Hasta La Gadget!

Watch out if someone sends a flood of text messages to your Nexus phone — they may be trying to break in or otherwise cause havoc. IT administrator Bogdan Alecu has discovered an Android bug that triggers exploitable behavior in the Galaxy Nexus, Nexus 4 and Nexus 5 whenever they’re hit by a large volume of Class 0 SMS messages, or texts that aren’t automatically stored on the phone. The denial of service attack usually forces the handset to reboot, but it can also disable the network connection (if temporarily) or crash the messaging app. Non-Nexus hardware appears to be safe, although Alecu notes that he hasn’t had a chance to test a wide variety of gadgets. Regardless of the problem’s scale, affected users will have to be cautious for a while; Google tells PCWorld that it’s looking into the exploit, but there’s no word on just when we can expect a patch.

Update: There’s already a firewall app in Google Play that protects against the exploit. Thanks, Chipsy4!

Filed under: Cellphones, Mobile, Google

Comments

PCWorld

Source: DefCamp, Google Play

If you manage Bitcoins through Android devices, you may need to keep a close eye on your virtual cash in the near future. Developers have found that multiple Android-based Bitcoin apps, such as Bitcoin Wallet and Mycelium Wallet, are vulnerable to number generator exploits that could be used for theft. Although patched apps are either available in beta or coming soon, the complete fix involves more than just new code — users have to both create a new Bitcoin address and send it out to anyone still relying on old details. You’re safe if you use a simple Bitcoin exchange client, but you’ll otherwise want to visit the source link for more help with securing your digital holdings.

Filed under: Cellphones, Internet, Mobile

Comments

Via: CNET

Source: Bitcoin

Recently, Georgia Tech researchers discovered an unusual way to attack iOS: a third-party charger with a hidden computer can install malware when an iOS device is plugged in and unlocked. That won’t be an issue for much longer, however, as Apple has confirmed that iOS 7 beta 4 and future releases contain a fix. While the company hasn’t said what that solution is, Georgia Tech’s Billy Lau says that the new OS can tell when it’s plugged into a computer instead of a charger — there shouldn’t be any rude surprises. The dependence on an iOS 7-based fix could leave many users vulnerable until the fall, although the hardware-specific nature of the exploit means it’s unlikely to be a major concern.

Filed under: Cellphones, Tablets, Mobile, Apple

Comments

Source: Reuters

The emergency contacts (ICE) menu is proving to be a Pandora’s Box of lock screen vulnerabilities on several Samsung Galaxy handsets. Users are finding ways to exploit this weak point and the latest flaw that’s come to our attention employs the pop-up browser on the Note II as an accomplice. It requires the information ticker to be active (found in lock screen settings) so news bites and such are displayed on the screen you encounter when waking the device. Touch upon something to find out more and you’re sent to the lock screen; from there, head to the ICE menu to find a pop-up browser window containing the item you chose in the ticker. Within that window, anyone can access the handset’s clipboard or point the browser to sites holding personal data. Sure, it isn’t as bad as the bug that completely disables the lock screen — identified on the Galaxy S III, but also found to work on the Note II — but is just another reason to hope the mythical box is almost empty and at the bottom lies a fix.

Filed under: Cellphones, Software, Mobile, Samsung

Comments

Source: Ganesh’s Blog

A security flaw discovered by Terence Eden on the Galaxy Note II with Android 4.1.2 may make that device less secure than you think when it’s locked by a code or other method. He discovered that the homescreen can be accessed, albeit it just for a split second, by pressing the “Emergency Call” icon, then the ICE button and finally pressing the physical home key for several seconds. While brief, it’s still enough time to click on any of your homescreen apps, which normally wouldn’t present a problem since access goes away when the home page disappears again. However, if one of your apps is a “direct dial” widget, for instance, a call can actually be placed by a hacker, and many other programs that perform an action at launch could also leave the device vulnerable. We’ve confirmed the flaw on our own handsets and the individual who discovered it says that after reporting it five days ago, Samsung has yet to respond. We’ve reached out to the Korean company ourselves and will let you know about any further developments.

Filed under: Cellphones, Samsung

Comments

Via: @Whatleydude (Twitter)

Source: Terence Eden (blog)