Ignore No More is an app that has been featured by several news outlets as of late. It allows parents to remotely lock their kid's phones is preset number of calls or text messages go unanswered by their children. Once the parent decides to lock down their kid's phone after getting no response, the kid's device will only be allowed to make phone calls to numbers that are saved in the "In Case of Emergency" contact list, which is where the parent's number must be stored. Once the kid stops ignoring the parent, the parent can then remotely unlock the kid's phone. Based on the reading I've done, the app doesn't sound perfect, but it does raise the question of how many of you out there are looking for and/or would use an app like this? Chime in below, and read more about this app HERE.
170 Views · 4 Replies ( Last reply by mamawm )
bad droid.png 56.05K 8 downloads
Hey, guess what? Security researchers have found yet another means of stealing your personal data from your phone. For a change though, it is believed that this one may affect other mobile platforms as well as Android. This one essentially boils down to a phishing type attack, in which a malicious app is able to access data from another app that is stored in shared memory. Using this particular technique, the research team who discovered this vulnerability are reporting a success rate of between 80% - 90% at accessing data from apps such as Gmail, the Chase mobile banking app, and the H&R Block mobile app, among others. Fortunately, in order for this attack to work, quite a few conditions have to be met, including the installation of a malicious app to monitor other apps on your device and user interaction with that app to allow it steal the data. Unfortunately this is yet another scary proof of concept vulnerability that could cause serious heartache if not quickly addressed. The moral of the story, as always, is be careful what apps you install on your devices. More details are HERE.
Source: Redorbit.com (thanks cmh714!)
stumproot.png 351.82K 16 downloads
The guys of Team Codefire (IOMonster, jcase, autoprime, and PlayfulGod) have released a new root exploit that has been confirmed to work on all carrier versions of the LG G3, including the Sprint version, which up until now did not have a working root method. Called Stump Root, its about as easy as rooting gets. Simply download and install the Stump Root apk, run it, reboot when prompted, install SuperSU, uninstall the Stump Root apk, and profit. Big thanks to the guys of Team Codefire for continuing to find and exploit the vulnerabilities that allow us to have root access on our devices! Read more about Stump Root and grab the apk HERE. Standard warnings about rooting your device apply.
211 Views · 4 Replies ( Last reply by SamuriHL )
Some good news is coming right around the corner and looks like we are finally going to see what these devices look like.
209 Views · 1 Replies ( Last reply by livinginkaos )
UPDATE: Dan has gone on record and stated that neither LG nor Samsung devices can be bootloader unlocked with this method. Period, dot, the end.
UPDATE 2: Qualcomm has now issued a statement that they are aware of this vulnerability, and that they have released a patch to device manufacturers.
Beware, major geek speak lies ahead. Security research extraordinaire Dan Rosenberg, aka djrbliss, made a presentation at the Black Hat security convention yesterday that, to put it mildly, is kind of a huge deal. He showed that it is possible to exploit a vulnerability within the TrustZone of a device running a Qualcomm SOC to either unlock or circumvent a secure bootloader. Then he proved the concept by unlocking the bootloader of a consumer version Moto X. I'll let that sink in for a second...
Still with me? Okay, I'm not going to get into a serious discussion of how this works, because frankly I don't completely understand it. But I'll attempt to break it down as simply as I can. Any device that is powered by a Qualcomm SOC, including most every flagship Android device produced within the past year, utilizes what is referred to as the TrustZone, which acts as an intermediary between the kernel and hardware and regulates what are trusted apps and commands, and what are not. Things are broken down even further into what is considered the secure and non-secure sides of the device. The non-secure side includes the Linux kernel, the Android operating system, and most every app on your device. On the secure side, you have what is called the Trusted Execution Environment, which in Qualcomm land is called the Qualcomm Secure Execution Environment. This secure side of the house has access to absolutely everything on your device, both in terms of hardware and software, such as the Qfuses that dictate whether some of your devices' bootloaders are locked or unlocked. What Dan was able to do was find a vulnerability that allows code to be executed from within that secure side, allowing him to bypass or unlock a secure bootloader. What devices does this affect? The Moto X, HTC One, Samsung Galaxy S4, and LG G2 to name a few.
Now comes the part where I dash everyone's hopes for a Utopian land where locked bootloaders are a thing of the past. First of all, Dan was able to exploit this onstage at Black Hat, but he has not released the details of exactly how he did it. So there is currently no exploit in the wild to allow anyone to do this. Secondly, if an exploit is ever released, there's a good chance it will be patched very, very soon. So if you have a current Android phone running a Snapdragon SOC and are hoping to profit from this, avoid any OTA updates like the plague. Finally, the Galaxy S5 and HTC One M8 have already had this vulnerability patched, so no love for owners of those devices. Dan's paper explaining the details of the vulnerability can be found below.
Source: XDA, (thanks SamuriHL, shane1, and cmh714!)
453 Views · 9 Replies ( Last reply by KaChow )
hashcode_400x400.png 182.68K 17 downloads
Many, many of us have profited from this man's work. Now Hashcode has taken a job with the Linaro Mobile Group, and has decided to take a step back from several of his Android development projects. In his own words:
360 Views · 4 Replies ( Last reply by mrlolli )
samsung-galaxy-s5-brilliant.png 282.27K 21 downloads
Consider this your warning. An update is rolling out for the VZW Galaxy S5, that along with a host of bug fixes, is apparently also breaking root access. Reports are coming in that not even towelroot is able to restore root access after taking the latest update. The update, which is designated KOT49H.G900VVRU1ANE9, also adds a few new features, such as the ability search for downloaded apps through the stock file manager. The update does not upgrade the Android version, which remains at 4.4.2. So to anyone who wants to keep root access on their device, steer clear of this one for the time being. More details of what is contained in this update are HERE.
525 Views · 18 Replies ( Last reply by SamuriHL )
bad-android-420x215.jpg 13.99K 23 downloads
You really didn't think that my first story in over a month would be good news did you?!? Researchers at Bluebox have discovered a security vulnerability within Android that could allow malicious code to infect nearly any app on your device. In a nutshell, Android allows for a variety of security certificates that verify the authenticity of an app, including self-signed certificates that aren't issued by a digital certificate authority. However, there is another type of certificate, referred to as a hard-coded certificate, that gives the associated app elevated permissions, such as the ability to inject code into other apps. The main three that have been referenced that use this type of certificate are Adobe, which most likely uses this to allow Flash to act as a plug in for other apps; 3LM, which is a service used on Motorola, Sony, HTC, Samsung, and LG devices among others that can install apps and control system settings; and Google Wallet, which uses the hard-coded certificate to provide secure access to NFC. The problem is that Android does not verify the authenticity of the security certificates that act as intermediaries between the apps in which code is injected and the original hard-coded certificate that allowed the code to be injected in the first place. So essentially, an attacker can sign a malicious app with a security certificate that appears to be signed by the original hard-coded certificate but actually isn't, and this will never be cross-checked by Android. The bottom line is that this is yet another way in which an attacker can gain full access to your device and steal your personal stuff. Google says they have released a patch to address this, with Motorola being the only manufacturer that has begun to push the patch out so far. More details about the vulnerability, as well as a link to an app that can determine if your device is vulnerable, can be found HERE.
490 Views · 8 Replies ( Last reply by RikRong )
Futiledemise - Aug 29 2014 07:55 AM
rairai - Aug 28 2014 06:34 PM
mellar - Aug 25 2014 01:44 PM
Sabres032 - Aug 24 2014 04:27 PM
907 won't update among other things
lovethellama - Aug 24 2014 09:24 AM
Nand backup fails w/SafeStrap 3.65 in recovery
SpyderMan - Aug 24 2014 05:54 AM
Bionic no 4g
powrider686 - Aug 23 2014 11:46 AM
[ROM][Unofficial] Dirty Unicorns [4.4.4][V7.9][8/28/2014]
mrlolli - Aug 22 2014 07:02 PM
Parental Control App Ignore No More Lets Parents Remotely Lock Their Kid's Phones
mjs27541 - Aug 22 2014 01:42 PM
Security Vulnerability That, For Once, May Affect More Than Android
mjs27541 - Aug 22 2014 01:27 PM