It was only yesterday that Cyanogen definitively confirmed AT&T's treacherous move to lock down the Galaxy S4's bootloader, but there is light at the end of that tunnel. No thanks to AT&T but to security researcher extraordinaire and a person I admire Dan Rosenberg, a.k.a. the magician, a.k.a. the root whisperer.
Dan, who is responsible for numerous root and unlock exploits, tweeted this photo of his Galaxy S4 earlier today:
There are no instructions or blog posts explaining the unlock at Dan's blog yet - these should be coming in the future. Read More
When it comes to root and mod action on Motorola devices from the last couple of years, all eyes turn to brilliant Android hacker Dan Rosenberg. Since the Droid 3 was released two years ago, Rosenberg has successfully found root exploits for every Motorola device, including the D3, Bionic, RAZR, Droid 4, Xoom 2, Atrix HD, RAZR HD, and RAZR M. Add to that the fact he just released a tool that unlocks the bootloaders on the most modern Moto phones (RAZR HD, M, and Atrix HD), and it's not hard to see why he's such an important part of the Motorola modding community. Read More
There's some disturbing news today on the Android security front: an vulnerability has been discovered for Samsung's Exynos 4-powered devices. While the related exploit is useful for the mod scene in that it can be harnessed to gain superuser permissions and root pretty much any device running on an Exynos 4 chip, it's also got some rather disturbing implications. According to an XDA member with the handle "alephzain", who developed the exploit, using this security hole can also grant an app access to all physical memory on a given device - basically, anything stored in RAM is fair game. Read More
Update 2: This exploit probably won't work on most Galaxy S III's as long as they have the most recent OTA update, as we demonstrate on video here.
This issue is, unsurprisingly, a lot more nuanced than the video here lets on. The bug is based in the stock Android browser, is in fact quite old, and has been patched in more recent builds of Android - this is probably why Nexus devices running the most recent OTAs are unaffected.
While giving the AT&T HTC One X's firmware a look over, I ran across a a vulnerability that would allow us to gain root access. It turned out not to be all that useful at the time, as another root was released the same day. With the latest 1.85 firmware leak, the previously published root has been fixed, making the one I found earlier useful once again.
Update: AT&T disabled the app installation features of Ready2Go thereby breaking this root process. Read More
Dan Rosenberg, a security researcher and rooting mastermind, has done it again, this time making quick work of the LG Spectrum. In a post to his blog just moments ago, Rosenberg simply states "Yawn. LG loses, users win," and gives instructions on downloading the scripts he provides for Windows, Linux, and OSX.
Considering all that Rosenberg has done (and continues to do) for the community, I'd highly recommend supporting him by hitting the donate button below. Read More
After learning that yesterday's XYBoard root (which was thought to work on all Gingerbread/Honeycomb Moto devices) didn't play nice with Motorola's Xoom Family Edition, highly respected security researcher Dan Rosenberg decided to have a look, hoping to bring root back to the FE.
In a post to his blog earlier today, Rosenberg announced that he has found a working exploit for rooting the Xoom Family Edition. Rosenberg has again beaten others to the punch, namely a developer called Evil_DevNull, who Rosenberg calls out in the post for the alleged plagiarism of a previous FE exploit. Read More
Following the discovery of two security exploits within Google Wallet, the Vice President of Google Wallet and Payments, Osama Bedier, released a statement reassuring readers that Google takes "concrete actions" to protect its users. The statement further indicated that, in response to Wallet's security scare, Google has put prepaid card provisioning on hold, at least until a permanent fix is issued (which should happen "soon").
Update 2/14/12: Prepaid card provisioning has been restored:
Yesterday afternoon, we restored the ability to issue new prepaid cards to the Wallet.
Update: You can download a batch script to root your DROID 4 now (you'll need to have USB debugging and Unknown Sources enabled in the Application settings menu). Find the file on this page, and if you can spare it, take the time to donate to Dan Rosenberg for finding the exploit. All proceeds will go directly to charity, in this case, the American Red Cross.
Widely known and respected security researcher Dan Rosenberg has evidently uncovered a root method for the Droid 4, in addition to a universal Motorola root method. Read More
Yesterday, a security firm called zvelo demonstrated a vulnerability within Google Wallet, cracking its PIN verification system using brute force, giving Wallet access to anyone who had the exploit. It was also revealed that the hack only worked on rooted devices, and Google swiftly reported that a fix for the bug was already being worked on.
Adding to Google Wallet's security worries, a new hack was posted online today, claiming to give access to Google Wallet (sans PIN) on non-rooted devices, requiring just a few steps to gain user information (and funds). Read More