Related
At the company I work for, an email came out from our care group that I thought everyone might find interesting. When I first read it, I immediately thought of the MIUI ROM that I installed....
"A new virus infecting the android based phones has been detected in china.It is being said that this is by far the most complicated and sophisticated Android virus that the security firm has come across.This virus is being dubbed as ‘Gemini’ and it has the capability of being remotely operated by the hacker once it is in the phone.Though many viruses have been detected earlier in Android apps. but this the is most sophisticated among all of them.
The Botnet feature of the virus is the major concern.Once the malware is completely installed on the user’s phone, it has the potential to receive commands from a remote server that allows the hacker to access the user’s data and all personal stuff.Once the privacy of the user is compromised,the hacker can do anything he wish to do.
Lookout mobile security,who basically detected this virus said that Gemini uses advanced and sophisticated techniques to hide it’s track.They also said that that the virus is capable of sending location coordinates and device identifiers to the remote server, helping it to generate a list of all installed apps on the infected phone and to install more infected ones.
All the infected applications that have yet come up have been downloaded from a third party Chinese application market. “Geinimi is effectively being ‘grafted’ onto repackaged versions of legitimate applications, primarily games, and distributed in third-party Chinese Android app markets,” the company wrote in a blog post.On the other hand,the same applications that are downloaded from official Android application market are safe.
Although it is not very clear that what actually is the intent of the authors of Gemini.The chief technology officer for Lookout,Kevin mahaffy said that “It could be anything from a malicious advertising network to an attempt to create a botnet”.Botnet basically is a group of infected computers or phones that the attacker controls to compromise for data and identity theft and also it can be used to launch attack on other machines.
The application which are grafted with virus are mostly games and a few applications.Some among them are:
• Monkey Jump 2
• Sex Positions
• President vs. Aliens
• City Defense
• Baseball Superstars 2010.
Here’s how it works:
When a host application containing Geinimi is installed on a client’s phone, the Trojan gets activated in the background and collects information that can compromise a user’s privacy.Geinimi attempts to connect to a remote server using one of 10 embedded domain names. If it connects, Geinimi transmits collected information to the remote server."
here you go http://www.msnbc.msn.com/id/40857219/ns/technology_and_science-wireless/
Interesting read. I wonder: If the infected app is removed, does the virus get removed with it?
rugedraw said:
Interesting read. I wonder: If the infected app is removed, does the virus get removed with it?
Click to expand...
Click to collapse
that would make for a pretty ineffective trojan. I highly doubt it.
also, as per the msnbc article, the virus is named "Geinimi," not "Gemini." Although I guarantee everyone will call it gemini because it's so much easier, at least to an english speaker.
Old news.
cjh6386 said:
that would make for a pretty ineffective trojan. I highly doubt it.
Click to expand...
Click to collapse
It does get removed if you remove it from applications. The only way it wouldn't get removed is if the app were to root the device first, and then push the apk to the apps folder. but this one doesnt do that.
I'm honestly surprised there aren't more of them out there, it would be way to easy to do.
Sent from my PC36100 using XDA App
cjh6386 said:
that would make for a pretty ineffective trojan. I highly doubt it.
Click to expand...
Click to collapse
Good point......I'm just not sure how viruses affect our phones compared to how they affect Windows based PC's.
Last-Chance said:
Old news.
It does get removed if you remove it from applications. The only way it wouldn't get removed is if the app were to root the device first, and then push the apk to the apps folder. but this one doesnt do that.
Click to expand...
Click to collapse
Even then, you would still be able to remove it manually from the apps folder, no? Providing the user has root access, of course.
This is bull****. Why can't they leave viruses for windows computers?
Sent From My HTC Evo 4G On The Now Network From Sprint Using Tapatalk Pro!
I guess it's becoming an issue with the carriers too since our Care department is now getting swamped with calls from people who either "think" they're phones are infected or read that MSNBC article.....
In any event, I have to admit that I didn't even give it a thought that I might get a virus on my phone. I actually even saw quite a few virus programs on the Market and just ignored them. I'll now have to revisit that option, especially since I'm installing ROMS from every source that posts them....
rugedraw said:
Good point......I'm just not sure how viruses affect our phones compared to how they affect Windows based PC's.
Even then, you would still be able to remove it manually from the apps folder, no? Providing the user has root access, of course.
Click to expand...
Click to collapse
probably, but if the app is smart enough to root android devices, chances are its smart enough to hide itself. With root access it can pretty much do anything it wants, including hiding itself, as well as accessing other programs, and what not.
Would a nand restore get rid of it?
Sent from my HTC Supersonic
If it needs root access to do it's thing, wouldn't that trigger the superuser app? And if a game triggers the superuser app, and a person clicks on "Allow"...then...maybe they deserve to be infected.
From what I remember of reading about this virus, it only affected users in China who downloaded it from a third-party market application and not Google's Android Market.
Viruses in android doesn't make any sense to me at all. Since android is so different. As another poster stated, doing a nand is in essence like wiping the total system, correct?
Sent from the Evo 4G
dglowe343 said:
Would a nand restore get rid of it?
Sent from my HTC Supersonic
Click to expand...
Click to collapse
in essence yes. But a person smart enough to code a virus that roots devices is probably smart enough to backdoor nand restore points as well.
Holyrolla said:
If it needs root access to do it's thing, wouldn't that trigger the superuser app? And if a game triggers the superuser app, and a person clicks on "Allow"...then...maybe they deserve to be infected.
Click to expand...
Click to collapse
The chinese one doesn't need root. I was just saying that if it had root it would be a lot harder to remove. And the app is binded to other programs, so the person will probably not even know that the legit one doesnt require superuser.
mbaseball3 said:
Viruses in android doesn't make any sense to me at all. Since android is so different. As another poster stated, doing a nand is in essence like wiping the total system, correct?
Sent from the Evo 4G
Click to expand...
Click to collapse
Why doesn't it? Millions of dollars are stolen each year by criminals that infect phones in order to dial out premium numbers.
Last-Chance said:
in essence yes. But a person smart enough to code a virus that roots devices is probably smart enough to backdoor nand restore points as well.
Click to expand...
Click to collapse
fear monger much?
EDIT: for those curious he's just drumming up nonsense to see if he can get you in a frenzy ... that or has has NO CLUE what he's talking about.
Even if someone was stupid enough to "Accept default permissions" and not question why your video game that you downloaded from a third party marketplace with "allow unknown sources to be installed" flag set needs to look at your phone calls and personal contacts ... there would still be a popup by superuser the moment it tried to do something that required root.
It's a perfect storm trojan: no more a risk to your phone than a phishing site is to your identity: that is a huge problem if you're an idiot.
Justin.G11 said:
fear monger much?
EDIT: for those curious he's just drumming up nonsense to see if he can get you in a frenzy ... that or has has NO CLUE what he's talking about.
Even if someone was stupid enough to "Accept default permissions" and not question why your video game that you downloaded from a third party marketplace with "allow unknown sources to be installed" flag set needs to look at your phone calls and personal contacts ... there would still be a popup by superuser the moment it tried to do something that required root.
It's a perfect storm trojan: no more a risk to your phone than a phishing site is to your identity: that is a huge problem if you're an idiot.
Click to expand...
Click to collapse
yea bro, cause you know what you are talking about. How about you actually look up **** before talking.
1. A 3rd party app can simply ask for 1 permission, then root the phone and gain wide variety of permissions. When i say root, i dont mean the same way as you see here. It will gain permissions beyond what normal apps do. It wont ask for superuser permissions. It will only ask for 1 permission on install
2. Did you know that there is a Buffer overflow available on all phones that are running 2.1 of android? Did you also know that there is a buffer overflow for all androids that are running the latest webkit on 2.2? apparently not. fyi, a buffer overflow in a browser can represent a huge risk, meaning visiting a website that is infected will in return infect you. A buffer overflow will also not ask for any permissions and load a malicious application straight to your phone.
Next time when you talk to someone as if they were a kid, make sure that person doesn't happen to have a CS degree, and 8+ years of experience in computer security. Now gtfo.
those chinese have a strange sense of humor, I bet it started as a prank by some drunk college students to see if they could do something small that would make americans even more paranoid
NewZJ said:
those chinese have a strange sense of humor, I bet it started as a prank by some drunk college students to see if they could do something small that would make americans even more paranoid
Click to expand...
Click to collapse
if you call being charged 100s of dollars on your bill because some virus made phone calls to premium rate numbers a joke, then yes they are very funny.
Hi there,
I am debating if I should root my Atrix or not. I checked out few posts and they seem a bit complecated. Also, I found this article saying carriers will track down rooted devices and restricted services.
By the way, can I still install some of Motorola o/s for dock stations? I have a multimedia and a car dock.
http://www.mydroidworld.com/forums/...rooting-manufacturers-carriers.html#post65013
Any thoughts?
No one will track you down and restrict you. And it's very safe to root.
Just for apps like Adfree which kills advertisements, this is reason enough for me to root! Not to mention super helpful things like customer recovery to back things up, the ability to sideload (install non-market apps if you're on AT&T), etc.
Android is quite open source but rooting opens up another amazing realm of extremely essential apps.
bongd said:
No one will track you down and restrict you. And it's very safe to root.
Just for apps like Adfree which kills advertisements, this is reason enough for me to root! Not to mention super helpful things like customer recovery to back things up, the ability to sideload (install non-market apps if you're on AT&T), etc.
Android is quite open source but rooting opens up another amazing realm of extremely essential apps.
Click to expand...
Click to collapse
I will take your word for it then! Just kidding. Would you be able recommend any good root techniques on the forum? I think there are few methods and am not sure which one is the best.
Thank you!
I say root it. I rooted mine and i love it this way. I had mine for only two days before I rooted it. I was a little nervous at first and felt that i really didnt want to do it, but the benefits were too great with a rooted phone than without a rooted phone. I am on the AT&T network and i hate it when someone tries to tell me what I can't do with something I purchased. Trust me when i say that you are going to want software that is not in the market as well.
And... I really, really love the fact that I don't need to be docked to use my WebTop.
Again... i say root it.
janggu said:
I will take your word for it then! Just kidding. Would you be able recommend any good root techniques on the forum? I think there are few methods and am not sure which one is the best.
Thank you!
Click to expand...
Click to collapse
Gladroot. It's the easiest and can enable tethering and sideloading as well.
You must be on 1.2.6 to root. You can run their first script which will root it. You can then do AT&T's download and run their second script which will root that too. BOOM!
It shouldn't take any longer than 10 minutes.
Well... there was that one thing where AT&T is supposedly locking out, or might be locking out phones that have been determined to be rooted. But the fact of the matter is, if they do that with absolutely no reason other than the phone being rooted, i'm sure you'll see a class action lawsuit about it since rooting/jailbreaking a cell phone is legal now according to the Digital Millennium Copyright Act. The only reason i can see them disabling service is if you root it, and use one of the alternate methods of tethering, and wind up using a TON of bandwidth.... well over what anyone would even remotely do on just the phone if they didn't have any tethering package or way to tether. Then you'd basically be using their networks in a way that could be deemed illegal. But there's no issue with just rooting it to use applications not approved by the carrier or phone manufacturer.
Would you want to be admin on your own computer?
I think rooting is a must. The use of sideloading alone is worth it. I would hate to not be able to use the Amazon Appstore, Ive really come to like it.
One thing to mention though. The Blockbuster app detects root and wont allow content to be purchased because of DRM concerns. I dont know if this will be a problem with future apps.
Yeah, I did!
I rooted my Atrix with "gladroot" last night. Can't wait to customize it now.
Thank you very much for your valid inputs everyone!!!
Where are these non market apps that everyone speaks of
Sent from my MB860 using XDA App
JohnnyDanger said:
One thing to mention though. The Blockbuster app detects root....
Click to expand...
Click to collapse
What's Blockbuster? ;-)
Sent from my MB860 using XDA Premium App
I know right. I was just using that as an example. Never know what might be blocked next.
Sent from my MB860 using XDA Premium App
So I had my honeycomb rooted and had removed all the apps I didn't want/need and all was good.
Now I've updated to ICS, and re-rooted, but I'm finding that some of the bloatware is a little more entrenched than I remember. For example I can't seem to delete Zinio, or Acer Media, or Acer Registration (among others)
ES file explorer says "Uninstall not successful"
Titanium Backup says it can't find the APK file
And yet all of these apps exist in my app drawer, and all of them can be run.
Any ideas on how to purge some of these stubborn apps?
ICS has a freeze feature built-in that works for many system app. Go to settings-apps-all-choose your app-disable.
That's a start, but I don't want the apps there at all, I want them gone. it was easy enough on HC...
I'm with you...
I would like so see these gone as well. I tried to use Titanium backup and was not able to get them removed. It said it uninstalled them but on reboot, sure enough, there they were. Right back where they started. I'm still working on finding a way around this, but I'm not sure where to go here. I pulled the .apk files out of /system/app/ thinking that it would keep them from re-installing on reboot, but they ahve returned, so they have to be stored somewhere else, it's just a matter of finding them and then doing something with them. Hopefully when I find them and remove them it doesn't cause a failure to boot or something dumb.
I'll reply here if I make any significant progress.
--Chip Sharp
ve6rah said:
That's a start, but I don't want the apps there at all, I want them gone. it was easy enough on HC...
Click to expand...
Click to collapse
Frozen/disabled is as good as deleted. The .apk might still be in /system/app, but it's never ran, has no data, doesn't appear in the app drawer etc.
Rusty! said:
Frozen/disabled is as good as deleted.
Click to expand...
Click to collapse
I disagree. The inability to delete them has 2 problems that I don't like
1) they still take up space for something that is completely without value.
2) it' symbolic. I paid for the device, it's mine. I should be able to do anything I like with it. Silly restrictions like this just exist for the manufacturer to thumb their nose at us and show us who is really in charge. That is unacceptable. They should not have any control over my equipment whatsoever.
Since they're on /system, they're not taking up any 'usable' space.
lowsum said:
ICS has a freeze feature built-in that works for many system app. Go to settings-apps-all-choose your app-disable.
Click to expand...
Click to collapse
Hmm, I dont see the 'disable' button...
Rusty! said:
Since they're on /system, they're not taking up any 'usable' space.
Click to expand...
Click to collapse
While I don't agree that any space is "unusable" space, you did help point me at least a little bit in the right direction. The apps are located in /system/vendor/app, I seem to be able to write to /system, but not to /system/vendor
I wonder if there's a way to do that?
AfricanTech said:
Hmm, I dont see the 'disable' button...
Click to expand...
Click to collapse
It only appear on system apps that are not essential, user app can simply be uninstalled.
ve6rah said:
I disagree. The inability to delete them has 2 problems that I don't like
1) they still take up space for something that is completely without value.
2) it' symbolic. I paid for the device, it's mine. I should be able to do anything I like with it. Silly restrictions like this just exist for the manufacturer to thumb their nose at us and show us who is really in charge. That is unacceptable. They should not have any control over my equipment whatsoever.
Click to expand...
Click to collapse
You understand that you do not own the OS that's installed on your tablet...right? You just own a license to use the OS that they provide for you. There's some EULA somewhere that you signed off on that allows them to stuff all the crapware they want on your copy of Android. Root the thing and install one of the aftermarket Dev copies of ICS and problem solved.
I did root the thing, but I emphatically do NOT "understand" that I do not own the tablet and everything included on it.
EULAs are generally considered to be unenforceable, and are definitely unconscionable.
Had I wanted to let some corporation control my devices I would have bought an iPad!
It's high time we make it clear to corporations that they do NOT own anything after we give them our money and take it home. That means no locked bootloaders, no forced bloatware, no provider locks, and no retroactive feature removals.
ve6rah said:
I did root the thing, but I emphatically do NOT "understand" that I do not own the tablet and everything included on it.
EULAs are generally considered to be unenforceable, and are definitely unconscionable.
Had I wanted to let some corporation control my devices I would have bought an iPad!
It's high time we make it clear to corporations that they do NOT own anything after we give them our money and take it home. That means no locked bootloaders, no forced bloatware, no provider locks, and no retroactive feature removals.
Click to expand...
Click to collapse
No one "owns" software. They can only license the use of the software. This is a copyright issue. The author of the software, or the company the author works for are the only people who "own" the software. Merely because you bought a computer does not make you the owner of the licensed software that's been installed on it. There's no vague or gray areas here. You do not own the Android OS on your tablet. I do not own mine. I do not own my copy of Windows or my copy of OSx on my other devices. We are granted a limited use license.
If you truly believe what you said, how can you possibly advocate rooting your device? You are going against what the manufacturer wanted you to do. How dare you use your device that way?
ve6rah said:
If you truly believe what you said, how can you possibly advocate rooting your device? You are going against what the manufacturer wanted you to do. How dare you use your device that way?
Click to expand...
Click to collapse
Android's operating systems, in their pure form, are open source. The specific build that a manufacturer, such as Acer, installs on your device is licensed. It's not what a manufacturer "wants" me to do, it's what I'm legally entitled to do with what I do and do not own. Pure Android build- open source. What Acer installed- licensed.
It's really that simple.
Are you trying to tell me that it would be ILLEGAL for me to remove their bloatware?????
That's all I asked to do when you gave me a lecture on how copyright gives them the "right" to lock down anything they want.
ve6rah said:
Are you trying to tell me that it would be ILLEGAL for me to remove their bloatware?????
That's all I asked to do when you gave me a lecture on how copyright gives them the "right" to lock down anything they want.
Click to expand...
Click to collapse
Actually, it was this that you said
ve6rah said:
I paid for the device, it's mine. I should be able to do anything I like with it. Silly restrictions like this just exist for the manufacturer to thumb their nose at us and show us who is really in charge. That is unacceptable. They should not have any control over my equipment whatsoever.
Click to expand...
Click to collapse
I have explained to you that they own the operating system on your tablet. They have the right to place any and all controls on how that operating system is locked, protected, etc. It IS your equipment. That is the hardware. It is NOT your operating system. That is the software.
I have not talked about breaking copyright law in any way, shape, or form. I have simply asked to have control of what my purchased device does.
You on the other hand have indicated that doing anything outside of what the manufacturer intended is something they should be allowed full control to stop. I don't agree. Your vision would have them deny us root, lock the devices down until they are no more useful than your TV.
There is no difference in software or hardware once the device is in my hands. I can modify either one as long as I don't redistribute it (the former breaches copyright, the later breaches patent and trademark laws)
Copyright law is there to stop you from COPYING, it was never intended to control how you USE a specific work. The law where I live at the moment explicitly grants me the permission to modify it in any way that I want as long as I don't REDISTRIBUTE it. EULAs are unenforceable, and unconscionable.
I will USE my tablet in any way I see fit. And that includes doing anything I can to remove bloatware.
You on the other hand should quit being such a hypocrite, if you think that manufacturers should be allowed to dictate how you use their product (despite the law not giving them any such power) then you should unroot and return your tablet to stock immediately.
As suggested before, if you're unhappy with what is installed on your device, simply root it and install one of the many ROMs available here and elsewhere.
And as stated before, I DID root it, and as for installing a new ROM, that's entirely my decision.
And from the legal stand point (which you brought up by the way) what I am asking about by changing what's in my existing install, is the right way to go.
Plus, when has xda-developers ever been about NOT modifying the software of your device?
In short, quit telling me what NOT to do, if you don't want to help me with my stated question you're free to not respond to it.
Unreal,
Read it here........
http://www.businessinsider.com/unpa...ung-smartphones-risk-hacking-nowsecure-2015-6
CC
cc999 said:
Unreal,
Read it here........
http://www.businessinsider.com/unpa...ung-smartphones-risk-hacking-nowsecure-2015-6
CC
Click to expand...
Click to collapse
From what I understand it has to be done on an unsecured network and has to be at the exact same time as you update the app. Making it next to impossible as a hacker would have to know your updating habits!
Sent from my SM-G920I using Tapatalk
Even with 600 million devices at risk, the chances that this exploit could ever be used is minimal because as mentioned above it required someone to do some pretty unlikely things on a network with a hacker
You guys act like you all work for some intelligence companies and hackers would give a **** to steal your data.
Sent from my SM-G920T
Totally overblown and already being discussed in the S6 Edge forum (link). Here are the most pertinent posts:
tanjiajun_34 said:
I believe it should be easy to fix. I cannot try because I have have Swiftkey preinstalled but I believe these are the methods you can try...
1. Update the Swiftkey to the one on Play Store.
2. Disable the Swiftkey application. I believe all non Samsung system applications and some of Samsung's system applications should be able to be disabled. Swiftkey shouldn't be a problem...
3. You are here on xda so chances you will be rooting your phone I assume? If you have root, you can just uninstall it.
Click to expand...
Click to collapse
droidzer1 said:
Totally overblown vulnerability article today on Swiftkey. Firstly I seriously doubt 600M phones have it. I just checked 8 Samsung phones from various carriers - Sprint, Verizon, US cellular - S3, S4's, S5's, Note 2 and 3's and out of those 8 only one had Swiftkey on it. Easy to uninstall or Freeze if rooted. I take this as a punch back from someone on the Apple fan club finding a minor and hard to exploit vulnerability in android since Apple just got hit big in the last week or so. If you didn't find one of the articles detailing this exploit here's the skinny: It only can be exploited if you are on Wifi and on the same Hotspot or router as a would be hacker. That hacker needs to do some fairly complex stuff to spoof a Swiftkey server and your phone has to be trying to download a language pack update. I'd say there is about a 1 in 600 million chance of that happening
Click to expand...
Click to collapse
So, this pretty much sums it up in one word:
cc999 said:
Unreal
Click to expand...
Click to collapse
Galaxy S6 Keyboard Security Fix
Hello all,
So we all know about the security flaw of the Samsung keyboard app that has affected the Galaxy S6, S5, S4 and other devices. Simply installing a third-party keyboard will not fix the problem. You need to completely uninstall it.
Source: http://www.naldotech.com/how-to-fix-galaxy-s6-keyboard-swiftkey-security-issue/
Note: Make sure to have a third-party keyboard installed or you will not be able to use the phone.
1. You need root access and Titanium Backup.
2. Open Titanium and go to Backup/Restore.
Scroll down until you find Samsung Keyboard 4.0 and tap on it.
Make a backup first and then press the uninstall button"".
This isn't the best solution but it will work for all the people who want to sleep well at night without the fear of the flaw.
there is nothing to worry about, don't connect to unsecure networks (but how often do you do that) and don't update the language packs when you are on one (how often do you do that? once during setup!!)
ive always preferred the google keyboard, thank you.
The bug is not in the app called "SwiftKey" that comes preinstalled or the one you might get from the Play Store, but in the stock Samsung keyboard app, which uses an SDK from SwiftKey (here referring to SwiftKey the company, not the aforementioned SwiftKey app) to do its word predictions. The vulnerability can be exploited (as I understand it) as often as this stock keyboard polls for language updates. Not sure how often that is, but it isn't user initiated, so it could happen at any time if the app polls for an update while the user is connected to a network with a malicious user on it. The best protection for the average user (as I understand it) is to simply avoid connecting to networks whose security you aren't absolutely certain of. this is the technical writeup where I got most of my info from, however, they do talk about a "Swift keyboard", which the other reputable sources I've seen (such as this SwiftKey article on the issue) clarify as the stock Samsung keyboard.
okay if I understand you correctly you are saying that the Samsung keyboard was developed using the SDK from swifty and the only way to not be vulnerable to this exploit is to remove the stock samsung keyboard and use a third-party alternative is that correct?
Sent from my SM-G920F
OSI-813 said:
okay if I understand you correctly you are saying that the Samsung keyboard was developed using the SDK from swifty and the only way to not be vulnerable to this exploit is to remove the stock samsung keyboard and use a third-party alternative is that correct?
Sent from my SM-G920F
Click to expand...
Click to collapse
If you are rooted and have the ability to completely remove it, I think that would probably get rid of the issue as well, but I can't say that definitively, and I can't say for sure what side effects that might have. (If someone who knows the internals a bit better would weigh in, I would appreciate some clarification on that point as well.) I know that just switching the default keyboard to a third-party isn't good enough. What I am doing until a fix comes out (which doesn't really differ from my normal behaviors, but that's beside the point) is basically only connecting to the wifi at home, work, and the university I am attending. I also added the update site (skslm.swiftkey.net) to my hosts file (using AdAway), which should block any traffic to the update site from leaving the phone.
OSI-813 said:
okay if I understand you correctly you are saying that the Samsung keyboard was developed using the SDK from swifty and the only way to not be vulnerable to this exploit is to remove the stock samsung keyboard and use a third-party alternative is that correct?
Sent from my SM-G920F
Click to expand...
Click to collapse
You could just wait a few days, knowing that the risk is very insignificant in the first place:
Update: Samsung reached out to us to announce that it will soon patch the vulnerability through Knox. Read the full statement below:
Samsung takes emerging security threats very seriously. We are aware of the recent issue reported by several media outlets and are committed to providing the latest in mobile security. Samsung Knox has the capability to update the security policy of the phones, over-the-air, to invalidate any potential vulnerabilities caused by this issue. The security policy updates will begin rolling out in a few days. In addition to the security policy update, we are also working with SwiftKey to address potential risks going forward.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
Source: Phone Arena
They have to initiate the hack the SAME EXACT TIME you update your keyboard app...lol. You've got better chances of being robbed at gun point FYI.
bloodrain954 said:
They have to initiate the hack the SAME EXACT TIME you update your keyboard app...lol. You've got better chances of being robbed at gun point FYI.
Click to expand...
Click to collapse
False. Anyone with a little programming knowledge and the right tools could easily set up a program to passively take advantage of this exploit. It doesn't require the user to do anything to the keyboard app, the app polls for updates to its language files every so often regardless of anything the user does. And all the attacker has to do is use software that's already out there that lets them write programs to intercept and alter web traffic. Heck, there's a proof of concept by the people at NowSecure that should be pretty easy to turn into a usable hack. An industrious hacker might not even have to be nearby, they could tuck a Rasperry Pi away in the corner of a starbucks and infect some phones that way. Are you at any risk in most situations? Probably not. But I still would make sure your phone doesn't automatically connect to unsecured wi-fi.
dustfinger314 said:
False. Anyone with a little programming knowledge and the right tools could easily set up a program to passively take advantage of this exploit. ....
An industrious hacker might not even have to be nearby, they could tuck a Rasperry Pi away in the corner of a starbucks and infect some phones that way. Are you at any risk in most situations? Probably not. But I still would make sure your phone doesn't automatically connect to unsecured wi-fi.
Click to expand...
Click to collapse
Curious, how often are you on an insecure network? For me, basically pretty much never.
krelvinaz said:
Curious, how often are you on an insecure network? For me, basically pretty much never.
Click to expand...
Click to collapse
Haha, also pretty much never.
dustfinger314 said:
False. Anyone with a little programming knowledge and the right tools could easily set up a program to passively take advantage of this exploit. It doesn't require the user to do anything to the keyboard app, the app polls for updates to its language files every so often regardless of anything the user does. And all the attacker has to do is use software that's already out there that lets them write programs to intercept and alter web traffic. Heck, there's a proof of concept by the people at NowSecure that should be pretty easy to turn into a usable hack. An industrious hacker might not even have to be nearby, they could tuck a Rasperry Pi away in the corner of a starbucks and infect some phones that way. Are you at any risk in most situations? Probably not. But I still would make sure your phone doesn't automatically connect to unsecured wi-fi.
Click to expand...
Click to collapse
I'm curious, do you buy tinfoil hats in bulk or as needed?
bloodrain954 said:
I'm curious, do you buy tinfoil hats in bulk or as needed?
Click to expand...
Click to collapse
I can't tell you that for security reasons.
I think you're more likely to be killed by a cow.
hese security flaws happen all the time and are blown out of proportion by people wanting to scaremonger. Tell me OP how many have been exploited
Personally I would give the root bounty to Kingroot if they gave us the keys so we could root without having to be connected to the internet.
Root on Demand, even if it is temporary is better than permanent root in some respects.
If we had permanent root some of the phones features would stop working like My Knox Security and Samsung pay and some others apps won't work with root but they will work with Kingroot.
The two problems I see with Kingroot are First, Security, we don't know what information we are sharing with them. I don't like being connected to their server with a rooted phone.. And second, Reliability, they could shut the whole system down any time they get ready and we would have no recourse.
If the Kingroot team would give us the keys and the source code so we could understand how to roots our own phones, I would agree to give them the bounty. I only speak for myself and do not represent anyone connected to the Root Bounty for the Verizon Note 4 on XDA.
P.S. I have updated the updated the first and second post at Kingroot on top of My KNOX, Working Great! !
doctor-cool said:
Personally I would give the root bounty to Kingroot if they gave us the keys so we could root without having to be connected to the internet.
Root on Demand, even if it is temporary is better than permanent root in some respects.
If we had permanent root some of the phones features would stop working like My Knox Security and Samsung pay and some others apps won't work with root but they will work with Kingroot.
The two problems I see with Kingroot are First, Security, we don't know what information we are sharing with them. I don't like being connected to their server with a rooted phone.. And second, Reliability, they could shut the whole system down any time they get ready and we would have no recourse.
If the Kingroot team would give us the keys and the source code so we could understand how to roots our own phones, I would agree to give them the bounty. I only speak for myself and do not represent anyone connected to the Root Bounty for the Verizon Note 4 on XDA.
P.S. I have updated the updated the first and second post at Kingroot on top of My KNOX, Working Great! !
Click to expand...
Click to collapse
whats the point of this post? They tell you what information they take and what they do with it already.
Why release their source so others can take it and make their own root tool without need of info and with supersu thus eliminating the need for their tool altogether?
Not to mention the universal exploit doesnt work on all devices so surely they have other root exploits available in those situations that some of us dont need builtt into the app.
And lastly, they alreafy released the recent exploit and how to do it at blackhat so devs can already make their own root tool using the same exploit as king root as it is.
Extreme Syndicate L
elliwigy said:
whats the point of this post? They tell you what information they take and what they do with it already.
L
Click to expand...
Click to collapse
And I'm just suppose to take their word for it.............Please
doctor-cool said:
And I'm just suppose to take their word for it.............Please
Click to expand...
Click to collapse
thats all you got to go off lol. until theyve been proven of wrong doing you shouldnt accuse them
Extreme Syndicate L
elliwigy said:
thats all you got to go off lol. until theyve been proven of wrong doing you shouldnt accuse them
Extreme Syndicate L
Click to expand...
Click to collapse
I'm not accusing them of anything but for all we know they could be part of the Chinese Government building a data base. Then when they need to they could take control of our phones. Turn the cameras on or anything. Look at all the resent hacks into government systems. Can't be to careful.
doctor-cool said:
I'm not accusing them of anything but for all we know they could be part of the Chinese Government building a data base. Then when they need to they could take control of our phones. Turn the cameras on or anything. Look at all the resent hacks into government systems. Can't be to careful.
Click to expand...
Click to collapse
lol theres always hacking of govt systems and im sure the us govt we need to worry about more than foreign governments.. the NSA and the likes most likely already do that and more without anyones knowledge.
Extreme Syndicate L
I don't know about giving them the bounty for the info, but I'll never root my phone using such a sketchy method, temporary, permanent, or whatever else.
nh97103 said:
I don't know about giving them the bounty for the info, but I'll never root my phone using such a sketchy method, temporary, permanent, or whatever else.
Click to expand...
Click to collapse
lol the op of this thread clearly uses king root as do many others.. but luckily everyone can make their own choice.. i for one dont mind at all and nothing negative has happened to anyone at this point by using king root minus a few apps dont work with their binaries.
no one is going after ping pong root which obviously works in a very similar fashion.. your device needs to be supported and you have to download the data off the cloud as well as they use the same exploit.
Extreme Syndicate L
From the website http://www.kingoapp.com/faq.htm
"We manage to obtain root privilege of Android by exploiting certain undisclosed vulnerabilities, which we believe would be patched in no time once made public. And that would dysfunction this software that we've worked so hard for."
Yea right..It has already been patched in LP......
Give us the Keys
doctor-cool said:
From the website http://www.kingoapp.com/faq.htm
"We manage to obtain root privilege of Android by exploiting certain undisclosed vulnerabilities, which we believe would be patched in no time once made public. And that would dysfunction this software that we've worked so hard for."
Yea right..It has already been patched in LP......
Give us the Keys
Click to expand...
Click to collapse
you do realise that isnt even king root right?
Extreme Syndicate L
---------- Post added at 05:54 PM ---------- Previous post was at 05:51 PM ----------
i definitely agree with kingo root.. i tried on my tablet and it installs all kinds of crapware and ads apps that i had a hard time getting rid of.. they would even install after i deleted them and in the end it didnt even root my tablet lol
but that is a completely dif. tool/team than kingroot
Extreme Syndicate L
elliwigy said:
you do realise that isnt even king root right?
Extreme Syndicate L
---------- Post added at 05:54 PM ---------- Previous post was at 05:51 PM ----------
i definitely agree with kingo root.. i tried on my tablet and it installs all kinds of crapware and ads apps that i had a hard time getting rid of.. they would even install after i deleted them and in the end it didnt even root my tablet lol
but that is a completely dif. tool/team than kingroot
Extreme Syndicate L
Click to expand...
Click to collapse
Just realized, your right. But why would King root provide a free service. It'seems not just to be nice?
doctor-cool said:
Just realized, your right. But why would King root provide a free service. It'seems not just to be nice?
Click to expand...
Click to collapse
no root tool has charged besides sunshine to my knowledge.. donations are appreciated but technically king root works for a security firm so surely its a hobby and their job to find exploits.. plus xda rules are somewhat tricky.. theres lots on xda ppl dont charge for.
Extreme Syndicate L
doctor-cool said:
I'm not accusing them of anything but for all we know they could be part of the Chinese Government building a data base. Then when they need to they could take control of our phones. Turn the cameras on or anything. Look at all the resent hacks into government systems. Can't be to careful.
Click to expand...
Click to collapse
Then you should NEVER root your phone! Don't you realize that rooting under any method leaves your phone open to be hacked? There is no such thing as safe rooting. Even with Chainfire's Supersu...if you want your phone secure you need to root, make the changes you want then unroot quickly. It is also true that rooting via an unknown source like Kingroot or any of the other methods that have passed through in the last year or so, is even more dangerous..all of those requiring internet connections to root? It is a question you always need to ask yourself...how bad do you want root and what are you willing to risk.
KennyG123 said:
Then you should NEVER root your phone! Don't you realize that rooting under any method leaves your phone open to be hacked? There is no such thing as safe rooting. Even with Chainfire's Supersu...if you want your phone secure you need to root, make the changes you want then unroot quickly. It is also true that rooting via an unknown source like Kingroot or any of the other methods that have passed through in the last year or so, is even more dangerous..all of those requiring internet connections to root? It is a question you always need to ask yourself...how bad do you want root and what are you willing to risk.
Click to expand...
Click to collapse
there's a slight difference between being open to a hack and being connected to a hacker's server with a rooted phone. They have your ip connected. What more could they ask for?
doctor-cool said:
there's a slight difference between being open to a hack and being connected to a hacker's server with a rooted phone. They have your ip connected. What more could they ask for?
Click to expand...
Click to collapse
So does every site you go to and all apps that transfer data online..including games that keep track of high scores. Do you have the source code for all of those? What if they check for root then alter your phone? If you are going to put on the tin foil hat...go all out. Rooting is very dangerous.
But you are right to be wary of these Johnny-come-lately root methods. Again people should consider heavily how much are they willing to risk by rooting...even more so that which requires an internet connection.
KennyG123 said:
Then you should NEVER root your phone! Don't you realize that rooting under any method leaves your phone open to be hacked? There is no such thing as safe rooting. Even with Chainfire's Supersu...if you want your phone secure you need to root, make the changes you want then unroot quickly. It is also true that rooting via an unknown source like Kingroot or any of the other methods that have passed through in the last year or so, is even more dangerous..all of those requiring internet connections to root? It is a question you always need to ask yourself...how bad do you want root and what are you willing to risk.
Click to expand...
Click to collapse
Don't all changes to the system need to be allowed by the superuser app? Also I use Adfree Android. It provides a hosts file that blocks you from going to all known malicious websites. Doesn't that give at least a pretty good measure of safety. And what about antivirus?
stueycaster said:
Don't all changes to the system need to be allowed by the superuser app? Also I use Adfree Android. It provides a hosts file that blocks you from going to all known malicious websites. Doesn't that give at least a pretty good measure of safety.
Click to expand...
Click to collapse
There are ways around that...especially if it is an unknown superuser app...we have some faith in Chainfire and his Supersu catching all requests..but as the OP stated...how do we know with unknown quantities how well their app catches superuser requests. Like rooting in general, exploits in apps can be found too. This makes you think then...what if the source is posted? Will that make it easier for hackers to find back doors?
KennyG123 said:
There are ways around that...especially if it is an unknown superuser app...we have some faith in Chainfire and his Supersu catching all requests..but as the OP stated...how do we know with unknown quantities how well their app catches superuser requests. Like rooting in general, exploits in apps can be found too. This makes you think then...what if the source is posted? Will that make it easier for hackers to find back doors?
Click to expand...
Click to collapse
Yeah I'm sure you're right. Isn't hacking something that antivirus providers are working against? Or maybe there's a firewall or a sandboxing procedure that could help?
stueycaster said:
Yeah I'm sure you're right. Isn't hacking something that antivirus providers are working against? Or maybe there's a firewall or a sandboxing procedure that could help?
Click to expand...
Click to collapse
The sandbox is to use the "Personal" side of My Knox Security as a Playground as described here Kingroot on top of My KNOX, Working Great! !
This.
If anyone trust them and wants to connect to their honey trap...thats on them.
Some people seem crazy to do this just to get rooted
doctor-cool said:
there's a slight difference between being open to a hack and being connected to a hacker's server with a rooted phone. They have your ip connected. What more could they ask for?
Click to expand...
Click to collapse