Google Responds to Google Wallet Security Flaw

 

Google’s NFC chip that can turn your phone into a wallet has a major security issue.  The security firm Zvelo has found that Google Wallet can be hacked by an app that can be easily found online.  Our own Ed Caggiani gave you a detailed outline of the security flaw earlier today.  Keep in mind, though, that this security breach can only affect rooted phones.  Also, the rooted phone can only be hacked in person (for example, if you lost your phone), and using a PIN lock screen will keep criminals from accessing your phone.

The Next Web contacted Google for a statement on the issue, and received the following response:

The zvelo study was conducted on their own phone on which they disabled the security mechanisms that protect Google Wallet by rooting the device. To date, there is no known vulnerability that enables someone to take a consumer phone and gain root access while preserving any Wallet information such as the PIN.

We strongly encourage people to not install Google Wallet on rooted devices and to always set up a screen lock as an additional layer of security for their phone.

Google is simply encouraging people who have rooted phones to not use Google Wallet.  If they are working on a fix to this issue, they are not mentioning it. While it’s true that rooting a phone will disable the security features that Google has in place, Google also openly encourages people to root their phones and make it their own.  The easiest fix may be to have the PIN number stored by your bank, and not Google, but that would open a whole new can of worms, including changing Google’s terms of service.  We hope that Google will tackle this issue and come out with a security fix in the near future.

source: The Next Web

Google Wallet PIN Cracked by Brute Force Attack

First, the sky is not falling and chances are you are safe, but if you use Google Wallet, you should know that the PIN security has been cracked. Who is affected? You are vulnerable if:

  1. You have a phone with Google Wallet set up
  2. Your phone is rooted
  3. You don’t use lock screen security (PIN, pattern, face unlock, etc)
  4. You lose your phone

Basically, you need either a Nexus S or Galaxy Nexus that has been rooted. Everyone else can stop reading now.

Read more

Dan Rosenberg Roots The Sony Tablet S

Dan Rosenberg, the same tech genius that brought us root for our Lenovo ThinkPad Tablets, has struck gold again, rooting the Sony Tablet S. Unfortunately for him, it wasn’t nearly as easy as it was for the Lenovo ThinkPad Tablet. He’s posted the whole process in detail on his blog, so check out the source. It’s a really interesting read, and can provide insight into what happens when you choose to root your device. Keep in mind that rooting your device and the subsequent activities that are made possible by doing so can possibly brick your device. Do so at your own risk!

Source: Dan Rosenberg

Android Kernel Source Released For HP TouchPad Tablet, Hackers & Developers Now Licking Their Chops

The HP TouchPad continues to get a new lease on life– this time receiving a test version of the Android kernel. HP (which has long been a supporter of the Android development community) released information and other components to the CM developers working on the CM9 port for the TouchPad. Here is some insight HP’s support and a possible backstory of the TouchPad’s development from Rootz Wiki user Green:

“HP supports the community and was kind enough to provide us with the Android kernel source and some other GPL components that they modified for the few Touchpads that were accidentally released running Android… What’s interesting about this kernel is it seems to be a totally separate development from the webOS kernel (this was suspected from the very beginning), but now the comments in the code seem to imply that HP had another team working on Android port to Touchpad and that team appears to be totally separate from the webOS team. I wonder if that means there was a plan to ship the Touchpad with Android that were then preempted by webOS plans after Palm purchase.”

While there’s no WiFi support for the HP TouchPad as of yet, the developers hope it will be on the horizon. The CM9 port for the TouchPad certainly is shaping up to be one of the more anticpated ports around.

source: RootzWiki

New, Evolved Android Malware Shows That Google’s Bouncer Service Can Possibly Be Sidestepped

Google’s new bouncer-service that was announced last week is supposed to have dropped the number of malware apps in the Android Market by about 40% already. While that is a great number the Bouncer service isn’t perfect and it probably is the beginning to one of many back and forth battles between the Search Giant and malicious hackers in the making.

However, it appears that hackers may have already found a work around to this service. According to North Carolina State University professor Xuxian Jiang, he and his team have discovered a new malware variant that pulls off a pretty sneaky maneuver. The malware contains no malicious code when it’s first installed on a device. By doing this it evades scans or permission requests that could pick up on its intentions in the first place. Here’s the trick. After it’s downloaded the app is then able to download new code from a remote server and it can hide this in the data transfer from the phone’s communications.   Read more

HTC Admits Security Exploit Affects Specific Handsets, Says Fix is Already Out for Most Affected Devices

It seems that HTC is always in the news for one security scare or another. Well you can add this to the pile as HTC has acknowledged that a bug/exploit can expose security credentials on wifi networks when their devices handle specific Android requests.

It was found that applications on affected HTC devices with the android.permission.ACCESS_WIFI_STATE permission would be able to exploit the .toString() command via the WifiConfiguration class to view all of a wifi network’s credentials. Combine this with the android.permission.INTERNET permission and hackers could have a field day in harvesting these details and sending them off to a remote server. These exploits happened to be found by researchers Chris Hessing and Bret Jordan.  Read more

Stanford Students Demo 5 Cool Tricks Using Your NFC Capable Phone &Television (Video)

I bet you didn’t know Stanford had some cool nerds on their roster did you?  Yep, some of the folks over there decided to tinker around using an NFC enabled Android device along with a remote control also housing an NFC chip.  Check out what these guys have managed to come up with:

  • Display photos in a slide show
  • Collaborative Whiteboard
  • Slide Show Presentation
  • Play Online Poker
  • Stream Netlix Videos

Check out the quick demo below where you can see all of these in action and don’t forget to let us know what you think in the comments below.   I don’t know about you, but I love when nerds get bored.  They always wind up producing something useful for the rest of us :)  For more information hit up the source link to check out their blog at Stanford.edu

Video Demo

YouTube Preview Image

via: Stanford MobiSocial News

BlackBerry Playbook OS 2.0 Update Arriving Next Month, Get Your Android Apps Ready?

Like someone eating McDonald’s while sitting at a Burger King, the BlackBerry PlayBook is all set to receive its highly anticipated 2.0 OS update which will allow the use of Android applications.  And by highly anticipated I mean highly anticipated by BlackBerry users not Android fan-boys.  The update is supposed to drop next month and the company has officially put the call out for anyone wanting to run Android applications on the Kindle Fire wannabe via its BlackBerry Runtime for Android functionality.  If you’re a developer and you’d like to see your application running on the device, you have until February 6th to submit your app.  In order to get your application approved and on the BlackBerry App World Store, you’ll need to abide by a few rules.  First, you’ll need to omit the word “Android” for starters, as well as any signs or traces of the Android logo.  Yep, say goodbye to the little green guy.  And secondly, you’ll need to remove any links that would take one back to the Android Market.  According to RIM, it’s not difficult at all to port your application over to their device using their Runtime feature.  So, we’ll have to sit back and see what developers cook up for the masses.  What application would you like to see ported over to the PlayBook?  Oh, I know!  How about an email application?!

via: BlackBerry Dev’s Blog

 

 

ClockworkMod Now Easier To Obtain On 2011 Sony Ericsson Xperia Devices Thanks To Auto Installer

 

Installing a recovery on your device is among the most popular projects for Android users. Of course achieving a recovery such as ClockworkMod involves the “simple” process of installing it on your phone, flashing a kernel or pushing the recovery to the right partition using the ADB in the Android terminal. Whichever method you choose, it can possibly be a difficult one– and that’s why we have the fine team at XDA helping to make our lives’ just a smidge easier. Senior member pvyParts and his associates recently posted an application that will install a recovery straight from the app itself. That means there’s no need for computers, a debug mode or any of the other potential problems. In other words, this is as straightforward as it gets. Here’s pvyParts himself as he shares his thoughts of the landmark app:

“This App will work with the 2011 Xperia porfolio. it will install CWM into the system partition so you can use recovery even with a locked bootloader!
The Recovery has been ported by nobodyAtall @xda for the Xperia phones!
All Credits to him!

all i did was bundle it into a nice easy installer. ( i also made some changes to the chargemon file to turn the LED on to signal when to pres your keys )”

This app is currently available for the 2011 Sony Ericsson Xperia Line of devices at this time. You can find more details for the app including additional details, change logs, a full compatibility list, screen shots and discussion in the original thread found at the link below. If you are bold enough to install the auto installer— do make sure you back everything… in case you commit an oopsie.

source: XDA
via: XDA Forums