Security Hole

Snapchat issues a response to recent security concerns

Snapchat has released a statement regarding the recent findings that their service can be used to attach phone numbers to names, leading to identification of users. While Snapchat had been aware of the issue since August, the group who found the exploit wasn’t pleased with their lack of focus on the security issue. On December 31st, 2013, they released redacted numbers attached to usernames to the web, as well as their methodology for acquiring them, forcing the hand of Snapchat.

Snapchat code exploit published after being ignored

Snapchat, which prides itself for its privacy and security features, might have just become completely insecure. Researchers have now published undocumented API and code to two exploits that not only opens up the service to spam but also gives malicious individuals access to users' profiles and phone numbers.

Hackers rake in large bounties for security exploits

Who says that being naughty doesn't pay, especially when it's for the good of everyone. That is exactly how a handful of hackers have been able to rake in thousands of dollars as part of some companies' attempts to turn hunting down security bugs into a contest. With crash prizes, of course.

Verizon Galaxy Note II Exynos flaw fixed with latest update

It would appear that worries about the recently-discovered Exynos security hole are over for Verizon Galaxy Note II owners. An update is being sent out today that supposedly fixes the security flaw that had so many Samsung owners on edge, so Verizon Galaxy Note II owners can rest easy. Be sure to check your notification panel to see if there's an update waiting for you, and if there is, install that bad boy to bolster your phone's defenses against malware.

Duo Security releases X-Ray security app for Android

It takes a dedicated person to stay up-to-date on all of the security vulnerabilities in any given system, and that isn't any different on Android. Thankfully for Android users, Duo Security has released a new DARPA-funded security app called X-Ray that will assist in identifying security holes on your Android device, because hey, who else is going to do it? Duo Security writes on the X-Ray official site that it developed this app in part because carriers typically drag their feet when it comes to pushing an update that will fix security flaws in Android, so with this app, they're giving users the ability to test for these flaws themselves.

HTC begins OTA rollout for Sense security flaw fixes

A few weeks ago news broke about a massive security flaw in nearly all of HTC's current Android devices, stemming from customizations that the manufacturer made to the core Android files. Shortly after the flaw came to light, HTC vowed to fix the issue, and today some of its high-profile device are receiving their first updates. According to Android Police (Who broke the security story in the first place) the Evo 3D, Evo 4G, Evo View 4G and the new EVO Design 4G are all being updated now.

“Massive” security/privacy issues found in HTC phones

The Android world had a major shock earlier today when several members of Android Police (appropriate, no?) published a "massive" security flaw found on several high-profile devices from HTC. The problem comes from a customization that HTC has implemented on the core Android system, allowing any app that asks for the right permission access to a staggering amount of users' private and technical data. Even more disturbing, it seems to be the case that some of this information can be retrieved remotely by HTC or anyone else due to an HTC app opening up a network port on any affected phone. The primary issue stems from the "android.permission.INTERNET" permission. Once an app calls this permission into effect, it has access to all sorts of disturbing information on both rooted and non-rooted phones. The private information which any app can access includes email addresses, GPS locations and at least some former locations, call logs, SMS logs, and information from running apps. The HTC app "HtcLoggers.apk" is capable of collecting much of this data and then supplying it to anyone who opens up a network port on the phone. Theoretically, it's possible to duplicate a user's entire phone using these vulnerabilities. Trevor Eckhart originally discovered these vulnerabilities, and the flaws have been verified and cataloged by Artem Russakovskii and Justin Case of Android Police. According to these three, the problems effect a wide range of HTC Android devices across all major carriers. The EVO 4G, EVO 3D, EVO Shift 4G, MyTouch 4G Slide and Thunderbolt were mentioned specifically, so it's a fair bet that anything running similar hardware and software is likewise affected. The whistle-blowers have created a proof-of-concept app which allows any user (no root required) to examine the data being collected in real-time. You can find their exhaustive research and the proof of concept app at the source link. Though Eckhart said that he alerted HTC of these security issues more than a week ago, no official response has been made. Update: HTC has made the following statement: "HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken"
1 2 3