Hasta La Gadget!

If you’re an Android user who prefers Viber for VoIP and messaging, you may not want to leave your phone unattended in the near future. Bkav Internet Security has discovered an exploit that will bypass the lock screen on Android phones new and old (including the Nexus 4) as long as pop-up notifications are active. While the exact actions vary from phone to phone, all that’s really needed is an incoming message or two, a handful of taps and the back button to reach the home screen. App users can disable the pop-ups as a short-term workaround, although they thankfully won’t have to do that for long when Viber promises that a patch is on the way. There’s only a small chance that a malicious attacker will both get their mitts on your phone and know that you’ve got Viber installed, but we’d advise against using statistical probability as a security measure.

Filed under: Cellphones, Mobile

Comments

Via: Ars Technica

Source: Bkav

Browsing websites on the Internet could be a great experience, depending on what kind of content you’re searching for. Conducting research for a term paper may not be as rewarding as browsing Reddit, but the process is still the same: input a website address, get to said website. But a recently revealed HTML5 exploit shows some websites can fill your computer’s hard drive with junk data. A lot of junk data.

Web developer Feross Aboukhadijeh created FillDisk.com in order to demonstrate the exploit in HTML5. The Web Storage standard used in HTML5 allows any website to place large amounts of data on your computer’s drive, which could result in a lot of frustration as the user will probably continually wonder why their hard drives are completely out of disk space. (more…)

By Ubergizmo. Related articles: CloudFlare Is Down, Taking Thousands Of Websites With It, YouTube Gets In On The Harlem Shake Craze,

There’s plenty of official news about Google TV this week at CES, but if you’re more interested in cracking the platform wide open unofficially this video may be of interest. The GTVHacker team reveals that it has been developing an exploit that will let it run custom kernels on “most” second generation Google TV devices, along with a custom recovery designed specifically for Google TV. It’s not ready for prime time just yet but in the video you can get a peek at it being loaded on a Sony NSZ-GS7 box, opening up wider access to the kinds of adjustments we’re already used to seeing on mobile Android devices. There’s no word on when this will see wide release, but you can hit the source link for more details plus a history of what the team has been up to since coming together over two years ago

Continue reading GTVHacker shows off custom recovery for Google TVs (video)

Filed under: Home Entertainment, HD

Comments

Source: GTVHacker

Mobile security company Intrepidus Group presented evidence during the EUSecWest security conference potentially identifying a major flaw in at least two US transit systems. Creating an Android app named “UltraReset” and using it in tandem with an NFC-enabled Android phone (a Nexus S, in this case), security researchers Corey Benninger and Max Sobell were able to reset and reuse — free of charge — transit access cards in both San Francisco’s MUNI system and New Jersey’s PATH system. Before you go getting any bad ideas, know that Benninger and Sobell haven’t released the app for public use, and warned both transit systems in late 2011 (though neither region has fixed the exploit, the duo claim). PATH and MUNI share a common chip access card — the Mifare Ultralight — which can apparently be reset for 10 extra rides (as demonstrated on video below) via Android phones with NFC, an OS newer than 2.3.3 (Gingerbread). Starting to sound familiar?

Intrepidus is, however, releasing a modified version of the app, named “UltraCardTester.” The modified app functions just like its nefarious progenitor, except it can’t add time to cards (see it in action below). The app can tell you how many rides you have left, and if a system is open to exploit, but it won’t assist you in the act of exploiting. We reached out to both New Jersey’s PATH and San Francisco MUNI on the issue, but have yet to hear back as of publishing.

Continue reading Security researchers identify transit system exploit in San Fran and New Jersey, create app to prove it

Filed under: Cellphones, Transportation, Wireless, Software, Mobile

Security researchers identify transit system exploit in San Fran and New Jersey, create app to prove it originally appeared on Engadget on Sun, 23 Sep 2012 19:48:00 EDT. Please see our terms for use of feeds.

Permalink   |  IDG News Service  | Email this | Comments

If you’re an iPhone owner, you may want to use good judgment before responding to any out-of-the-blue text messages in the near future. French jailbreak developer and security researcher pod2g finds that every iPhone firmware revision, even iOS 6 beta 4, is susceptible to a flaw that theoretically lets a ne’er-do-well spoof the reply address of outbound SMS messages. As Apple is using the reply-to address of a message’s User Data Header to identify the origin rather than the raw source, receiving iPhone owners risk being fooled by a phishing attack (or just a dishonest acquaintance) that poses as a contact or a company. A proof of concept messaging tool is coming to the iPhone soon, but pod2g is pushing for an official solution before the next iOS version is out the door. We’ve asked Apple for commentary and will get back if there’s an update. In the meantime, we wouldn’t panic — if the trickery hasn’t been a significant issue since 2007, there isn’t likely to be a sudden outbreak today.

Filed under: Cellphones

iPhone reportedly vulnerable to text message spoofing flaw originally appeared on Engadget on Fri, 17 Aug 2012 12:53:00 EDT. Please see our terms for use of feeds.

Permalink   |  pod2g  | Email this | Comments