VideoHelp Forum
+ Reply to Thread
Results 1 to 15 of 15
Thread
  1. Android Root Access Vulnerability Affecting Most Devices

    A recently disclosed vulnerability in version 3.14.5 of the Linux kernel is also present in most versions of Android and could give attackers the ability to acquire root access on affected devices.

    Researchers at Lacoon Mobile Security are calling the bug “TowelRoot,” because it is the very same vulnerability (CVE-2014-3153) exploited in the latest Android rooting tool developed by George Hotz (Geohot). Successful exploitation of the Linux bug within the Android operating system would give the attacker administrative access to a victim’s phone. Specifically, such access could potentially allow that same attacker to run further malicious code, retrieve files and device data, bypass third-party or enterprise security applications including containers like Samsung’s secure Knox sub-operating system, and establish backdoors for future access on victim devices.

    ... ... ...
    ... ... ...
    Root Access grants any hacker a full control of one's Android Device(s) including all personal & private data.

    Some where down the road I already stated some where that Do any of android devices pass any security or penetration test? That's the BiGGeST issue.

    The software used in communication devices has to be most secured and closed source like BalckBerry, iOS or Win8. It is hard to imagine Why company like Google kept it Open Source?
    And, of cource iOS and Win8 definitely offers more features in terms of security.
    Quote Quote  
  2. Member
    Join Date: Oct 2004
    Location: Freedonia
    Search Comp PM
    It's well known in the IT world that closed source is not more secure than open source. Apple and Microsoft have plenty of security problems they have to fix all the time with Microsoft probably being the "winner" in that they always have more problems to fix than anybody.

    Having said that, Android has all kinds of security problems that have nothing really to do with it being open source and everything to do with the way that Google decentralized everything relating to Android, leaving it up to 3rd parties to decide when, if ever, to apply patches and send out updates.
    Quote Quote  
  3. Google decentralized everything relating to Android, leaving it up to 3rd parties to decide when, if ever, to apply patches and send out updates.
    Legal Escape Route To Hacker's Paradise.

    According to Mobile OS Market Share... (Scale 0-50%)

    There are at-least 45% Tech Dumb Stupid Mobile Device Users around the world are offering Root Access to Hackers. Disclosing their personal & private data files including pin-point geo location, and tapped (eavesdropped) mobile conversation with all credential details.

    This I wud call,
    Smile on face with bleeding SSA.
    Quote Quote  
  4. Member
    Join Date: Oct 2004
    Location: Freedonia
    Search Comp PM
    Originally Posted by enim View Post
    Legal Escape Route To Hacker's Paradise.
    I disagree. When has Microsoft ever had a successful suit against them over a security problem? It was basically to get companies like Samsung and others to adopt Android by Google not being too involved beyond just providing the OS and patches for it and staying out of the manufacturing part of it. Google probably used some of what they learned from Android in their line of Chrome OS Chromebooks.
    Quote Quote  
  5. I appreciate your your inputs and concern.
    I have still more to share.
    Quote Quote  
  6. This is fantastic news for the dev community. It should allow those hard-to-root devices to have root now. Thanks for the share.
    Quote Quote  
  7. Originally posted by MindController

    This is fantastic news for the dev community. It should allow those hard-to-root devices to have root now. Thanks for the share.
    Of course, but I would not say fantastic, I would say shocking news rather.

    I just had a couples of beers with Customer Support Rep of a one of the major retailer's outlet store. According to him today maximum number of items returned for full refund is mostly Android Devices, which gonna cause lots of Hardware Manufacturing Vendors to trash devices in bulk.

    It is really a shocking news for both - Millions of Innocent Android Device Users and Fooled Hardware Manufacturing Vendors - both are innocent victims of Google Purposeful Negligence unnecessary.
    Quote Quote  
  8. Here is another once Android Hacking News...

    Researchers warn of preloaded spyware in Android handsets

    Security firm G-Data is warning users about their discovery of malware shipping preinstalled on some Chinese mobile phones.

    The German researchers said that they followed up on customer tips to study the Star N9500 mobile phone. The handsets, sold on eBay and many other online retail sites, are said to primarily be shipped out of China, and can be loosely described as a clone of the Samsung Galaxy S4.


    While G-Data said that it has been unable to track down the company behind the N9500, the security firm believes that one or more organizations are selling the handsets new with malware bundled in.

    The company said in its report that researchers have spotted a spyware bundle on handsets being offered for sale in Europe at costs ranging from €130 to €165. The Android handsets were found to contain a fake copy of the Google Play app and the Uupay.D Android trojan installed directly in the handset's firmware.
    ... ... ...
    ... ... ...
    ... ... ...
    China, which has long had a strong market for domestically produced "clone" hardware and devices, has also seen an underground market for attack tools and services arise in recent years.
    Poor Android Device User even does not know whether downloaded and installed applications are either from Authentic Google Server or from the Fake Google Play Store from Hacker's Paradise.

    In business of hacking and faking (cloning) China would stand first.
    I still remember they fake Apple Store & Apple Devices in China completely.
    But, like 119 <- There is nothing wrong to blame China instead of Iraq this time!
    It more likely usual, for each and every single GooF, there is always someone else to blame - a scapegoat.
    According to latest development on the subject...
    It's the app developer's (but who???) equivalent of hiding the door keys under the mat: researchers from Columbia University have found Android apps containing the developers' secret keys.
    Before, It was Google vs Oracle on Java battle!

    Any way these two are classic examples of Google's Purposeful Negligence which made both Millions of Innocent Android Device Users and Fooled Hardware Manufacturing Vendors, both, innocent victims and vulnerable.
    Last edited by enim; 19th Jun 2014 at 03:25.
    Quote Quote  
  9. Few more news-lines on Android Vulnerabilities...Couple of more excerpts.

    The attack was published last week as a module to the open-source Metasploit exploit framework used by security professionals and hackers alike. The code exploits a critical bug in Android's WebView programming interface that was disclosed 14 months ago. The security hole typically gives attackers remote access to a phone's camera and file system and in some cases also exposes other resources, such as geographic location data, SD card contents, and address books.
    The Georgia Tech research identifies an Android performance feature that weakens a software protection called Address Space Layout Randomization (ASLR), leaving software components vulnerable to attacks that bypass the protection, according to a statement.
    Security Researchers at IBM have discovered multiple vulnerabilities in Firefox for Android platform that allow a malicious application to leak the sensitive information related to the user's profile.
    Researchers developed an exploit to brute-force successfully bypassed Android’s sandbox to obtain the sensitive data reside in that directory, including users' cookies, browsing history and cache information.
    A vulnerability in Android allows malicious applications to bypass an active VPN (virtual private network) connection and force traffic from the device through an attacker-controlled system where it can be intercepted, according to security researchers from Ben-Gurion University of the Negev in Israel.
    Researchers have found that most of the Android application developers often store their secret keys in their app's code, similar to usernames/passwords information, which could be then used by any bad actor to maliciously steal users’ information or resources from the service providers such as Amazon and Facebook.

    These vulnerabilities in the implementation of the Android applications can affect users even if they are not actively using the Android apps. Even "Top Developers" designated by the Google Play team as the best developers on Google Play, included these vulnerabilities in their apps, according to the researchers.
    Android is a BURNING 'hellstew' of malware.
    According to Apple CEO Tim Cook's presentation slide at Apple's Worldwide Developers Conference (WWDC).
    Microsoft's top lawyer says the fallout of the NSA spying scandal is "getting worse," and carries grim implications for US tech companies.

    "What we've seen since last June is a double-digit decline in people's trust in American tech companies in key places like Brussels and Berlin and Brasilia. This has put trust at risk," Microsoft's top lawyer Brad Smith - said in a speech at the GigaOm Structure conference in San Francisco.
    Just a joke...
    This is all about my two Beer Bar Buddies...The one who always likes to suck mint candies, and other one likes from behind.

    Suckermint was talking to O'mama over private and highly secured line about some serious business, Suckermint said to O'mama "Now, we can have a video conference through our (spy) satellite using our most profound Android OS. Use this "~!@#$%^&*()-+" crypto code on your secret channel on tv to watch live". As crypto code was long O'mama forget it absolutely. He just turned on the tv and default channel was broadcasting live conversation, he was surprised. To make sure he shuffled around few more channels using remote, but not, secret channel as he could not re-collect. Each and every single channel was broadcasting Suckermint with O'mama LiVE. O'mama asked Suckermint "How come each and every single channel is broadcasting our secured line conversation live?". Suckermint replied "I am getting it perfectly on our secret channel, but, how ever it seems like even our satellite has been hacked. Our engineers need to have a look". And, immediately line was disconnected, and message displayed on all channel was "SORRY FOR INTERRUPTION".

    And O'mama thinks that with help of NSA, FaceBook, Twitter, Google Services, and other Internet US giants, He can spy over all over the world. It is more like a policy "Leading from Behind" = "Spying through Back-Doors".

    I guess they never heard the world "FU" even while dreaming from all over the world.
    Quote Quote  
  10. AFAIK, the towelroot vulnerability requires physical access to the device i.e. someone else has your android device and the only thing that really matters is that no harm came to you in the process of surrendering it!

    The fake play store app is more worrying since it's pre-installed in the phone so even a factory reset wouldn't remove it and you would need to root it (thanks towelroot) to be able to change the files. OTH, what do you expect after all we've learned from the Snowden revelations; you buy a phone from a Chinese commodity manufacturer, many of which have links to high ranking military officials...

    It's not surprising to hear that android devices are being returned in any quantity. There's a reason Samsung, Sony... slap their own UI on top of android, many newbies feel lost with the bare UI. Add to that the touch interface and suddenly using that portable computer isn't so much like using the living room PC (and you know how many people have issues with that).
    Quote Quote  
  11. Originally posted by nic2k4

    AFAIK, the towelroot vulnerability requires physical access to the device i.e. someone else has your android device and the only thing that really matters is that no harm came to you in the process of surrendering it!

    The fake play store app is more worrying since it's pre-installed in the phone so even a factory reset wouldn't remove it and you would need to root it (thanks towelroot) to be able to change the files. OTH, what do you expect after all we've learned from the Snowden revelations; you buy a phone from a Chinese commodity manufacturer, many of which have links to high ranking military officials...

    It's not surprising to hear that android devices are being returned in any quantity.
    -Agreed 100%.
    In case of processing HEAVY return, replacing embedded malware chip (BGA) is pain in SSA that leaves manufacturer without any option rather than HuGH scrap.

    ALL ANDROID DEVICE USERS SHOULD RETURN FOR FULL REFUND.
    But, some definitely gonna hold it - keep it for Forensic Analysis.

    You just WoN a beer treat as in FREE!
    Last edited by enim; 19th Jun 2014 at 16:50.
    Quote Quote  
  12. Google is abusing its Play power, says third-party Android app store CEO

    Google is unfairly forcing third-party Android app stores onto the sidelines in favour of its own Google Play store, according to European app provider Aptoide.

    The third-party app store -- which is based in Lisbon, Portugal -- has lodged an antitrust complaint with the European Commission, the executive arms of the European Union tasked with upholding treaties and proposing new laws.

    Downloadable apps are a huge part of Google's Android mobile operating system for smartphones and tablets, with Google's own Play store providing the most visible way to access this world of apps on most mobiles. The new complaint says that third-party stores -- Android app markets offered by companies other than Google -- are getting unfairly pushed aside.

    "We believe that our case is strong."
    Aptoide co-founder and CEO Paulo Trezentos
    ... ... ...
    ... ... ...
    ... ... ...
    Trezentos says he dislikes the "removal of other App Stores, or apps with references to other App Stores, from Google Play", also alleging that Google tools such as the Chromium open source Web browser block access to third-party app stores.

    "App Stores can be very interesting and Google is assuring that it controls 100 percent of that Apps distribution channel," Trezentos said. "Using anti-competition practices, it not only harms the consumer that will have fewer and more expensive options, but also the Android platform as a [whole]."

    At the time of publication, Google had not responded to a request for comment. We will update this report when we have more information.
    But,
    What exactly Google wanna serve by Google Play is malware embeded softwares with definite malicious purposes. It's Google's Power Play with Google Play.
    ... ... ...
    ... ... ...
    ... ... ...
    The European Commission's antitrust procedures note, "A dominant company has a special responsibility to ensure that its conduct does not distort competition", though it remains to be seen whether the complaint will proceed or force Google to change its stance.

    "This will depend on the specifics of the case," Doctor Orla Lynskey, assistant Professor in law at the London School of Economics said. "Google has a position of market power on many of the potentially relevant markets and therefore the question will be whether it has taken advantage of this position in order to exclude other potential competitors from the market.

    "Whatever it decides," Lynskey added, "the Commission will need to fully consider this complaint as any decision it reaches will be subject to an appeal. If it decides to continue, it will launch an official investigation into Google's practices."

    Google has been lumbered with a number of antitrust complaints in Europe over the past few years. In 2013, the EU began examining Google's use of Android, which a group of companies including Nokia, Microsoft, and Oracle labelled "a deceptive way to build advantages for key Google apps in 70 percent of the smartphones shipped today."

    Open Source platform should ideally be Open to Wel-Come.
    For example Tux never feared competition - like Debian, Mint, Ubuntu, Lubuntu, Fedora, CentOS.
    Here is the clear example of achieving Market Monopoly by sucking an Open Source Model, as Android it self is based on Linux (Open Source) Kernel.

    US Corporate power (GREEDY) games made middle-class life and survival miserable globaly, as well as in home-land.

    With a successful Open Source Model, Why would anybody pay high royalties to US firms?
    WAKE-UP & THINK before it starts BLEEDING.

    Suckermint successfully changed definition of "Open Source" to "Suck it Openly".
    Oh! Suckermint.

    -----------------------------------------------------------
    Friendship with CROOKS always hurts in long-term.
    Quote Quote  
  13. Mod Neophyte Super Moderator redwudz's Avatar
    Join Date: Sep 2002
    Location: USA
    Search Comp PM
    Not 'Latest Video News': Moving to Computer Forum

    Moderator redwudz
    Quote Quote  
  14. Originally posted by redwudz

    Not 'Latest Video News': Moving to Computer Forum
    Moderator redwudz
    -Thanx!
    Quote Quote  
  15. Microsoft's Android patents

    The Android patents alone may bring as much as $2 billion a year to Microsoft's coffers.

    As John Ferrell, co-founder of the Silicon Valley law firm Carr & Ferrell, said in an e-mail interview: "It’s not unexpected that a company like Microsoft, that invests so heavily in building and acquiring patents, wouldn’t also aggressively find a way to monetize its huge investment."Fighting patent trolls
    Perk up! Stimulating patent troll legislation brewing in Congress
    FTC loses patience with patent trolls


    Microsoft has certainly done that.

    Microsoft's licensing fees vary from company to company. While no one has gone on record, the range seems to be from $5 to $16 per Android device. So, for example, Microsoft signed Samsung to an Android patent deal in 2011. Thus, with Samsung's Galaxy S5, which is available at a carrier-subsidized price of $200, Microsoft may be making from $10 to $32 per device sold.

    Android smartphone and tablets manufacturers aren't happy about this. I've been speaking to half-a-dozen Android related businesses and these companies are considering a variety of options now that Microsoft's Android patent arsenal [.docx file] has been publicly revealed. As these companies are still weighing what, if any, actions they make take, I am unable to identify them or what specific actions they are currently considering.

    Here, however, are the possibilities that are under consideration.

    Of the major Android smartphone vendors, only Motorola Mobility, which previously belonged to Google, and is being bought out by Lenovo, has fought Microsoft in court over its demands for Android patent licensing. The other firms, considering the high-cost of patent litigation, have been elected to pay Microsoft off. The average cost of a patent lawsuit in 2008 had already reached $17.8-million per case.

    For most companies the smart move has been to swallow their pride, pay the licensing fees, and move on.

    Motorola Mobility, however, has shown that Microsoft patent portfolio was weaker than many expected. Of the 17 patents to appear so far before the International Trade Commission, the US District Court of Western Washington, and the German Federal Patent Court, 16 of the decisions have gone Motorola's way.
    It quite obvious that Why would Microsft should make more effots in Windows?, if MS makes billiiiioooooon$$$$$ from Android Patent Pool.


    If WhiteMouse put security in hands of US corporates, You would not be surprised to see a head-line "Home-Land Security is up for an auction - Billioners may bid". Because to US corporates profit is more important than anything else.


    When I started this thread I had absolutely no idea that How deep Android root-kit would be?
    Rest I leave up to readers for more research.

    Do smart devices are worth even a single penny?
    Pay over price & Get Screwed. Throw away within every two years.
    Quote Quote