Archives for

Hack

HTC HD2 boots Windows Phone 8!

The HTC HD2 is a great smartphone and was launched around 3 years ago running Windows Mobile 6.5. Of course Windows Mobile 6.5 devices weren’t upgraded to Windows Phone 7 which indeed changed the game for Microsoft and gave rise to an all new mobile operating system. HTC HD2 has been subject to various hacks and developers have managed to flash several version or flavors of Windows Phone 7 on it. The device comes with a 4.3” screen and is a great device as far as hacking into is concerned.

When Windows Phone 8 was announced, Microsoft also made it clear that the existing Windows Phone 7.5 devices won’t be upgraded to Windows Phone 8. That is of course a very disturbing news for owners of devices such as Lumia 900 because it’s not a good feeling to have a device that is less than a year old and yet is already obsolete. According to Microsoft, the reason for Window Phone 8 not being able to make it to existing Windows Phone 7.5 devices is that they lack the hardware capability to do so, but seems like developers have proved them wrong.

The developers at Dark Force Team have got Windows Phone 8 running on the HTC HD2. Though the functionality in its current trim is limited to a certain extent, but the point is made and it is that HTC HD2 can indeed run Windows Phone 8. The developer team posted few photos on Twitter as proof for the same and has been attached in this post above. The hack demonstrates that even relatively old hardware may be capable of handling Windows Phone 8. Just in case you need a refresher, the HTC HD2 has a 1GHz single-core Snapdragon S1 chip with Adreno 200 graphics and only 448MB of RAM.

It was previously understood that Windows Phone 8 comes with a built in security settings which is supposed to only enable WP8 devices run the software, but the case here is something different and we have a smartphone dating back to 2009 running the new OS, which is fantastic. Though limited in functionality, it also means that there is a possibility to have the existing wonderful Windows Phone 7.5 devices such as Lumia 900 booting Windows Phone 8 goodness unofficially.

For those who are extremely bored with Windows Phone 7.5, Microsoft will be releasing an official update and most of the existing devices will be upgraded to Windows Phone 7.8. The features included in Windows Phone 7.8 have already been leaked online and we have written several articles on the topic as well.

Previously, developers at XDA had managed to create a ROM for the HD2 and had it running Android 4.1 Jelly Bean, though the initial release was far from perfect. Since the DFT team has noted that their WP8 on HD2 hack was just a “proof-of-concept”, don’t expect a fully-working Windows Phone 8 ROM to be released for the HTC HD2 in the near future. What are your thoughts on this news?

via WPCentral

Slightly complex hack brings Android to an iPhone 6s

iPhone 6s Android

iPhone 6s Android

Not many will be familiar with the work of hacker/developer Nick Lee. Recently, he managed to run Windows 95 on the Apple Watch. Why? Well, because he could. Plus it’s always nice to tinker around with hardware and software to give people a taste of what is otherwise considered impossible or unlikely. He’s at it again now, and this time, his weapon of choice is Android and the medium is the iPhone 6s.

He has managed to build a special case (probably with its own hardware underneath) which when paired with the iPhone, can let you run Android on an iPhone. It’s not as easy as it sounds and his motive here was to merely show the world that something like this is possible. He mentions that about 45 hours of work has gone into this, suggesting that it’s not something for amateurs.

You can check out the entire process in the video below. It must be noted that the iPhone is still running iOS 9, so Android is merely running on top of it using an emulator of some sort. Android isn’t taking full advantage of the iPhone hardware here since most of the power comes from the attached case. Lee used Android 4.1 Jelly Bean for this particular demo.

Source: YouTube

Via: The Next Web

Over 15 million customers affected by the T-Mobile/Experian data breach

T-Mobile

#TMobile and #Experian have announced that a massive data breach has compromised vital user information like names, addresses and social security numbers (even despite encryption). It is said that nearly 15 million customers of the carrier are impacted by this, which will surely lead to some sleepless nights for the higher ups in the company as well as the customers, obviously.

Customers who ran a credit check before getting a T-Mobile connection between September 1, 2013 to September 16, 2015 are reportedly affected. This essentially means that a lot of the new customers that T-Mobile has gathered over the past two years are vulnerable now.

T-Mobile CEO John Legere said the following in a detailed statement – “Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected. I take our customer and prospective customer privacy VERY seriously. This is no small issue for us. I do want to assure our customers that neither T-Mobile’s systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information.”

I’m frankly appalled and shocked by this new revelation and can only imagine the plight of the customers now. Are you one of these unfortunate customers? Let us know in the comments section below.

Source: T-Mobile, Experian

Via: Droid Life

Android 5.0 screen unlock hack leaves customers worried

Android 5.0 Lollipop

#Android smartphones have a variety of display locking/unlocking methods with pattern locking being one of the most popular. A few researchers at the University of Texas have now found a major loophole in Android 5.0 running devices that could let anybody through the pattern lock screen within a matter of few minutes.

It is found that using a large wall of text, users can easily force the smartphone into unlocking and opening the homescreen. The technique is very simple in theory but requires a lot of patience as it involves copying text from the dialer and pasting it back onto the emergency password section.

Once the text is copied, it’s as simple as opening the camera app (swipe right to left from the lockscreen) and swipe down the Quick Settings menu to enter the Settings. At this point, the device asks for an emergency password, which is where the user will have to paste all the copied content to force the device into unlocking itself.

This is a major security loophole which has supposedly been fixed with Android 5.1.1. But those running Android 5.0 are still believed to be vulnerable to this particular bug. Watch the video below to understand how this works.

Via: Ars Technica

How to Reset Samsung Galaxy S3 Passcode

galaxy s3 passcode

galaxy s3 passcode

Forgetting the Samsung Galaxy S3 passcode can be such a pain. This is because you will lose the ability to operate your phone. However, losing or forgetting your Galaxy S3 passcode shouldn’t be a big problem because there is actually an easy way to reset it.

All you have to do is follow the steps below:

1. While your Galaxy S3 is turned off, press the Power, Home and Volume Up buttons altogether. Hold them for a few seconds.

2. You will see the Samsung Galaxy S3 logo followed by the green Android logo. Once you see the green Android logo, let go of the buttons that you are holding down.

3. The next screen will take you to the Android System Recovery menu.

4. Use the Volume Down key to scroll down in the list. Stop when the Wipe Data/Factory Reset option has been highlighted.

5. Press the Power button to select the option.

6. This will confirm a wipe of all your user data. Again, use the Volume Down button to navigate along the choices and use the Power button to select the “Yes – delete all user data” option.

Take note that the trade off of this process is that you will be losing all the data stored in your device. So, try your very best to recall your passcode before bypassing it.

Alternative Solution

To preserve the data of your Galaxy S3, you can also try this exploit which was revealed before by Full Disclosure’s Sean McMillian:

1. Go to Emergency Call.

2. Proceed to Emergency Contacts.

3. Press the Home button once.

4. Tap the Power or Lock button in a quick succession.

5. If successful, this will take you to the Home screen.

According to the source, there are instances wherein results were achieved right away and there were times where it took more than 20 attempts. Take note also that this exploit was performed using a Galaxy S3 unit with Android 4.1.2 Jelly Bean with kernel version 3.031-742798.

We would like to remind you too that we haven’t tried this because this exploit has been uncovered way back in March this year. So, there is a huge possibility that the issue has already been fixed through recent software updates and it may no longer work. But still, if you are desperate to preserve your data, this may still be worth a try.

Email Us

For more questions or if you have anything to share related to this matter, email us at [email protected] or hit the comments below.

Alternative Solution Source: SecLists.org

Microsoft Surface RT Can Now Run a Few Basic x86 Applications Thanks to a Hack

surface_01

Each operating system/platform has a vast developer community, and the number only increases with each coming day. Be it Android, iOS or Windows Phone/Windows 8, they’ve all got a large number of developers trying to bring in hacks/tweaks to unsupported devices. For Android, there’s the CyanogenMod team and similarly for Windows too there’s a big group of devs trying to bring in unsupported features on devices. Windows has always been known to be the ultimate hacking/modding machine, but Microsoft didn’t live up to that promise with the Surface RT. Since the tablet was based on ARM’s CPU architecture, it didn’t pack support for standard Windows apps, which was kind of a letdown. But the folks at XDA have been hard at work to bring regular Windows apps (x86) onto the Surface RT since a long time and it’s finally possible. This will however require the Surface RT jailbreak as a prerequisite, so users have to make sure they’ve got themselves covered there.

As of now, it appears as if this new tool only runs light apps, but the developer has urged users to try out as many apps as possible and let him know how well they’re doing by writing to him at the forums. Sure, you won’t exactly be able to run heavy apps immediately, but this is certainly a start. This trick fools the system into emulating x86 tools to the default kernel. The process is a little too technical to understand, but it’s pretty simple in practical use. If you’re familiar with the term “jailbreaking”, you’ll find no trouble understanding this. Just like how one would modify a device after jailbreaking, this tool basically would work the same way. While not everything will work as smoothly as you would like, it’s a great start and one which would go a long way in making the tablet relevant again. Thanks to these devs, people can now run regular Windows software (albeit partially) on the Surface RT. There is still enough work to be done in this area though and we can expect to see the Surface RT running more heavy stuff in the coming days. The delay is painful, but better late than never, right?

These are the features which should have been enabled right from the start, but MS had no choice as it wanted to make the device a standalone tablet and not a Windows PC or notebook alternative. For users willing to get a replacement to the PC or their notebook, Microsoft has the Surface Pro which launched a few weeks ago. But if these ARM based tablets can run standard Windows apps without much fuss, then there won’t be much noise about the substantially pricier Surface Pro. Let’s hope the developers make more progress in this area as we would like to see the Surface RT bring some smiles on the owners’ faces. They’ve not had much to smile about really.

Source: XDA Forums
Via: Phone Arena

Facebook Reports They Were Hacked

Another high profile company can now be added to the long list of companies that experienced hacking attacks. Facebook just reported that they were hit by what they call as a “sophisticated attack” last month. This happened when a couple of their employees visited a mobile version of a developer website that was compromised. The root cause however was the zero day exploit that bypassed the Java sandbox and enabled a malware to be installed in the computer in question. The company said that they immediately reported the exploit to Oracle which released a patch last February 1.

facebook hacked

Facebook went on to report that they have found no evidence that any user information had been compromised as a result of this security breach into their system. The company said that they are closely working with security teams of other companies and government agencies to investigate the attack and learn how to prevent a similar occurrence in the future.

In the official blog post of the company they said that “Facebook Security has a team dedicated to tracking threats and monitoring our infrastructure for attacks at all times. In this particular instance, we flagged a suspicious domain in our corporate DNS logs and tracked it back to an employee laptop. Upon conducting a forensic examination of that laptop, we identified a malicious file, and then searched company-wide and flagged several other compromised employee laptops.”

It wasn’t Facebook that was the only company hacked during this period as other companies were attacked and infiltrated as well. The names of the companies affected are not disclosed as of the moment though. As one of the companies being attacked first, the social networking giant immediately shared details on the attack to other companies so as to prevent any data breach.

The high security risk involved with using Java has prompted the Department of Homeland Security to issue a warning last month telling people to disable it on their web browsers. A flaw in the software allows an attacker to remotely control an infected system. Although Oracle has since then released a security patch for this, people are still advised to disable Java altogether if it really isn’t needed.

via Facebook

Android’s pattern lock bypassed without root

Android offers several ways to lock the smartphone and most notable ones include pattern lock, PIN and the new FaceLock on Android 4.0 ICS and Android 4.1 Jelly Bean. FaceLock, however, was found to be vulnerable soon after the launch of Ice Cream Sandwich as it authenticates even if a picture of owner is shown to the camera. Google did try to fix this issue in Android 4.1 Jelly Bean by adding something called “Liveness Check”, where in which the user is required to prove his aliveness by blinking his eyes in order to unlock the phone using facial recognition, but hackers found a workaround for this too, and all it requires is a bit of photo editing skills up the sleeve in order to circumvent Jelly Bean’s Face Unlock system. That’s pretty insecure, which makes sense to lock your Android device using PIN or pattern lock if you do have important data on your phone.

Pattern lock is pretty safe to use, but what about the times when you forget the pattern you set? It’s like leaving your car keys inside the car or house and locking it from the outside. In case of house, you can probably hire a locksmith to get things done, or you can probably break in, but is possible to break into your Android device if you have forgotten the pattern? The answer is Yes, says a senior member of XDA forum, m.sabra.

M.sabra has come up with a way. Using his method, you can bypass the pattern lock system on any Android device, but good things always come with a catch. In order to have this bypass working, it is required to have the “USB debugging” option already enabled. It also means that if you’re locked out of your phone and you don’t have the USB debugging option enabled, you’re pretty much out of luck. Users who are familiar with modding and flashing should be familiar with this option.

It is worth noting that this hack will work even if the device isn’t rooted. In order to override the pattern unlock, you are required to push several lines of commands through ADB, which can be found on the original hack thread at XDA-Developers over here. Once you punch in the commands, you can reboot to find out that any pattern will unlock your device. Though this method will work on non rooted devices, it also depends on device’s ROM. Apparently, Android 4.1 Jelly Bean is immune to this hack, but it will work on most of the Android versions, including the Android 4.0 Ice Cream Sandwich, but again, it all depends on the stock ROM too, so it may or may not work in your case.

The discovery of this hack is great for people who genuinely tend to forget their password, but nobody is stopping thieves from making use of this method. All you can do is work out some memory exercise and keeping the USB debugging option disabled will also ensure security of your data. You can also opt for double authentication system, just to make sure your data is safe.

Will you give this method a shot? Let us know using the comment form below.
Source: XDADevelopers

Anonymous: Facebook Is Going Down November 5th

image

The interwebs have been reporting today that the hacktivist group that calls itself Anonymous has another major target in their cross hares. That site is Facebook.  According to CNET and other sources, Anonymous has several reasons they are targeting the largest social network in the world.

Facebook, with a reported 750 million users has apparently upset the hacktivist community by reportedly selling user information to the government.  In their press release Anonymous states:

“Facebook has been selling information to government agencies and giving clandestine access to information security firms so that they can spy on people from all around the world. Some of these so-called whitehat infosec firms are working for authoritarian governments, such as those of Egypt and Syria.”

Anonymous has invited other likeminded hackers to join them for the November 5th take down. CNET and others speculate that November 5th was chosen because it is the day British people set off fireworks to commemorate Guy Fawkes and the day he detonated Britain’s house’s of Parliament.

Anonymous has given Facebook plenty of notice, and still seem very confident that they will be able to take down the site. 

Source: CNET

Mobile Banking Phishing Malware Comes To Android, Removed From Market

The international cybercrime ring known as Zbot or ZeuS and the creators of the Zeus toolkit are back, this time targeting Android users.  The ZeuS toolkit is bank information stealing malware that has already come to Symbian, Windows Mobile and Blackberry in the form of a trojan.  The ZeuS team has created a survey form that installs a malware into your phone once you take the survey that is supposedly from a security company called Trusteer.

Once the malware is on your Android device it then listens for incoming text messages that banks and other services use to validate user passwords. These text messages are sent out to a remote server where they are harvested and then used to break into people’s bank accounts.

Mobile security expert Dennis Maslennikov of Kaspersky labs tells pcmag that the Android version of ZeuS or Zbot, is a lot more primitive than the ones that hit the other operating systems. He also noted that it has been removed from the Android market.  To be on the safe side though make sure you don’t respond to the survey above and use a mobile security suite like Lookout on your Android device.

Source: PC Mag

Lulz Security Takes FBI Partner In Atlanta

You must have heard of Lulz Security by now. Lulz Security is the team of hackers responsible for some of the PSN hacks, the X-Factor hack, PBS, several hacks of Sony Entertainment and now they’ve turned to an FBI partner company based in Atlanta.

InfraGard Atlanta is described by Yahoo London as  a “public-private partnership devoted to sharing information about threats to the U.S. physical and Internet infrastructure”. Wait a second did they say that InfrafGard shares information about threats against the US Internet infrastructure? And they got hacked by Lulz Security?

More after the break
(more…)

Latest Adobe Flash Security Flaw Is Not Android Specific

Pocketnow is running a story about vulnerabilities that Adobe found in their latest release of Adobe Flash. The vulnerability that Adobe found in Flash Player 10.2.153.1 and earlier versions affects Windows, Macintosh, Linux, Solaris and Android. Although the big red Android with the flash logo on the front may lead some to believe that this vulnerability is limited to just Android.

The vulnerability, found in Authplay.dll, can also be found in Adobe Reader and Acrobat X (10.0.2) and earlier. The vulnerability, which Adobe is identifying as CVE-2011-0611 could cause a crash and potentially allow an attacker to take control of the affected system. Although no reports of this actually happening have been discovered.

(more…)

Best Buy Reward Zone Customer Emails Compromised In Epsilon Data Breach

image

We just received an email from Best Buy Rewards Zone confirming that our email address was compromised along with the other Reward Zone members.

This breach of data is just one of the countless number of big corporations hit by a breakdown in security at Dallas Tx based Epsilon. Epsilon maintains the customer data for hundreds of big corporate clients.

Best Buy isn’t alone in one of the biggest hacks of our time.  Citi, Walmart and even the Limited Group have been feverishly sending out customer warnings, and strategizing on better ways to protect data.

According to security experts the breach of security at Epsilon only resulted in names and email addresses. Customers are warned that they may see a barrage of spam.

Source: ABC News

Security: Hackers Release Fake Android Market Security Tool

Top online and mobile security company Symantec has discovered a new dangerous malware lurking in a third party Chinese android market.  The “Android Market Security Tool” is a repackaged clone of the original Android Market Security Tool which was released to remove malware from DroidDream infected devices.

The fake Android Market Security Tool is able to send SMS (text) messages to a command and control server located at hxxp://www.youlubg.com:81/Coop/request3.php

Google took a proactive approach to the DroidDream malware scare by bypassing both carriers and OEM’s and directly pushing their official “Android Market Security Tool March 2011” to devices to remove DroidDream. Typically carriers and OEMs send updates.  As a separate note this action alone shows that the upgrade path in terms of Android versions is determined by OEMs and Carriers and not Google, obviously if Google controlled it, it would be more efficient.

It’s unclear how many devices have been affected by the fake Android Market Security Tool because it was distributed on a third party site.  The original DroidDream was said to have been downloaded over 250,000 times within 21 infected apps in the official Android market.  What’s also unclear at this time is what the perpetrators plan or could do once they gain access to the infected devices via the command and control server.

Android users should be cautious when downloading to their Android device. We definitely suggest a security app from the Android market from a trusted source.

Source: Infoworld/Symantec