While all evidence that the 4th iteration of the original Droid pointed at a December release it was pushed back to February of 2012 and a lot of folks became a bit grumpy. Well it’s finally February, the Droid 4 has been officially announced and is upon us. Released yesterday it didn’t take long for the development community to root the device. Security Researcher Dan Rosenberg was able to get root only hours after the device went on sale. However, before he released the exploit he decided to try an experiment.
He would only release the exploit if a $500 bounty was met. This bounty though, wasn’t an attempt at holding a file hostage to make a quick buck but rather, for a good cause. He wanted the first $200 so that he could continue modding and developing support of the device. The other $300 would be donated to the American Red Cross.
Personally I feel that this is a noble idea. Seriously, everyone paying a few bucks to get this man a phone to continue custom development on a new device while also giving money to a charity in the process; it’s an honorable concept. Well apparently I am in the minority in this thinking as Mr. Rosenberg received a number of complaints in how this idea was unfair. Worry not, rather than abandon his work and not release the exploit Rosenberg took the high road. He has decided to release the exploit free of charge and any money donated for his hard work will be donated straight to the American Red Cross. Read more
Back and forth we go with the precarious Google Wallet situation. First we saw the original security flaw, which immediately prompted Google to respond to users and highlight there are no known vulnerabilities while also encouraging users to install Google Wallet on non-rooted devices. In a mere few hours, a second method to hack Google Wallet was revealed, this time on non-rooted devices.
Naturally, the consecutive security breaches of Google Wallet has everyone on edge. That’s why many users have reached out to Google and question whether its Google Wallet service is safe enough for the masses to use in order to make mobile payments. Google offered its formal response and simply put it that yes, it is safe to make mobile payments using Google Wallet. Here’s Google Wallet VP Osama Bedier offering a formal statement: Read more
Google Wallet is in the news again and not for the right reasons. We just saw earlier how a hack was revealed for rooted phones using Google Wallet. While Google issued an immediate response on the initial findings, mobile blog TheSmartphoneChamp discovered and posted a second way of hacking into Google Wallet— this time highlighting the newfound hack will work on non-rooted phones and doesn’t even need special hacking skills. Basically all individuals have to do to access a user’s funds is clear the data in the app settings— which forces Google Wallet to prompt them to enter a new PIN. After the new PIN is entered, it’s as simple as adding a Google Prepaid Card tied to the device and then there the ability to access any available funds. It has been tested by several sources and it is indeed true. Google has confirmed the findings and even issued the following statement:
”We strongly encourage anyone who loses or wants to sell their phone to call Google Wallet support toll-free at 855-492-5538 to disable the prepaid card. We are currently working on an automated fix as well that will be available soon. We also advise all Wallet users to set up a screen lock as an additional layer of protection for their phone.”
As always everyone— take immediate precautions to ensure the safety of your device which includes having a lock screen or even installing some tracking software for your device. You can check out the video below which highlights the vulnerability.
Google’s NFC chip that can turn your phone into a wallet has a major security issue. The security firm Zvelo has found that Google Wallet can be hacked by an app that can be easily found online. Our own Ed Caggiani gave you a detailed outline of the security flaw earlier today. Keep in mind, though, that this security breach can only affect rooted phones. Also, the rooted phone can only be hacked in person (for example, if you lost your phone), and using a PIN lock screen will keep criminals from accessing your phone.
The Next Web contacted Google for a statement on the issue, and received the following response:
The zvelo study was conducted on their own phone on which they disabled the security mechanisms that protect Google Wallet by rooting the device. To date, there is no known vulnerability that enables someone to take a consumer phone and gain root access while preserving any Wallet information such as the PIN.
We strongly encourage people to not install Google Wallet on rooted devices and to always set up a screen lock as an additional layer of security for their phone.
Google is simply encouraging people who have rooted phones to not use Google Wallet. If they are working on a fix to this issue, they are not mentioning it. While it’s true that rooting a phone will disable the security features that Google has in place, Google also openly encourages people to root their phones and make it their own. The easiest fix may be to have the PIN number stored by your bank, and not Google, but that would open a whole new can of worms, including changing Google’s terms of service. We hope that Google will tackle this issue and come out with a security fix in the near future.
source: The Next Web
First, the sky is not falling and chances are you are safe, but if you use Google Wallet, you should know that the PIN security has been cracked. Who is affected? You are vulnerable if:
- You have a phone with Google Wallet set up
- Your phone is rooted
- You don’t use lock screen security (PIN, pattern, face unlock, etc)
- You lose your phone
Basically, you need either a Nexus S or Galaxy Nexus that has been rooted. Everyone else can stop reading now.
Dan Rosenberg, the same tech genius that brought us root for our Lenovo ThinkPad Tablets, has struck gold again, rooting the Sony Tablet S. Unfortunately for him, it wasn’t nearly as easy as it was for the Lenovo ThinkPad Tablet. He’s posted the whole process in detail on his blog, so check out the source. It’s a really interesting read, and can provide insight into what happens when you choose to root your device. Keep in mind that rooting your device and the subsequent activities that are made possible by doing so can possibly brick your device. Do so at your own risk!
Source: Dan Rosenberg
The HP TouchPad continues to get a new lease on life– this time receiving a test version of the Android kernel. HP (which has long been a supporter of the Android development community) released information and other components to the CM developers working on the CM9 port for the TouchPad. Here is some insight HP’s support and a possible backstory of the TouchPad’s development from Rootz Wiki user Green:
“HP supports the community and was kind enough to provide us with the Android kernel source and some other GPL components that they modified for the few Touchpads that were accidentally released running Android… What’s interesting about this kernel is it seems to be a totally separate development from the webOS kernel (this was suspected from the very beginning), but now the comments in the code seem to imply that HP had another team working on Android port to Touchpad and that team appears to be totally separate from the webOS team. I wonder if that means there was a plan to ship the Touchpad with Android that were then preempted by webOS plans after Palm purchase.”
While there’s no WiFi support for the HP TouchPad as of yet, the developers hope it will be on the horizon. The CM9 port for the TouchPad certainly is shaping up to be one of the more anticpated ports around.
Google’s new bouncer-service that was announced last week is supposed to have dropped the number of malware apps in the Android Market by about 40% already. While that is a great number the Bouncer service isn’t perfect and it probably is the beginning to one of many back and forth battles between the Search Giant and malicious hackers in the making.
However, it appears that hackers may have already found a work around to this service. According to North Carolina State University professor Xuxian Jiang, he and his team have discovered a new malware variant that pulls off a pretty sneaky maneuver. The malware contains no malicious code when it’s first installed on a device. By doing this it evades scans or permission requests that could pick up on its intentions in the first place. Here’s the trick. After it’s downloaded the app is then able to download new code from a remote server and it can hide this in the data transfer from the phone’s communications. Read more
It seems that HTC is always in the news for one security scare or another. Well you can add this to the pile as HTC has acknowledged that a bug/exploit can expose security credentials on wifi networks when their devices handle specific Android requests.
It was found that applications on affected HTC devices with the android.permission.ACCESS_WIFI_STATE permission would be able to exploit the .toString() command via the WifiConfiguration class to view all of a wifi network’s credentials. Combine this with the android.permission.INTERNET permission and hackers could have a field day in harvesting these details and sending them off to a remote server. These exploits happened to be found by researchers Chris Hessing and Bret Jordan. Read more
I bet you didn’t know Stanford had some cool nerds on their roster did you? Yep, some of the folks over there decided to tinker around using an NFC enabled Android device along with a remote control also housing an NFC chip. Check out what these guys have managed to come up with:
- Display photos in a slide show
- Collaborative Whiteboard
- Slide Show Presentation
- Play Online Poker
- Stream Netlix Videos
Check out the quick demo below where you can see all of these in action and don’t forget to let us know what you think in the comments below. I don’t know about you, but I love when nerds get bored. They always wind up producing something useful for the rest of us :) For more information hit up the source link to check out their blog at Stanford.edu
via: Stanford MobiSocial News