samedi 16 mars 2013

galaxy s4 exploit

Security exploit opens Samsung Galaxy S III, Note II to attack, could let apps from Google Play write to Kernel
Amid the XDA community's ongoing quest to root every Android handset it comes across, one forum user appears to have found a serious exploit that affects certain Exynos devices. While fiddling with his Galaxy S III, XDA user Alephzain discovered a way to obtain root without flashing with Odin. The Samsung kernel apparently allows read / write access to all physical memory on the device, including the kernel itself. This makes for an easy root, Alephzain writes, but leaves devices open to attack -- allowing Kernel code injections and RAM dumps from malware-laden apps from the Google Play store.
It isn't the only avenue for attack on an Android handset, but it is an exceedingly easy attack. Luckily, a community fostered fix seems pretty simple too -- XDA user RyanZA has already created a patch to modify write permissions on affected devices -- though Galaxy S III users are reporting that the fix cripples the phone's camera app. So far, Alephzain has confirmed that the Galaxy S II, III, Note II and the Meizu MX are at risk, but notes that the exploit might work on any device running a Exynos 4210 or 4412 processor. Samsung has not yet made a comment about the vulnerability, but forum members say that the issue has been reported. As for the exploit's lasting implications? Head on over to the XDA forums to join the discussion.
Update: François Simond (aka Supercurio) wastes no time plugging holes, and has already released a root-free fix for the vulnerability. Simond's solution is wrapped up in a simple APK, and requires no root, no flashing and no special know-how. It can be enabled or disabled manually, too -- allowing Galaxy S III users to regain full use of their front-facing camera, which as previously stated, is disrupted by the fix. Best of all, it's free -- skip on over to Project Voodoo at the source to get protected.
Update 2: Our good friend Supercurio also brought our attention to a statement released by Samsung France to Le Monde: the company will be issuing an official patch "very quickly," and it emphasized that this is an issue "only if a malicious application is installed." Obviously, for now you can use Supercurio's patch to ease your mind.

IPhone 5 hacked

successfully breached an iPhone 4S at the mobile Pwn2Own hacker contest held this week at the EUSecWest event in Amsterdam.

As we reported that Joost Pol and Daan Keuper won the mobile Pwn2Own contest by compromising a fully patched iPhone 4S device and stealing contacts, browsing history, photos and videos from the phone.

The vaunted security of the iPhone (4S) took an epic fail tumble during the event when they was able to build an exploit for a vulnerability in WebKit to beat Apple's code-signing features and the MobileSafari sandbox. The same bug is present in the iOS6 Golden Master development code base, which means iPhone 5 is  also vulnerable to the same exploit. Apple iPads and iPod Touch devices are also vulnerable.

"We specifically chose this one because it was present in iOS 6, which means the new iPhone coming out today will be vulnerable to this attack," Pol said. The duo won $30,000 for their efforts.

A good thief can hack into your personal data given enough time, we estimate that may mean a full working day of hacking.