Forgot your password?
typodupeerror
Android Cellphones Handhelds Security IT

Poking Holes In Samsung's Android Security 107

Posted by timothy
from the ethical-hacking dept.
Orome1 writes "Tired of waiting for Samsung to fix a string of critical flaws in their smartphones running Android, Italian security researcher Roberto Paleari has decided to inform the public about the seriousness of the matter and maybe make the company pick up the pace. Mindful of the danger that the vulnerabilities present to the users if they are exploited by malicious individuals, he decided not to share any technical details, but to just give a broad overview of what their misuse would allow. This includes a silent installation of highly-privileged applications with no user interaction and an app performing almost any action on the victim's phone."
This discussion has been archived. No new comments can be posted.

Poking Holes In Samsung's Android Security

Comments Filter:
  • by SirJorgelOfBorgel (897488) on Thursday March 21, 2013 @09:40AM (#43233695)

    After some further investigation, it seems all these exploits are fixed in the latest 4.2 leaked firmware for the SGS3, so ... they're actually fixed, just maybe not rolled out yet.

  • by tepples (727027) <tepples&gmail,com> on Thursday March 21, 2013 @10:07AM (#43233973) Homepage Journal
    PCs don't require the user to bring in the computer to have it reprogrammed to use a different ISP. CDMA2000 without CSIM, the typical setup on U.S. prepaid carriers such as Ting and Page Plus, does.
  • by tepples (727027) <tepples&gmail,com> on Thursday March 21, 2013 @10:16AM (#43234087) Homepage Journal
    Anonymous Coward wrote:

    I still can't use my phone as a WiFi access point without paying an additional $10-$20 per month.

    That's an ISP problem more than an Android problem. During this transition from 2G to 3G to 4G-lite,* wireless carriers rely on subscribers not using all their monthly megabytes, and subscribers who use multiple devices on one plan tend to use more megabytes per month than subscribers who do not. Even a phone that obeys its owner (that is, one with a custom ROM) can't hide tethering-like behavior unless you run everything through a VPN. Carriers are reported to use traffic to Internet sites that host desktop OS updates, antivirus updates, and desktop application updates as evidence of tethering. By the time you've paid extra for a higher cap and paid extra for a VPN so that the ISP doesn't see what you're visiting, you might as well have paid for the tethering rider.

    * "Lite" because LTE isn't really 4G.

  • by Krojack (575051) on Thursday March 21, 2013 @10:32AM (#43234305)

    I had problems start with my Samsung TV. It would take 10 minutes to turn on. Just sit there clicking on, off, on, off. I called Samsung and it was a known problem. They contacted a local repair shop and had the shop come out to my house and fix it THAT NIGHT. Zero cost to me.

  • by TheGratefulNet (143330) on Thursday March 21, 2013 @10:59AM (#43234701)

    it would be hard to find someone who does NOT use cheap 'china caps' inside instead of proper panasonic (japan) or nichicon or any of the other *reliable* electrolytic makers.

    badcaps.net is informative for those that have not heard of this 15+ yr old problem in the parts industry. worldwide! china fucked the world on this and we're still paying with blown caps on nearly everything that uses them.

    buy the parts from known places (digikey, mouser, newark, jameco, etc) and you'll get guaranteed real parts, not fakes. even the vendors who build boards tend to use fake caps (bad formula) and they last about a year before they fail.

You know that feeling when you're leaning back on a stool and it starts to tip over? Well, that's how I feel all the time. -- Steven Wright

Working...