Some bad news is surfacing this weekend for owners of several popular Samsung devices. Members of XDA Developers identified a kernel exploit for devices with certain Exynos processors that could provide root access without flashing the device. According to XDA member alephzain, the vulnerability was discovered on his Samsung Galaxy S III in /dev/exynos-mem. The weakness provides full read/write rights to all physical memory. » Read the rest
We reported yesterday that there has been a major security hole discovered in Skype for Android. The vulnerabilities make it possible for third-party malicious apps to easily access your Skype files, including your profile info.
As of late yesterday, Skype officially responded on their blog with the following:
It has been brought to our attention that, were you to install a malicious third-party application onto your Android device, then it could access the locally stored Skype for Android files.
These files include cached profile information and instant messages. We take your privacy very seriously and are working quickly to protect you from this vulnerability, including securing the file permissions on the Skype for Android application.
To protect your personal information, we advise users to take care in selecting which applications to download and install onto their device.
In other words: Yes, Skype is aware of the issue. Yes, they’re working on it. No, they don’t have a fix yet. However, with as relentless as the Android community is about their privacy (and rightfully so), you can bet that we’ll see an update with fixes soon. Be sure to keep it locked here for all the latest on this issue, and let us know what you think about it in the comments.
[via skype]
It looks like a bugs life can be pretty busy now a days, especially when they continue to infestate the Android OS. In addition to still bearing some SMS issues, it looks like 2.3 Gingerbread has found a new gaping whole in the software. According to Xuxian Jiang, a security researcher at North Carolina State University, the Android 2.3 firmware has revealed a new bug, one that could possibly allow malicious sites and attackers alike to gain access to the content of your microSD card. Jiang is also an assistant professor with the school and has stated in an advisory that pertinent and vital content like banking info, photos and voicemails could be extracted and routed to a remote server of choice. In an email sent to eWeek, Jiange also adds that his findings were not particularly difficult to implement and only requires basic knowledge of JavaScript and Android. » Read the rest
Well we kind of already knew this, with the recent wallpaper fiasco, but here is a video interview with Anthony Leinberg (sorry if last name is misspelled!) who is a security researcher with Lookout Mobile Security. Anthony and his associates at Lookout have developed an exploit that can give them root access to a variety of Android phones, including some higher-end devices like the HTC EVO, Droid X and Droid Incredible. Just check out the video and watch for yourself: