Having already spent some time with the early build of CM9 on the Galaxy Tab 10.1, I am getting really excited to see what the final product is going to be like. It already seems like it’s a pretty finished product as is, but I imagine there will be a few tweaks added that will set this ROM above and beyond the rest.
To tease us even more, the CyanogenMod team released a video of the CM9‘s boot animation today and once it’s released I am sure I will probably reboot unnecessarily just to see it over and over. The animation is far from basic and it has a cool Dr. Who Tardis time tunnel feel to it. Excuse me if you don’t know what I am talking about here, but if you check out the video below you will see what I mean (awesome soundtrack included). Now don’t go searching the web for the zip file just yet, this is one I imagine the CM team will keep close to their chests until the ROM is officially released. Hopefully this video will tied you over until then… we’ve got to be close!
A couple of days ago, our own Stacy Bruce reported that the DROID XYBOARD had been rooted. Now, apparently, the developer of this root method, which he calls “Motofail”, is stating that this same exploit works on all current Motorola devices running Gingerbread or Honeycomb.
The Droid 4root (“Motofail”) should work on all Gingerbread Motorola devices that I know of. The just-released XYBoard root (“XYZ”) should root all Gingerbread and Honeycomb Motorola devices. Both Motofail and XYZ rely on the same vulnerability, but the XYBoard had an additional hurdle in place that required me to exploit a second bug in order to trigger the first one.
For those of you who picked up a new DROID XYBOARD with the hopes of doing some MODing or ROMing in the near future, boy do I have some good news for you! No its not an unlocked bootloader, but it’s the next best thing – root access.
According to a post over at MyDroidWorld, Dan Rosenberg has a root method ready and MDW user bignadad plans on releasing a 1-click method for rooting the XYBOARD tomorrow on his forum thread. He has been able to confirm the method works on the 10-inch with and without the recent OTA update, and should work with the 8-inch. He even plans on releasing a theme for the tablet by this weekend. Sounds exciting. Hit up the source link for more info.
If you’re of the Rootin’, ROM’in and hackin’ community we’ve got some good news for you. Check out the Auraslate by Aura Design, an extremely affordable tablet for the dev who wants to launch that next big idea but still remain within his/her budget.
Aura Design is an Android Tablet Design Start-Up assist other companies or start-ups develop their own unique tablet for consumer , commercial, or industrial uses.
We encourage mischievous and curious individuals to see what comes naturally for them to dig in and see what possibilities this tablet may become.
The device is an Ice Cream Sandwich compatible 10.4-inch tab built from scratch with dev’s and hackers in mind. The company is offering the device in two flavors. They’ll make a 7-inch and 10.4-inch available for you and will also toss in a hardware source disk because the hardware itself is open source as well ($20 extra). Keep in mind that the device is not meant for high-end performance with said specs, but rather you’ll get just what you need with a doable Android Cortex A9 under the hood. Auraslate is offering a ton of support for the device with a promise to keep the updates coming as well as making a support community available. This should be of great value to someone working on a project as he/she will able to communicate with others using the same hardware that they are. If this sounds like something you’d like to hop on, check out the source link for more information. I’m certainly looking forward to seeing how and if this takes off with devs and hackers, so stay tuned to TA.
Good news for owners of the T-Mobile G2X and its international brother the LG Optimus 2X, Ricardo Cerquiera has released a functional (albeit finicky) build of CyanogenMod 9. He mentions, of course, that these builds are not supported and do not guarantee any further updates. It seems that these builds are primarily good for testing out the look and feel of CM9 before the official release as there is no media acceleration for either encoding or decoding, and some Android 4.0 ICS graphics implementations will be glitchy. Hit up the source if you’re interested in giving CM9 a test run!
There are many hooks that draw us into the Android Ecosystem for the first time but it surely must be the tireless support from the developers that keep us coming back for more. The latest example of the awesome work going on has seen Androidcentral forum mainstay, Jerry Hildenbrand working hard dissecting a Droid 4 to bring us it’s hidden bounty. Jerry has selflessly packaged together the wallpapers and ringtones for your immediate perusal.
The Droid 4 is available to order right now but if you’d prefer to get a little taste sooner rather than later, hit the links after the break.
While all evidence that the 4th iteration of the original Droid pointed at a December release it was pushed back to February of 2012 and a lot of folks became a bit grumpy. Well it’s finally February, the Droid 4 has been officially announced and is upon us. Released yesterday it didn’t take long for the development community to root the device. Security Researcher Dan Rosenberg was able to get root only hours after the device went on sale. However, before he released the exploit he decided to try an experiment.
He would only release the exploit if a $500 bounty was met. This bounty though, wasn’t an attempt at holding a file hostage to make a quick buck but rather, for a good cause. He wanted the first $200 so that he could continue modding and developing support of the device. The other $300 would be donated to the American Red Cross.
Personally I feel that this is a noble idea. Seriously, everyone paying a few bucks to get this man a phone to continue custom development on a new device while also giving money to a charity in the process; it’s an honorable concept. Well apparently I am in the minority in this thinking as Mr. Rosenberg received a number of complaints in how this idea was unfair. Worry not, rather than abandon his work and not release the exploit Rosenberg took the high road. He has decided to release the exploit free of charge and any money donated for his hard work will be donated straight to the American Red Cross.
Naturally, the consecutive security breaches of Google Wallet has everyone on edge. That’s why many users have reached out to Google and question whether its Google Wallet service is safe enough for the masses to use in order to make mobile payments. Google offered its formal response and simply put it that yes, it is safe to make mobile payments using Google Wallet. Here’s Google Wallet VP Osama Bedier offering a formal statement:
Google Wallet is in the news again and not for the right reasons. We just saw earlier how a hack was revealed for rooted phones using Google Wallet. While Google issued an immediate response on the initial findings, mobile blog TheSmartphoneChamp discovered and posted a second way of hacking into Google Wallet— this time highlighting the newfound hack will work on non-rooted phones and doesn’t even need special hacking skills. Basically all individuals have to do to access a user’s funds is clear the data in the app settings— which forces Google Wallet to prompt them to enter a new PIN. After the new PIN is entered, it’s as simple as adding a Google Prepaid Card tied to the device and then there the ability to access any available funds. It has been tested by several sources and it is indeed true. Google has confirmed the findings and even issued the following statement:
”We strongly encourage anyone who loses or wants to sell their phone to call Google Wallet support toll-free at 855-492-5538 to disable the prepaid card. We are currently working on an automated fix as well that will be available soon. We also advise all Wallet users to set up a screen lock as an additional layer of protection for their phone.”
As always everyone— take immediate precautions to ensure the safety of your device which includes having a lock screen or even installing some tracking software for your device. You can check out the video below which highlights the vulnerability.
Google’s NFC chip that can turn your phone into a wallet has a major security issue. The security firm Zvelo has found that Google Wallet can be hacked by an app that can be easily found online. Our own Ed Caggiani gave you a detailed outline of the security flaw earlier today. Keep in mind, though, that this security breach can only affect rooted phones. Also, the rooted phone can only be hacked in person (for example, if you lost your phone), and using a PIN lock screen will keep criminals from accessing your phone.
The Next Web contacted Google for a statement on the issue, and received the following response:
The zvelo study was conducted on their own phone on which they disabled the security mechanisms that protect Google Wallet by rooting the device. To date, there is no known vulnerability that enables someone to take a consumer phone and gain root access while preserving any Wallet information such as the PIN.
We strongly encourage people to not install Google Wallet on rooted devices and to always set up a screen lock as an additional layer of security for their phone.
Google is simply encouraging people who have rooted phones to not use Google Wallet. If they are working on a fix to this issue, they are not mentioning it. While it’s true that rooting a phone will disable the security features that Google has in place, Google also openly encourages people to root their phones and make it their own. The easiest fix may be to have the PIN number stored by your bank, and not Google, but that would open a whole new can of worms, including changing Google’s terms of service. We hope that Google will tackle this issue and come out with a security fix in the near future.
Dan Rosenberg, the same tech genius that brought us root for our Lenovo ThinkPad Tablets, has struck gold again, rooting the Sony Tablet S. Unfortunately for him, it wasn’t nearly as easy as it was for the Lenovo ThinkPad Tablet. He’s posted the whole process in detail on his blog, so check out the source. It’s a really interesting read, and can provide insight into what happens when you choose to root your device. Keep in mind that rooting your device and the subsequent activities that are made possible by doing so can possibly brick your device. Do so at your own risk!
The HP TouchPad continues to get a new lease on life– this time receiving a test version of the Android kernel. HP (which has long been a supporter of the Android development community) released information and other components to the CM developers working on the CM9 port for the TouchPad. Here is some insight HP’s support and a possible backstory of the TouchPad’s development from Rootz Wiki user Green:
“HP supports the community and was kind enough to provide us with the Android kernel source and some other GPL components that they modified for the few Touchpads that were accidentally released running Android… What’s interesting about this kernel is it seems to be a totally separate development from the webOS kernel (this was suspected from the very beginning), but now the comments in the code seem to imply that HP had another team working on Android port to Touchpad and that team appears to be totally separate from the webOS team. I wonder if that means there was a plan to ship the Touchpad with Android that were then preempted by webOS plans after Palm purchase.”
While there’s no WiFi support for the HP TouchPad as of yet, the developers hope it will be on the horizon. The CM9 port for the TouchPad certainly is shaping up to be one of the more anticpated ports around.
Google’s new bouncer-service that was announced last week is supposed to have dropped the number of malware apps in the Android Market by about 40% already. While that is a great number the Bouncer service isn’t perfect and it probably is the beginning to one of many back and forth battles between the Search Giant and malicious hackers in the making.
However, it appears that hackers may have already found a work around to this service. According to North Carolina State University professor Xuxian Jiang, he and his team have discovered a new malware variant that pulls off a pretty sneaky maneuver. The malware contains no malicious code when it’s first installed on a device. By doing this it evades scans or permission requests that could pick up on its intentions in the first place. Here’s the trick. After it’s downloaded the app is then able to download new code from a remote server and it can hide this in the data transfer from the phone’s communications.
It seems that HTC is always in the news for one security scare or another. Well you can add this to the pile as HTC has acknowledged that a bug/exploit can expose security credentials on wifi networks when their devices handle specific Android requests.
It was found that applications on affected HTC devices with the android.permission.ACCESS_WIFI_STATE permission would be able to exploit the .toString() command via the WifiConfiguration class to view all of a wifi network’s credentials. Combine this with the android.permission.INTERNET permission and hackers could have a field day in harvesting these details and sending them off to a remote server. These exploits happened to be found by researchers Chris Hessing and Bret Jordan.