Forbes reports that nearly one billion Android smartphone users that are not running the latest Lollipop operating system are at risk of malicious attacks due to Google no longer releasing security updates for the WebView tool on Android versions at or below 4.3 Jelly Bean. Research firm Rapid7 discovered that Google started the process of ending support for WebView late last year for devices not running Android 5.0 Lollipop. expand full story
vulnerability Stories January 12, 2015
vulnerability Stories July 22, 2013
Update: CNN reported on 1st August that five major carriers have pushed out a patch to block the vulnerability.
A two-minute SIM card hack could enable a hacker to listen to your phone calls, send text messages from your phone number and make mobile payments from your account. The vulnerability, discovered by a German security researcher, is present in an estimated 750 million SIM cards – around one in four of all SIM cards.
Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it … expand full story
vulnerability Stories October 2, 2011
The fine folks over at Android Police have discovered that many HTC devices have a huge security hole due to a recent Android update. The results are pretty shocking, and HTC has no one to blame but themselves. In a recent update, HTC included a set of logging tools that logs users email accounts, last known network and GPS connection, phone numbers that have been recently dialed, encoded SMS data (probably can be decoded), and system logs.
Okay so HTC logs all of this, what’s the big deal? The big deal is that any app that requests android.permission.INTERNET can get their hands on this information. Phones include the Thunderbolt, Evo 4G, Evo 3D, and more.
As of now, the only way to patch this hole is to root your device and remove /system/app/HtcLoggers.apk. If you’re not rooted, stay away from sketchy apps. As Android Police points out, even a high-quality app could still get their hands on this information. Android Police has all of the technical details.