German Security Researchers have discovered that freezing an Android phone allows hackers to access the Encrypted data stored in the phone.
The encryption method introduced in the Android version "Ice cream sandwich" by Google.
The researchers bypassed this encryption system method by freezing the smartphone for an hour.
"Quickly connecting and disconnecting the battery of a frozen phone forced the handset into a vulnerable mode. " According to BBC report.
"This loophole let them start it up with some custom-built software rather than its onboard Android operating system."
The hack allowed the researchers to access the encrypted contact lists, browsing histories and photos.
For more information:
https://www1.informatik.uni-erlangen.de/frost
Following the partial bypass vulnerability in Note II, a new security flaw has been discovered that allows hackers to completely bypass lock screen on Samsung Galaxy S3 .
The bug was discovered by Sean McMillan and posted as Full disclosure in the Seclists mailing list.
The instruction provided by McMillan : How to bypass the Lock screen in galaxy S3
1) On the code entry screen press Emergency Call
2) Then press Emergency Contacts
3) Press the Home button once
4) Just after pressing the Home button press the power button quickly
5) If successful, pressing the power button again will
bring you to the S3's home screen
McMillan said that it can "take quite a few attempts to get this working, sometimes this method works straight away, other times it can
take more than 20 attempts."
A Security flaw in the Samsung phones allows hacker to bypass the lock screen and launch apps and dial phone numbers on a locked device. The vulnerability has been discovered by a mobile enthusiast Terence Eden.
To exploit this security flaw, the hacker should activate the screen and press Emergency Call. Then, Press the "ICE" button on the bottom left and hold down physical home key for a few seconds and then release. Now, you can access the Home screen and launch any app or widget.
Researcher has tested this vulnerability against Galaxy Note II N7100 running 4.1.2.
"This attack works against Pattern Lock, PIN, Password, and Face Unlock. There is no way to secure your phone against your home screen being accessed." Eden said in his blog post.
The researcher says he tried to contact Samsung regarding this vulnerability but there is no proper response from their side.
To exploit this security flaw, the hacker should activate the screen and press Emergency Call. Then, Press the "ICE" button on the bottom left and hold down physical home key for a few seconds and then release. Now, you can access the Home screen and launch any app or widget.
Researcher has tested this vulnerability against Galaxy Note II N7100 running 4.1.2.
"This attack works against Pattern Lock, PIN, Password, and Face Unlock. There is no way to secure your phone against your home screen being accessed." Eden said in his blog post.
The researcher says he tried to contact Samsung regarding this vulnerability but there is no proper response from their side.
New Year coming up, there's naturally a lot of well wishes and holiday greetings being messaged around. Looks like somebody's decided to join in (a little late) — and also do a bit of data harvesting at the same time.
F-Secure researchers have spotted a malware application(na masquerade as greeting-sending applicaion that lets you send witty/sweet/funny messages to your contact. On execution, it displays a list of text messages that fall into different categories: new year wishes, friendship, love and jokes
When the user selects one of messages, the app prompts a dialog box asking for the next action: Contact, Edit or Cancel.
If Contact is chosen, the app tries to read the stored contact data. Presumably, it needs to know to whom to send the message.
Researchers tested the application with a test phone that has bogus contacts present, no text message was sent then either — AdBoo only produces a dialog box with the message "Sending fail"
When analyzing the app, researchers noticed that the app did do something else though. On selecting the Contacts options, it silently obtained the following information from the device:
1) Phone Model
2) Android Version
3) Phone number
4) International Mobile Equipment Identity (IMEI) number
The harvested details are then forwarded to remote server.
Incidentally, looking at the certificate for this variant of AdBoo, it appears to be from the same developer as Zsone.A.
 |
| Malware Application |
What you will do ? , if you got these kind of message in your mobile : "Your Android mobile is infected by virus. Install this antivirus and activate security system". Will you ignore or follow the link and install the antivirus?
Kaspersky Researchers have spotted a android malware application that masquerade as Antivirus. When researchers search for some popular applications in smartphone via Opera mini, they found that search results leads to scammer sites . The scam sites claim that the user’s device might be infected and that somebody has access to personal data and then will ask the user to check his or her device for malware. If the user clicks on the button, the web page will result some fake report that claims "Your mobile is infected" and ask you to activated the Security system.
If a user click the link , it will download and install "VirusScanner.apk file which is actually malicious and detected by us as Trojan-SMS.AndroidOS.Scavir. if you have non-Android mobile, it will download "VirusScanner.jar" a file which is detected by us as Trojan-SMS.J2ME.Agent.ij.
After the installation, an application named ‘Установщик’ (‘Installer’) with the Kaspersky icon appears in the menu.
When the application executes , the user is asked to press the ‘Continue’ button if he wants to launch VirusScanner with some options like ‘Turn on multi-level protection’, ‘Disable remote control of a device’ or ‘Turn on web site scanning’. But in fact after pressing ‘Continue’ this app will send SMS messages to expensive premium rate numbers.
A research team at NC State University in collaboration with NetQin, have uncovered a new SMS Android Trojan named as "DroidLive" in third-party Android markets. They detected this malware on Nov 5 and published about the trojan on Nov 11.
The Trojan attempts to disguise itself as a Google library, but actually receives commands from a remote Command and Control (C&C) server, which allow it to engage in sending text messages to premium numbers, making phone calls, collecting personal information, and other nefarious activities.
Also, one unusual behavior of this malware is its attempt of installing itself as a device administration app. Though this requires user consent, if such consent is given, DroidLive can obtain privileges closer to those granted only to the device's firmware. To the best of our knowledge, this is the first malware that takes advantage of the device administration API.
DroidLive is structured as a constellation of services and receivers that communicate using Android's standard inter-app communication layer (i.e., Binder). These relationships are shown in the following diagram:
1. DroidLive's heart is a main control service, MainService, which is invoked via the Android IPC mechanisms by other parts of the Trojan. This service takes action based on a string passed to it when it is invoked; these strings are in plain, human-readable text. MainService is initially invoked by other receivers that listen for a variety of (17) system events.
2.Once the malware has been initially invoked, it uses message queues and Android's alarm functionality to periodically wake up and contact its C&C server (http://xxxxxxxxxxxx/androidService/services/AndroidService). As part of this process, DroidLive sends a large amount of information to the server, including the device's unique hardware identifier (IMEI), current cell tower identifier (CID), subscriber identifier (IMSI) and more. In return, the server sends a list of actions for the bot to perform.
3.DroidLive features several commands, which are handled by dedicated components. It can send text messages, make phone calls, or attempt to install itself as a device administration app. This last feature requires user consent, but if granted allows DroidLive privileges closer to those granted only to the device's firmware. Inside the device admin code, it obtains a list of all the apps running on the device. Note this device admin-level access would allow other priviledged actions, such as wiping out all the data on the device.
Security Researcher recommends to follow the instruction to stay secure from these type of malware:
The Trojan attempts to disguise itself as a Google library, but actually receives commands from a remote Command and Control (C&C) server, which allow it to engage in sending text messages to premium numbers, making phone calls, collecting personal information, and other nefarious activities.
Also, one unusual behavior of this malware is its attempt of installing itself as a device administration app. Though this requires user consent, if such consent is given, DroidLive can obtain privileges closer to those granted only to the device's firmware. To the best of our knowledge, this is the first malware that takes advantage of the device administration API.
How It Works
DroidLive is structured as a constellation of services and receivers that communicate using Android's standard inter-app communication layer (i.e., Binder). These relationships are shown in the following diagram:
1. DroidLive's heart is a main control service, MainService, which is invoked via the Android IPC mechanisms by other parts of the Trojan. This service takes action based on a string passed to it when it is invoked; these strings are in plain, human-readable text. MainService is initially invoked by other receivers that listen for a variety of (17) system events.
2.Once the malware has been initially invoked, it uses message queues and Android's alarm functionality to periodically wake up and contact its C&C server (http://xxxxxxxxxxxx/androidService/services/AndroidService). As part of this process, DroidLive sends a large amount of information to the server, including the device's unique hardware identifier (IMEI), current cell tower identifier (CID), subscriber identifier (IMSI) and more. In return, the server sends a list of actions for the bot to perform.
3.DroidLive features several commands, which are handled by dedicated components. It can send text messages, make phone calls, or attempt to install itself as a device administration app. This last feature requires user consent, but if granted allows DroidLive privileges closer to those granted only to the device's firmware. Inside the device admin code, it obtains a list of all the apps running on the device. Note this device admin-level access would allow other priviledged actions, such as wiping out all the data on the device.
Security Researcher recommends to follow the instruction to stay secure from these type of malware:
- Download apps from reputable app stores that you trust; and always check reviews, ratings as well as developer information before downloading;
- Check the permissions on apps before you actually install them and make sure you are comfortable with the data they will be accessing;
- Be alert for unusual behavior on the part of mobile phones and make sure you have up-to-date security software installed on your phone.
Android facial recognition Unlock feature can be hacked using digital photo. Google Android provide feature "Ice Cream Sandwich" that unlock a phone via Facial recognition.
A blogger showed the facial recognition technology can be fooled if it is presented with a digital picture.
"While some of you think that it is a trick and I had set the Galaxy Nexus up to recognise the picture, I assure you that the device was set up to recognise my face. I have a few people there watching me do the video and if any one of them is watching this video I hope you can confirm that this test is 100% legit," he said in a YouTube video.
It is going to be work if the attacker has your digital photo. Thief can't recognize whose phone is ,so he can't be unlock it.
Video Demo:
