In the words of a famous disc jockey: "Another one." A young hacker-turned-security researcher in England found a critical vulnerability on T-Mobile's website that basically left records of user logins exposed online for hackers to pillage. The bug was reported and patched in December, and T-Mobile says no customer information was compromised as a result of this flaw.
A security researcher has revealed that a recently patched hole in T-Mobile's security made it possible for hackers to vacuum up all your personal account information, and all they needed was your phone number. And you probably give that out all the time. T-Mobile says the vulnerability has been corrected, but there's some question as to how severe the data breach might have been.
We of a certain age remember the days before WiFi was widespread. It sucked. Now, there's a wireless network on every corner bringing you all the wonders (and horrors) of the internet. They can also bring you something else: hacks. A researcher from Google's Project Zero security team has revealed an exploit for Broadcom WiFi chips that can allow an attacker to execute code on your device. They just have to be on the same WiFi network as you.
The security of our mobile apps and private data is a very serious matter. This is particularly true for high value targets like web browsers, which often store login credentials that can be used to access many of the websites we use on a regular basis. Unfortunately, browsers are also very complicated applications with an extensive set of features that are difficult to lock down completely. Sebastián Guerrero Selma of viaForensics recently posted a video demonstrating a newly discovered vulnerability in Firefox for Android which would allow hackers to access both the contents of the SD card and the browser's private data.
Much like MotoRoot, PwnMyMoto is packaged as a single app that must be sideloaded with adb. After running it and waiting through 2-3 reboots, your phone will be set up to boot into either the standard write-protected mode (recommended for daily use) or with write protection disabled.
Apktool is a Windows/Mac/Linux utility for reverse engineering Android apps. It allows you to decode an app, change something, rebuild it, and pray it still runs. You're going to need something like this if you're into theming apps, hacking a feature onto someone else's app, finding security holes, or just want to hunt for info.
Apktool has been freshly updated to version 1.5.1, with the new headline feature being "Android 4.2 support." Here's the full changelog.
Android 4.2 support
Added -a / -aapt command on rebuild to specify location of aapt
Updated unit tests for 4.2 support
Closed file-handler when writing frameworks to file system.
Since time immemorial, the Android Market app let you see a list of just your purchased apps under a "Not installed" section. When the Play Store change happened, that list was still there. Then at some point with all the stealth updates, that list of paid apps went away. Thanks to Paul O'Brien over at Modaco, we have the Legacy Play app that solves that problem by bringing back the "Not installed" list.
O'Brien was able to retrieve an old version of the Play Store client and hack around to make it run alongside the official Play Store. In the Legacy Play Store your My Apps screen will again have a handy list of all your paid apps that are not installed on the device.
Today is a good day, I think, for source code drops! Samsung has just released the source code for an update for the Epic 4G Touch, Sprint's variant of the Galaxy S II. The update (FF18) is said to be rolling out to devices right now as an OTA. If you want to get your hands on the kernel code to fiddle with it yourself before the update arrives, however, you can head to Samsung's download page here.
Dat source code.
If you're not a developer, chances are this won't be of interest to you. No you can't flash it and yes you're better off waiting for a ROM to be built or the update to rollout to your device.
Yesterday, we told you about the OpenGL video driverChainfire3D. At the time, there was a common question: what can you really do with this? Some crafty XDA users have set out to prove exactly what you can do using CF3D, and here at AP, we all think it's nothing short of awesome.
In the past, we've highlighted several games specifically for Tegra devices, and we felt the backlash from users that wanted these games but lacked the proper hardware (read: no Tegra). Now, however, it is possible to play Tegra-specific games on non-Tegra devices, thanks to the CPU emulation and a few plugins in CF3D.
Of all the things that are cool and impractical in this world, this has to be one of my favorites. At one point or another, all EVO 4G owners have wanted to ditch their desktop PCs in lieu of their smartphone, right? Okay, maybe not - but if you ever get the urge to do so, then XDA member Lokifish Marzhas the setup for you.
Using mostly free software and a little bit of elbow grease, he has his EVO 4G set up as a fully functional desktop computer, including a mouse, keyboard, speakers, monitor - the works. You really need to see what I'm talking about to get the full effect of how cool this is, and fortunately for us, Lokifish has made a video to demonstrate: