Subscribe to:

Subscribe to :: TheGuruReview.net ::

OnePlus Phones Have Dangerous Hacking Backdoor

November 17, 2017 by  
Filed under Mobile

Hackers who obtained OnePlus phones can obtain virtually unlimited access to files and software through use of a testing tool called EngineerMode that the company evidently left on the devices.

Robert Baptiste, a freelance security researcher who goes by the name Elliot Alderson on Twitter after the “Mr. Robot” TV show character, found the tool on a OnePlus phone and tweeted his findings Monday. Researchers at security firm SecureNow helped figure out the tool’s password, a step that means hackers can get unrestricted privileges on the phone as long as they have the device in their possession.

The EngineeerMode software functions as a backdoor, granting access to someone other than an authorized user. Escalating those privileges to full do-anything “root” access required a few lines of code, Baptiste said.

“It’s quite severe,” Baptiste said via a Twitter direct message.

OnePlus disagreed, though it said it’s decided to modify EngineerTool.

“EngineerMode is a diagnostic tool mainly used for factory production line functionality testing and after sales support,” the company said in a statement. Root access “is only accessible if USB debugging, which is off by default, is turned on, and any sort of root access would still require physical access to your device. While we don’t see this as a major security issue, we understand that users may still have concerns and therefore we will remove the adb [Android Debug Bridge command-line tool] root function from EngineerMode in an upcoming OTA.”

SecureNow found the tool on the OnePlus 3 and OnePlus 5. Android Police reported it’s also on the OnePlus 3T. And Baptiste said it’s also on the new OnePlus 5T.

Baptiste had spotted evidence that EngineerMode was written by mobile chipmaker Qualcomm. But Qualcomm said Wednesday that’s not the case.

“After an in-depth investigation, we have determined that the EngineerMode app in question was not authored by Qualcomm,” the company said in a statement. “Although remnants of some Qualcomm source code is evident, we believe that others built upon a past, similarly named Qualcomm testing app that was limited to displaying device information. EngineerMode no longer resembles the original code we provided.”

AVAST To Seek An IPO In 2018

November 10, 2017 by  
Filed under Around The Net

AV outfit Avast has hired Rothschild to prepare the business for an initial public offering (IPO) which could value the firm at as much as $4 billion.

CVC Capital Partners, which took control of the Prague-based company in 2014, could seek a London listing for Avast in the first half of next year if market conditions allow.

If successful, Avast’s float would represent the largest ever UK technology IPO. However it would have to navigate a tough market, which has seen a number of planned London listings pulled in recent weeks.

CVC hired Rothschild after talking to a series of banks as part of a contest in October, the sources said, adding Rothschild will carry out the preliminary work for the deal which includes the selection of global coordinators and bookrunners.

Avast, which previously attempted to float on Nasdaq in 2012, has Summit Partners among its minority investors alongside Czech entrepreneurs Pavel Baudiš and Eduard Kuera who founded the company in 1991.

Courtesy-Fud

Android Apps Poses Security Risk For Cars

February 20, 2017 by  
Filed under Around The Net

Android applications that allow millions of drivers to remotely locate and unlock their vehicles are missing security features that could prevent tampering by hackers.

Researchers from antivirus vendor Kaspersky Lab took seven of the most popular Android apps that accompany connected cars from various manufacturers, and analyzed them from the perspective of a compromised Android device. The apps and manufacturers have not been named.

The researchers looked at whether such apps use any of the available countermeasures that would make it hard for attackers to hijack them when the devices they’re installed on are infected with malware. Other types of applications, such as banking apps, have such protections.

The analysis revealed that none of the tested applications used code obfuscation to make it harder for attackers to reverse-engineer them, and none of them used code integrity checks to prevent malicious manipulation.

Two applications didn’t encrypt the login credentials stored locally and four encrypted only the password. None of the apps checked if the devices they’re running on are rooted, which could indicate that they’re insecure and possibly compromised.

Finally, none of the tested applications used overlay protections to prevent other apps from drawing over their screens. There are malware apps that display fake log-in screens on top of other apps to trick users to expose their log-in credentials.

While compromising connected-car apps might not directly enable theft, it could make it easier for would-be thieves. Most such apps, or the credentials they store, can be used to remotely unlock the vehicle and disable its alarm system.

Also, the risks are not “limited to mere car theft,” the Kaspersky researchers said in a blog post. “Accessing the car and deliberate tampering with its elements may lead to road accidents, injuries, or death.”

While manufacturers are rushing to add smart features to cars that are meant to improve the experience for car owners, they tend to focus more on securing the back-end infrastructure and the communications channels. However, the Kaspersky researchers warn, that client-side code, such as the accompanying mobile apps, should not be ignored as it’s the easiest target for attackers and most likely the most vulnerable spot.

“Being an expensive thing, a car requires an approach to security that is no less meticulous than that of a bank account,” the researchers said.

Researchers Uncover Android Ransomware That Changes PIN Codes

September 14, 2015 by  
Filed under Mobile

Researchers at security company ESET have uncovered a type of malware that changes an Android device’s PIN, the first of its kind in a constantly changing landscape of ransomware attacks.

For most users, the only option to get rid of the malware is to reset the phone to its factory settings, which unfortunately also deletes all the data on the device.

The malware calls itself “Porn Droid” and bills itself as a viewer for adult content. It has been seen only on third-party Android application marketplaces or forums for pirated software, wrote Lukas Stefanko, an ESET malware analyst.

But after it’s installed, users see a warning supposedly from the FBI that they’ve allegedly viewed “prohibited pornography.” It asks for a $500 fine to be paid within three days.

To change the device’s PIN, Porn Droid needs administrator-level access to the phone.  Stefanko wrote that the malware uses a new method to obtain that high level of access.

When Porn Droid runs, it asks people to click a button. “After clicking on the button, the user’s device is doomed,” Stefanko wrote. “The Trojan app has obtained administrator rights and now can lock the device. And even worse, it sets a new PIN for the lock screen.”

Other kinds of Android malware locked the screen by keeping the ransonware warning in the foreground using an infinite loop. But that could be remedied by using a command-line tool, the Android debug bridge, or deactivating admin rights in Safe Mode, according to Stefanko.

In the case of Porn Droid, if someone tries to deactivate the admin privileges, the malware uses a call-back function to reactivate them, Stefanko wrote.

The malware is also coded to try to shut down three mobile antivirus products: Dr. Web, ESET’s Mobile Security and Avast.

More advanced users may be able to get rid of Porn Droid without resetting and erasing all data on their phone. It is possible to remove the malware if a user has root privileges to the device, and some security software can stop it, Stefanko wrote.