Android Police

Articles Tagged:



[Update: Fix now available] ES File Explorer vulnerability leaves your files exposed to anyone on the same network

In the early days of Android, ES File Explorer was one of the better ways to manage your storage. That hasn't been true for a long time, though. Not only is the app rather cluttered and buggy, security researcher Elliot Alderson (@fs0c131y on Twitter) points out this app makes your files vulnerable to theft. All you have to do is open it once.

Read More

Newegg hacked, card information stolen for millions

Popular e-commerce website Newegg is the latest victim of cyber attacking by Magecart, according to Volexity, a cyberthreat monitoring firm. Newegg is one in a string of high profile cyber attacks making use of the card skimming code which recently compromised British Airways, Ticketmaster, and Feedify. Most critically, customer names and complete card details were stolen using exploited code between August 16th and September 18th.

Read More

Another T-Mobile website bug allowed anyone to access customer info using just a phone number

T-Mobile customers, your data has been put at risk by your carrier, once again. In what seems like copypasta at this point, a security researcher recently found a bug in a publicly discoverable subdomain on T-Mobile's website that gave anyone access to customer data using just a phone number. It's almost like T-Mobile wants to award those bug bounties.

Read More

T-Mobile website bug exposed customer logins to hackers, carrier says no accounts compromised

In the words of a famous disc jockey: "Another one." A young hacker-turned-security researcher in England found a critical vulnerability on T-Mobile's website that basically left records of user logins exposed online for hackers to pillage. The bug was reported and patched in December, and T-Mobile says no customer information was compromised as a result of this flaw.

Read More

An Israeli security researcher takes a good look at Samsung's Tizen, labels it the worst code he has ever seen

Android is a hulking beast as far as global user share is concerned — hell, it's the most-used operating system in the world, surpassing even Windows (in terms of internet usage). When Samsung announced that it was creating its own open-source alternative to Google's mobile OS, it was not really a surprise. We've had several upstarts over the years, like Sailfish, Firefox OS, Ubuntu Touch, and so on, but all of them have failed in some form or another. There were a few people, however, who thought Sammy could be the one to unseat Google and Android with a mobile operating system that it called Tizen.

Read More

Critical vulnerability Pork Explosion revealed by jcase, cripples security on some phones

Security has been a hot topic on Android for many years, particularly as smartphones take on increasingly significant roles both at home and at work. A single device acts as your main form of communication, contains personal photos and confidential documents, and may even have access to your finances. Google and other companies have made significant investments in time and money to ensure these devices are very hard to break into. However, a vulnerability was recently discovered in some phones that compromises important security measures and opens devices up to various types of attacks. The worst part is that it was created intentionally by a manufacturing partner contracted to build the phones, and the OEMs that designed the phone had no idea.

Read More

LG Now Has Its Own Security Bulletin Like Google And Samsung

Google started taking security updates much more seriously last year after the Stage Fright vulnerability hit. Samsung followed suit, and even launched a monthly security bulletin mirroring Google's. Now, LG has a security bulletin site where it will post updates on vulnerabilities. First up, the May security bulletin, the most recent one Google has published.

Read More

Emergency Patch Issued For Android Studio And IntelliJ-Based IDEs To Close Up Two Serious Security Vulnerabilities


Google Is Investigating The New Linux Kernel Exploit, But Does Not Believe Many Android Devices Are Vulnerable

A zero-day vulnerability in the Linux kernel was disclosed a few days ago, and that usually spells bad news for anything based on Linux. That includes Android, of course. When Perception Point announced the exploit (CVE-2016-0728), it claimed 66% of Android devices were affected. Google's Adrian Ludwig says the real number is much, much smaller.

Read More

Vast Majority Of Android Devices Are Vulnerable To 'Stagefright' Exploit That Can Be Executed Via Text Message, According To Researchers

In a blog post published today by the researchers at Zimperium Mobile Security, the group divulged an extremely widespread security vulnerability that can be exploited with nothing more than a targeted MMS message. The hole exists in the part of the Android operating system called Stagefright, which handles the processing of certain types of multimedia.

How it works

If targeted, the hypothetical hacker needs only to send an MMS message, which in many cases doesn't even need to be read before the attacker gains access to the victim's microphone and camera.

Read More