Posts Tagged ‘ Security ’

Hacker plants back door in Symbian firmware

Key Logo

Indian hacker Atul Alex has had a look at the firmware for Symbian S60 smartphones and come up with a back door for it. By modifying version 5 of the original software – which runs on such devices as the Nokia 5800, Nokia X6, Nokia 5530XM, Sony Ericsson Satio and Sony Ericsson Vivaz – he has integrated a back door as a reverse shell, including support for Perl scripts. All of the smartphone’s functions can be remotely controlled, including the camera. Alex wrote the back door itself in Python. He plans to make the firmware available for free soon for downloading. Continue reading

Advertisements

New iOS prevents users from unlocking their iPhones

In its latest iOS version 4.2.1Apple has introduced a new mechanism to further complicate the removal of the SIM lock, also known as a network or subsidy lock. The operating system will check which baseband version (in simple terms, “modem firmware”) is installed on the iOS device and refuse to start if an unauthorised version is found. With the earlier versions of iOS theTinyUmbrella tool can be used to persuade locked devices to co-operate; this tool won’t work in iOS 4.2.1. Continue reading

Web sites can launch iPhone applications without prompting

iPhone Teaser

Specially crafted web sites can launch iPhone and iPod Touch apps without the Safari browser asking the user for permission when certain URL protocol handlers (URL schemes) are called. For instance, according to security researcher Nitesh Dhanjani, a web site can use the iFrame to launch a Skype app and automatically call a number – provided that the user has saved Skype access data. Criminals would also be able to play around with a number of other applications. For a list of the protocols currently used in the iPhone, see the URL scheme index. Continue reading

Android holes allow secret installation of apps

Security researchers have demonstrated two vulnerabilities that allow attackers to install apps on Android and its vendor-specific implementations without a user’s permission. During normal installation, users are at least asked to confirm whether an application is to have certain access rights. Bypassing this confirmation request reportedly allows spyware or even diallers to be installed on a smartphone. Continue reading

iDiscrete – Secure / Hide Content on iPhone – iPod Touch & iPad

Today our featured App from the App Storeis ‘iDiscrete‘ Which securely store your private content like Video, Images and Files on your iPhone, iPod Touch and iPad in a discreet way. Rather than requiring a suspicious looking password, iDiscrete employs its patented Touch Sequence Protection™. This works by bringing up a nondescript “Loading” screen upon entry to the application, which registers touch input in 8 separate locations. Continue reading

Back door exploit for Android phones

A security expert working at Alert Logic has published a demonstration back door exploit for smartphones running Android. Criminals could use the principles of this exploit to gain control of a phone and install trojans. A potential victim need only call a malicious web site for infection to occur. Continue reading

PayPal fixes critical vulnerability in its iPhone app

PayPal Logo

PayPal iPhone

PayPal has released an update for its iPhone app aimed at blocking phishing attacks. According to a report in the Wall Street Journal, vulnerable versions of the app fail to check the PayPal web site’s SSL certificate correctly, or at all. The Android app does not appear to be affected. The vulnerability was discovered by security company viaForensics. Continue reading