Exynos kernel exploit patch starting to roll out for some devices

by Jeff Causey on Jan 16th 2013, 3:57pm
tagged exploit, exynos, Galaxy Note II, Galaxy S II Epic 4G Touch, Samsung, Sprint, T-Mobile

In December we reported on an exploit that had been discovered in Samsung’s Exynos chips. We have not heard of any malicious activity related to the security hole, though it became a popular vector for rooting devices. After looking into the issue, Samsung has started the process of issue a fix for the vulnerability. The devices and networks include:

Sprint Galaxy S II Epic 4G Touch: Sprint’s update FL24 will push out to customers over the course of the next month and will receive Sprint’s Connections Optimizer as part of the update.
T-Mobile Galaxy Note II: The T-Mobile version of the Samsung Galaxy Note II is getting an update dubbed T889UVALL4. T-Mobile is pushing this out over-the-air or users can manually update via Kies.

There are other devices on several carriers that have the same chipset and are vulnerable to the exploit. We anticipate seeing patches and updates rolling out for these devices over the next several days as well now that the ball has started rolling.

source: Android Central

Exynos kernel exploit could open several Samsung devices to malware or worse

by Jeff Causey on Dec 16th 2012, 7:53pm
tagged exploit, Exynos 4210, Exynos 4412, Galaxy Note II, Galaxy S II, galaxy s iii, Meizu MX, Samsung, vulnerability

Some bad news is surfacing this weekend for owners of several popular Samsung devices. Members of XDA Developers identified a kernel exploit for devices with certain Exynos processors that could provide root access without flashing the device. According to XDA member alephzain, the vulnerability was discovered on his Samsung Galaxy S III in /dev/exynos-mem. The weakness provides full read/write rights to all physical memory. » Read the rest

Attention Motorola Users: You Now Have Root!

by Ed Caggiani on Feb 18th 2012, 9:54pm
tagged DROID XYBOARD, exploit, motorola, Root, Xyboard

A couple of days ago, our own Stacy Bruce reported that the DROID XYBOARD had been rooted. Now, apparently, the developer of this root method, which he calls “Motofail”, is stating that this same exploit works on all current Motorola devices running Gingerbread or Honeycomb.

The Droid 4 root (“Motofail”) should work on all Gingerbread Motorola devices that I know of. The just-released XYBoard root (“XYZ”) should root all Gingerbread and Honeycomb Motorola devices. Both Motofail and XYZ rely on the same vulnerability, but the XYBoard had an additional hurdle in place that required me to exploit a second bug in order to trigger the first one.

-Dan Rosenberg

This is great news for the modding community. With this root method, dozens of devices can now be rooted, including the Droid 4, Droid RAZR, Droid Maxx, Droid Bionic, Atrix, Atrix 2, Xoom, and many more. Interestingly, reports are coming in that the this exploit is NOT working on the Xoom Family Edition.

This comes on the heels of Motorola’s Ice Cream Sandwich upgrade schedule for many of their devices. Some updates are coming in Q2 or Q3, and some are not coming at all. Perfect timing for those on the “not coming at all” list.

source: androidcommunity

Root the Droid 4 Thanks to This Exploit by Dan Rosenberg

by Jack Holt on Feb 11th 2012, 1:04pm
tagged charity, droid 4, exploit, Root

While all evidence that the 4th iteration of the original Droid pointed at a December release it was pushed back to February of 2012 and a lot of folks became a bit grumpy. Well it’s finally February, the Droid 4 has been officially announced and is upon us. Released yesterday it didn’t take long for the development community to root the device. Security Researcher Dan Rosenberg was able to get root only hours after the device went on sale. However, before he released the exploit he decided to try an experiment.

He would only release the exploit if a $500 bounty was met. This bounty though, wasn’t an attempt at holding a file hostage to make a quick buck but rather, for a good cause. He wanted the first $200 so that he could continue modding and developing support of the device. The other $300 would be donated to the American Red Cross.

Personally I feel that this is a noble idea. Seriously, everyone paying a few bucks to get this man a phone to continue custom development on a new device while also giving money to a charity in the process; it’s an honorable concept. Well apparently I am in the minority in this thinking as Mr. Rosenberg received a number of complaints in how this idea was unfair. Worry not, rather than abandon his work and not release the exploit Rosenberg took the high road. He has decided to release the exploit free of charge and any money donated for his hard work will be donated straight to the American Red Cross. » Read the rest

“Unhackable” Android phones can indeed be hacked

by Chris Moor on Jul 30th 2010, 11:52am
tagged Android, droid x, EVO, exploit, hack, HTC, incredible, motorola, Sprint, Verizon, vulerable, vulnerability

Well we kind of already knew this, with the recent wallpaper fiasco, but here is a video interview with Anthony Leinberg (sorry if last name is misspelled!) who is a security researcher with Lookout Mobile Security. Anthony and his associates at Lookout have developed an exploit that can give them root access to a variety of Android phones, including some higher-end devices like the HTC EVO, Droid X and Droid Incredible. Just check out the video and watch for yourself:

» Read the rest

Chances for rooting and customizing the Droid X looking gloomy

by Chris Moor on Jul 10th 2010, 10:15am
tagged Android, custom, droid, droidx, exploit, motorola, roms, Root, themes

As expected when the Droid X hit the hands of end users the attempt to root it began. The bad news is that from what community developers are saying is that Motorola really locked down this phone using the same locked and signed bootloader as the Milestone. Even more bad news we have yet to see an exploit for the Milestone which leaves a grim outlook on having custom ROM’s and recovery images on this new gem.

Sure with every new phone eventually an exploit may be found but if you are into moding your phones like I am you might want to hold off on the Droid X or patiently wait to see if an exploit can be found. I for one am keeping my original Droid until something is found because I change ROM’s and themes daily. What about you? Anyone here have a rooted Droid or other device that they will stick with until confirmation a Droid X exploit?

[via android police]

Like Everything Else, Android Could Be Used Against You…

by Chris Moor on Jun 3rd 2010, 2:01pm
tagged Android, exploit, rootkit

At least that’s what two security researchers from Trustwave say. Of course this is theoretical, but they have “Developed a kernel-level Android rootkit in the form of a loadable kernel module” Once the rootkit was running on the actual phone, the attacker could call using a “trigger number” which would allow them “full root access on the Android device” via TCP.

Naturally, this is only a proof of concept and hasn’t actually been seen “in the wild”. However, the researchers are planning to do a live demo of this exploit at next month’s Def Con conference.