data, system logs, GPS data, and more.

Read More
...

Massive Security Vulnerability In HTC Android Devices (EVO 3D, 4G, Thunderbolt, Others) Exposes Phone Numbers, GPS, SMS, Emails Addresses, Much More

I am quite speechless right now. Justin Case and I have spent all day together with Trevor Eckhart (you may remember him as TrevE of DamageControl and Virus ROMs) looking into Trev's findings deep inside HTC's latest software installed on such phones as EVO 3D, EVO 4G, Thunderbolt, and others.

These results are not pretty. In fact, they expose such ridiculously frivolous doings, which HTC has no one else to blame but itself, that the data-leaking Skype vulnerability Justin found earlier this year pales in comparison.

Read More
...

Motorola Droid 3 Finally Joins The Rooted Community

The Droid 3 is the most powerful Droid to date -- its 1Ghz dual-core OMAP processor and Android 2.3.4 make it a speedy and capable device. As with most devices, D3 owners wanted root access in order to take full advantage of all that it had to offer. That day has finally arrived, as the D3 has been rooted by developer drjbliss from the XDA forums.

droid3-root

The rooting process seems to be rather easy, granted you have ADB set up and know how to use it.

Read More
...

Security Vulnerability In Most Versions Of Android Allows Attackers To Steal Your Login Credentials

Regardless of where you sit in the tech world, there is one thing that affects us all: security vulnerabilities. Unfortunately, our little green robot is no exception this rule, and The Register recently dropped a report on a potentially bad exploit.

Apparently, in Android 2.3.3 and below, there is a vulnerability that would allow attackers to collect digital tokens that are stored on the device after users login to Google Calendar, Facebook, Twitter, and "several other accounts."

Here's how it works: when you login to an account, an authToken is stored locally on your device for 14 days, allowing you to re-access the service without hassle.

Read More
...

Skype App For Android Updated To 1.0.0.983, Fixes Personal Info Vulnerability And Adds 3G Calling In The U.S.

Skype released an update to its Android app this morning, remedying the vulnerability which exposed tons of personal info that we revealed last week. Our own Justin Case who originally found the issue has taken a look at the updated version of the app and confirmed that the exploit he developed to demonstrate the vulnerability no longer functions.

Specifically, Skype has changed the permissions of the databases (which contain the personal information) in question.

Read More
...

[Updated] Exclusive: Vulnerability In Skype For Android Is Exposing Your Name, Phone Number, Chat Logs, And A Lot More

Update #1: Skype is investigating the issue, we've been told.

Update #2: Skype's official first response can be found here.

The safety of our personal information is often a concern of mine - who has my email address, my phone number, my date of birth? How can I keep my private information safe while still enjoying the internet? These concerns have prompted me to take a deeper look at Android apps more than once, and often this can yield some frightening information.

Read More
...

Yet Another Android Data-Stealing Vulnerability Uncovered, Affects All Versions Of The OS

Last year, we reported on a serious vulnerability in all versions of Android, found by a security researcher Thomas Cannon. It allowed a remote attacker to download files off a user's SD card upon visiting a webpage with malicious JavaScript code embedded in it. Google's response was swift, and the fix was rolled out in the public release of Gingerbread at the end of 2010.

A new report from eWeek came out today stating that another researcher, Xuxian Jiang, this time from North Carolina State University, stepped forward with a tweak to the very same vulnerability Google reportedly patched.

Read More
Page 2 of 3123
Quantcast