Skip to main content

vulnerability

See All Stories

Google puts millions of users at risk by ending WebView security updates for Android 4.3 Jelly Bean and below

Site default logo image

Android 4.3 Jelly Bean

Forbes reports that nearly one billion Android smartphone users that are not running the latest Lollipop operating system are at risk of malicious attacks due to Google no longer releasing security updates for the WebView tool on Android versions at or below 4.3 Jelly Bean. Research firm Rapid7 discovered that Google started the process of ending support for WebView late last year for devices not running Android 5.0 Lollipop.
Expand
Expanding
Close

Two-minute SIM card hack could leave 25 percent of phones vulnerable to spying

Site default logo image
Image: joyenjoys.com

Image: joyenjoys.com

UpdateCNN reported on 1st August that five major carriers have pushed out a patch to block the vulnerability.

A two-minute SIM card hack could enable a hacker to listen to your phone calls, send text messages from your phone number and make mobile payments from your account. The vulnerability, discovered by a German security researcher, is present in an estimated 750 million SIM cards – around one in four of all SIM cards.

Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it … 
Expand
Expanding
Close

HTC’s software found in many of their devices has a HUGE security hole

Site default logo image

The fine folks over at Android Police have discovered that many HTC devices have a huge security hole due to a recent Android update. The results are pretty shocking, and HTC has no one to blame but themselves. In a recent update, HTC included a set of logging tools that logs users email accounts, last known network and GPS connection, phone numbers that have been recently dialed, encoded SMS data (probably can be decoded), and system logs.

Okay so HTC logs all of this, what’s the big deal? The big deal is that any app that requests android.permission.INTERNET can get their hands on this information. Phones include the Thunderbolt, Evo 4G, Evo 3D, and more.

As of now, the only way to patch this hole is to root your device and remove /system/app/HtcLoggers.apk. If you’re not rooted, stay away from sketchy apps. As Android Police points out, even a high-quality app could still get their hands on this information. Android Police has all of the technical details.


Expand
Expanding
Close