Developers gain root access on Google Glass, not yet sure what to do with it

Developers gain root access on Google Glass, not yet sure what to do with it

Access to Google’s Glass headsets is still limited to a lucky few, but that’s more than enough to include several curious coders. Some have had success identifying the hardware contained within, but others are focusing on the software. Cydia founder Jay Freeman posted the above image on Twitter this afternoon to show that he had gained root access on his unit, telling Forbes he relied upon a well-known Android 4.0.4 exploit to take control of its OS. The bad news? He hasn’t been able to use it much yet, since the Explorer edition isn’t quite ready for prescription glasses wearers. For now, the question of whether the same technique will work on eventual retail versions remains unanswered, as well as what it’s actually going to be useful for. Steven Troughton-Smith suggests developers can use it to try out more complicated apps than Google currently allows, including always-on heads-up displays or camera apps. Overcoming any remote deactivation Google may try to enforce or loading your own unauthorized apps are also definite possibilities, though we’re sure others will surface soon.

Filed under: ,

Comments

Source: Jay Freeman (Twitter), Forbes, 9to5Google

Viber exploit lets attackers bypass Android lock screens, for now (video)

Viber exploit lets users bypass Android lock screens, a fix is on the way video

If you’re an Android user who prefers Viber for VoIP and messaging, you may not want to leave your phone unattended in the near future. Bkav Internet Security has discovered an exploit that will bypass the lock screen on Android phones new and old (including the Nexus 4) as long as pop-up notifications are active. While the exact actions vary from phone to phone, all that’s really needed is an incoming message or two, a handful of taps and the back button to reach the home screen. App users can disable the pop-ups as a short-term workaround, although they thankfully won’t have to do that for long when Viber promises that a patch is on the way. There’s only a small chance that a malicious attacker will both get their mitts on your phone and know that you’ve got Viber installed, but we’d advise against using statistical probability as a security measure.

Filed under: ,

Comments

Via: Ars Technica

Source: Bkav

Galaxy Note 2 Exploit Surfaces Using Ticker To Access Browser

Last week, we highlighted a video that showed a way the Samsung Galaxy Note 2′s homescreen can be exploited in order launch programs and directly dial some contacts on your phone, even though the process takes some quick finger work. The process is done through the emergency contacts area of the lock screen, and is once again being used to give access to portions of a locked Galaxy Note 2.

The latest vulnerability highlighted in a video requires the phone to have its ticker active, which as a result displays news bites and other short news information upon waking the device. Tapping on a news piece will be met with the device’s lock screen, but if you tap on the emergency contacts button, you’ll then be able to see the launched browser. From there, the user can access the phone’s clipboard as well as websites that may hold personal information.

Considering how many exploits have surfaced revolving around the emergency contacts menu, we’re hoping Google is not only made aware of these workarounds, but is also in the process of patching them up.

By Ubergizmo. Related articles: HTC One Global Release Delayed To April, FCC Approves T-Mobile, MetroPCS Merger,

HTML5 Exploit Can Allow Websites To Fill Up Your Hard Drive

Browsing websites on the Internet could be a great experience, depending on what kind of content you’re searching for. Conducting research for a term paper may not be as rewarding as browsing Reddit, but the process is still the same: input a website address, get to said website. But a recently revealed HTML5 exploit shows some websites can fill your computer’s hard drive with junk data. A lot of junk data.

Web developer Feross Aboukhadijeh created FillDisk.com in order to demonstrate the exploit in HTML5. The Web Storage standard used in HTML5 allows any website to place large amounts of data on your computer’s drive, which could result in a lot of frustration as the user will probably continually wonder why their hard drives are completely out of disk space. (more…)

By Ubergizmo. Related articles: CloudFlare Is Down, Taking Thousands Of Websites With It, YouTube Gets In On The Harlem Shake Craze,

Oracle patches Java exploits, toughens its default security levels

Java disabled in Firefox

Oracle hasn’t had a great start to 2013. It’s barely into the new year, and Apple and Mozilla are already putting up roadblocks to some Java versions after discoveries of significant browser-based exploits. The company has been quick to respond, however, and already has a patched-up version ready to go. The Java update goes one step further to minimize repeat incidents, as well — it makes the “high” setting the default and asks permission before it lauches any applet that wasn’t officially signed. If you’ve been skittish about running a Java plugin ever since the latest exploits became public, hit the source to (potentially) calm your nerves.

[Thanks, Trevor]

Filed under: , ,

Comments

Via: Reuters

Source: Oracle

GTVHacker shows off custom recovery for Google TVs (video)

GTVHacker shows off custom recovery for Google TVs video

There’s plenty of official news about Google TV this week at CES, but if you’re more interested in cracking the platform wide open unofficially this video may be of interest. The GTVHacker team reveals that it has been developing an exploit that will let it run custom kernels on “most” second generation Google TV devices, along with a custom recovery designed specifically for Google TV. It’s not ready for prime time just yet but in the video you can get a peek at it being loaded on a Sony NSZ-GS7 box, opening up wider access to the kinds of adjustments we’re already used to seeing on mobile Android devices. There’s no word on when this will see wide release, but you can hit the source link for more details plus a history of what the team has been up to since coming together over two years ago

Continue reading GTVHacker shows off custom recovery for Google TVs (video)

Filed under: ,

Comments

Source: GTVHacker

Google patches SVG and IPC exploits in Chrome, discoverer banks $60,000 in the process

Google Chrome logoGoogle revels in hacking contests as ways of testing Chrome’s worth. Even if the browser is compromised, the failure provides a shot at fixing an exploit under much safer circumstances than an in-the-wild attack. No better example exists than the results of Google’s Pwnium 2 challenge in Malaysia: the company has already patched vulnerabilities found in the contest that surround SVG images and IPC (inter-process communication) before they become real problems. Staying one step ahead of truly malicious hackers carries a price, however. Pwnium 2 winner Pinkie Pie — yes, Pinkie Pie — is being paid $60,000 in prize money for catching the exploits. That may be a small price to pay if it reassures a few more Internet Explorer users looking to hop the fence.

Filed under: ,

Google patches SVG and IPC exploits in Chrome, discoverer banks $60,000 in the process originally appeared on Engadget on Thu, 11 Oct 2012 09:31:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceGoogle Chrome Releases  | Email this | Comments

Security researchers identify transit system exploit in San Fran and New Jersey, create app to prove it

Security researchers identify transit system exploit in San Fran and New Jersey, create app to prove it

Mobile security company Intrepidus Group presented evidence during the EUSecWest security conference potentially identifying a major flaw in at least two US transit systems. Creating an Android app named “UltraReset” and using it in tandem with an NFC-enabled Android phone (a Nexus S, in this case), security researchers Corey Benninger and Max Sobell were able to reset and reuse — free of charge — transit access cards in both San Francisco’s MUNI system and New Jersey’s PATH system. Before you go getting any bad ideas, know that Benninger and Sobell haven’t released the app for public use, and warned both transit systems in late 2011 (though neither region has fixed the exploit, the duo claim). PATH and MUNI share a common chip access card — the Mifare Ultralight — which can apparently be reset for 10 extra rides (as demonstrated on video below) via Android phones with NFC, an OS newer than 2.3.3 (Gingerbread). Starting to sound familiar?

Intrepidus is, however, releasing a modified version of the app, named “UltraCardTester.” The modified app functions just like its nefarious progenitor, except it can’t add time to cards (see it in action below). The app can tell you how many rides you have left, and if a system is open to exploit, but it won’t assist you in the act of exploiting. We reached out to both New Jersey’s PATH and San Francisco MUNI on the issue, but have yet to hear back as of publishing.

Continue reading Security researchers identify transit system exploit in San Fran and New Jersey, create app to prove it

Filed under: , , , ,

Security researchers identify transit system exploit in San Fran and New Jersey, create app to prove it originally appeared on Engadget on Sun, 23 Sep 2012 19:48:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceIDG News Service  | Email this | Comments

Mobile Miscellany: week of August 13th, 2012

Mobile Miscellany week of August 13th, 2012

Not all mobile news is destined for the front page, but if you’re like us and really want to know what’s going on, then you’ve come to the right place. This past week, Clove teased the October arrival of the black Samsung Galaxy S III and a security vulnerability was uncovered for Android’s pattern unlock feature. These stories and more await after the break. So buy the ticket and take the ride as we explore the “best of the rest” for this week of August 13th, 2012.

Continue reading Mobile Miscellany: week of August 13th, 2012

Filed under: , ,

Mobile Miscellany: week of August 13th, 2012 originally appeared on Engadget on Sat, 18 Aug 2012 21:15:00 EDT. Please see our terms for use of feeds.

Permalink   |   | Email this | Comments

iPhone reportedly vulnerable to text message spoofing flaw

iPhone reportedly vulnerable to text message spoofing flaw

If you’re an iPhone owner, you may want to use good judgment before responding to any out-of-the-blue text messages in the near future. French jailbreak developer and security researcher pod2g finds that every iPhone firmware revision, even iOS 6 beta 4, is susceptible to a flaw that theoretically lets a ne’er-do-well spoof the reply address of outbound SMS messages. As Apple is using the reply-to address of a message’s User Data Header to identify the origin rather than the raw source, receiving iPhone owners risk being fooled by a phishing attack (or just a dishonest acquaintance) that poses as a contact or a company. A proof of concept messaging tool is coming to the iPhone soon, but pod2g is pushing for an official solution before the next iOS version is out the door. We’ve asked Apple for commentary and will get back if there’s an update. In the meantime, we wouldn’t panic — if the trickery hasn’t been a significant issue since 2007, there isn’t likely to be a sudden outbreak today.

Filed under:

iPhone reportedly vulnerable to text message spoofing flaw originally appeared on Engadget on Fri, 17 Aug 2012 12:53:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourcepod2g  | Email this | Comments