Tagged: Security Hole
Android 4.4 contains a fix to yet another but weaker variant of the bug.
Exynos security hole are over for Verizon Galaxy Note II owners. An update is being sent out today that supposedly fixes the security flaw that had so many Samsung owners on edge, so Verizon Galaxy Note II owners can rest easy. Be sure to check your notification panel to see if there's an update waiting for you, and if there is, install that bad boy to bolster your phone's defenses against malware.
Android. Thankfully for Android users, Duo Security has released a new DARPA-funded security app called X-Ray that will assist in identifying security holes on your Android device, because hey, who else is going to do it? Duo Security writes on the X-Ray official site that it developed this app in part because carriers typically drag their feet when it comes to pushing an update that will fix security flaws in Android, so with this app, they're giving users the ability to test for these flaws themselves.
massive security flaw in nearly all of HTC's current Android devices, stemming from customizations that the manufacturer made to the core Android files. Shortly after the flaw came to light, HTC vowed to fix the issue, and today some of its high-profile device are receiving their first updates. According to Android Police (Who broke the security story in the first place) the Evo 3D, Evo 4G, Evo View 4G and the new EVO Design 4G are all being updated now.
Android Police (appropriate, no?) published a "massive" security flaw found on several high-profile devices from HTC. The problem comes from a customization that HTC has implemented on the core Android system, allowing any app that asks for the right permission access to a staggering amount of users' private and technical data. Even more disturbing, it seems to be the case that some of this information can be retrieved remotely by HTC or anyone else due to an HTC app opening up a network port on any affected phone. The primary issue stems from the "android.permission.INTERNET" permission. Once an app calls this permission into effect, it has access to all sorts of disturbing information on both rooted and non-rooted phones. The private information which any app can access includes email addresses, GPS locations and at least some former locations, call logs, SMS logs, and information from running apps. The HTC app "HtcLoggers.apk" is capable of collecting much of this data and then supplying it to anyone who opens up a network port on the phone. Theoretically, it's possible to duplicate a user's entire phone using these vulnerabilities. Trevor Eckhart originally discovered these vulnerabilities, and the flaws have been verified and cataloged by Artem Russakovskii and Justin Case of Android Police. According to these three, the problems effect a wide range of HTC Android devices across all major carriers. The EVO 4G, EVO 3D, EVO Shift 4G, MyTouch 4G Slide and Thunderbolt were mentioned specifically, so it's a fair bet that anything running similar hardware and software is likewise affected. The whistle-blowers have created a proof-of-concept app which allows any user (no root required) to examine the data being collected in real-time. You can find their exhaustive research and the proof of concept app at the source link. Though Eckhart said that he alerted HTC of these security issues more than a week ago, no official response has been made. Update: HTC has made the following statement: "HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken"
Samsung Galaxy S II has at least one dull spot. There's an easy work-around that will let anyone access your phone if you've implemented Android's unique pattern-based or PIN lock screen. Don't worry, though, an industrious early adopter has already found a way to secure the Galaxy S II while keeping the lock screen in place.
NetQin Mobile have spotted not one, but two issues that need to be brought to everyone's attention. NetQin said they have found two Malicious Viruses stemming from apps that come from the dark alley side of the Android Market.
gaining momentum in smart phone realm according to the San Francisco Chronicle.