Android facial recognition based unlocking can be fooled with photo

Android facial recognition based unlocking can be fooled with photo Another Android Feature Exploited, Funny that Android facial recognition based unlocking can be fooled with photo . Check out the video below, courtesy of Malaysia's SoyaCincau : He said "While some of you think that it is a tric...

Google Android 2.3.5 - PowerVR SGX Driver Information Disclosure

// source: https://www.securityfocus.com/bid/57900/info The PowerVR SGX driver in Android is prone to an information-disclosure vulnerability. Successful exploits allows an attacker to gain access to sensitive information. Information obtained may aid in further attacks. Android 2.3.5 and prior...

How the Google-Motorola Deal May Affect Android Security

By B.K. DeLong With this morning’s acquisition of Motorola Mobility, Google has made the move to bring in a solid hardware component for their Android mobility platform and fired another shot across the bow of Apple. But one big questions remains: What does this acquisition mean for those trying ...

Android Passwords are stored in plain text on Disk

Android Passwords are stored in plain text on Disk A Android user complain that , All passwords are stored in plane text on Disk via a message on discussion board of Android. He said "The password for email accounts is stored into the SQLite DB which in turn stores it on the phone's file system i...

CVE-2011-1823

The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PFNETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the...

Report: For Hackers, Is Android The New Windows?

Mobile malware is on track to double again in 2011, as it has every year since 2007, according to a report from Kaspersky Lab. The doubling of malicious programs for mobile devices continues a trend first spotted in 2007 and that is beginning to resemble the world of PC viruses more each day, wit...

New WhisperMonitor Tool Gives Users Control of Android Security and Privacy Options

As the concerns surrounding the data collected and transmitted by mobile apps continue to grow, Whisper Systems, a small start-up, has released WhisperMonitor, a free tool that enables owners of Android phones to control exactly what each of their installed apps can do and monitor what data is se...

CVE-2011-1149

Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory ashmem and ASHMEMSETPROTMASK...

Researchers Develop Privacy-Protecting Android App

The continuing shift to mobile computing and the proliferation of smartphones has raised a slew of privacy and security concerns around the way that mobile devices and applications handle users’ data and personal information. A group of researchers from North Carolina State University has develop...

KillingInTheNameOf psneuter ashmem

Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges...

Android < 2.3 Multiple Vulnerabilities

Binary data 5737.prm...

New Data Stealing Trojan For Android Has Botnet Capabilities

Security researchers say they have discovered a new Trojan horse program that targets mobile phones running Google’s Android operating system that may be the first to attempt to create a so-called ‘botnet’ of infected mobile devices. The new malware, dubbed “Geinimi” raises the bar on mobile...

Android 2.0 / 2.1 Reverse Shell Exploit

// bug = webkit code execution CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 // listed as a safari bug but also works on android : //tested = moto droid 2.0.1 , moto droid 2.1 , emulater 2.0 - 2.1 //patched= android 2.2 //author = mj // hardcoded to return a shell to...