latest
aCropalypse vulnerability can recover sensitive information previously removed from Pixel screenshots
A newly revealed vulnerability could reveal previously redacted details from screenshots if the edits were made using a Pixel device.
A new vulnerability was revealed by researchers Simon Aarons and David Buchanan that allows previously redacted details to be reclaimed, if the screenshots were taken and changes were made, using the markup editing tool found on Google Pixel devices. While the issue has been addressed in the latest March security patch, the problem still remains in all the images and screenshots that were shared over the years prior to this patch.
This exploit lets you unlock the bootloader of the Google Chromecast with Google TV
You can unlock the bootloader of the Google Chromecast with Google TV to run unsigned code or boot a custom OS, but there are some caveats.
The Google Chromecast with Google TV is one of the best media streaming dongles out there. The little piece of hardware not only unlocks 4K video streaming at 60fps for connected devices, but it also brings support for HDR content, Dolby Vision, and Dolby Atmos audio. The device can even be considered a capable gaming console thanks to receiving official support for Google's Stadia cloud gaming service. Now, developers have been able to successfully unlock its bootloader, opening up even more possibilities.
It's now easy to bypass MediaTek's SP Flash Tool authentication
A group of developers has created a Python utility to bypass the authentication routine of MediaTek SP Flash Tool. Check it out now!
Devices with MediaTek chipsets have a BROM (boot read-only memory), which typically loads the preloader executable and subsequently boots the Android system, but also houses an alternative boot mode known as Download mode. It is strictly intended for OEM servicing and can be used to unbrick a device, just like Qualcomm’s Emergency Download Mode (EDL). A MediaTek-made proprietary program called "SP Flash Tool" can utilize this interface to force flash the system software on a device. Since the low-level download mode effectively has full control over the device’s storage, many OEMs including Xiaomi and Realme have started obfuscating the flashing process. Because of this practice, firmware flashing via download mode can only be performed by a signed “Download Agent” program that has been authorized by the corresponding OEM, essentially meaning that you can't flash or unbrick your own smartphone unless you have permission from the device maker to do so.
Here's why you should be wary of installing anything that sets SELinux to permissive
An undocumented Android feature allows any arbitrary app to gain root access on a permissive SELinux environment. Read on to know more!
In the world of Android modding, people tend to regard root access as the cornerstone of all things. It allows users to take complete control of their devices and add features that aren't always available in the stock configuration. But as they say — "with great power comes great responsibility" — it's not wise to bypass Android's security model unless you know what you're getting into. For veteran Android enthusiasts on our forums, you are probably aware of the potential for backdoors to exist on your device, and you are more likely to be running a trusted root-enabled mod on top of the latest Android version with the latest security patches. Having said that, you might know a few people who don’t really care about what root tweaks they install so long as they seemingly work for them. This is why you can still find a truckload of mods that only work when SELinux is set to permissive, which, in turn, leave their users extremely susceptible to security threats.
Critical MediaTek rootkit affecting millions of Android devices has been out in the open for months
A critical flaw in MediaTek processors went unpatched in devices due to OEM neglect. Google hopes the March 2020 Android Security Bulletin will fix this.
On the first Monday of every month, Google publishes the Android Security Bulletin, a page that discloses all the security vulnerabilities and their patches submitted by Google themselves or other third-parties. Today was no exception: Google just made public the Android Security Bulletin for March 2020. One of the vulnerabilities that are documented in the latest bulletin is CVE-2020-0069, a critical security exploit, specifically a rootkit, that affects millions of devices with chipsets from MediaTek, the large Taiwanese chip design company. Although the March 2020 Android Security Bulletin is seemingly the first time that CVE-2020-0069 has been publicly disclosed, details of the exploit have actually been sitting openly on the Internet—more specifically, on the XDA-Developers forums—since April of 2019. Despite MediaTek making a patch available a month after discovery, the vulnerability is still exploitable on dozens of device models. Even worse, the vulnerability is actively being exploited by hackers. Now MediaTek has turned to Google to close this patch gap and secure millions of devices against this critical security exploit.
Fortnite Installer could be abused to silently install apps on Galaxy phones
Fortnite Mobile on Android's installer app was exploitable in its first release. It could be abused to silently install any app on Samsung Galaxy phones.
The launch of Fortnite Mobile on Android hasn't been too great, especially since many of the supported devices really struggle to play the game with acceptable frame rates. The game launched as a Samsung Galaxy exclusive for only 3 days. The Fortnite Installer was first available on Samsung Galaxy Apps before Epic Games allowed non-Samsung players to download and install the full game from the Fortnite Installer obtained on Epic's website. Shortly after the Fortnite Installer became available, Epic Games quietly pushed an update to the Installer. Now we know why: They patched a Man-in-the-Disk exploit that made it possible for a malicious app to silently install any app they wanted on Samsung Galaxy smartphones. Because there has been some confusion about how this flaw works, we'll try to clear things up. First, we need to explain the basics of app installation on Android.
SunShine bootloader unlock (S-Off) tool now supports the HTC U12+
SunShine is a tool which allows you to S-OFF your HTC smartphone. The HTC U12+ is now supported, check out what that means for you here.
SunShine is a popular tool used primarily on HTC devices for enabling S-OFF. The tool was updated to support the HTC U11 earlier this year, and now it supports the HTC U12+. Without being able to S-OFF, modding HTC devices becomes a great difficulty. This release should open the door to the true modding capability of the device.
[Update: Fix] Bootloader Protection Bypass Discovered on OnePlus 6 (requires physical access)
A serious vulnerability in the OnePlus 6 bootloader has been discovered. This exploit, which requires physical access, bypasses all security measures.
The OnePlus 6 was made official in the middle of last month. The device has only recently started to make its way into the hands of consumers and developers on our forums, and already we're hearing about the work that's being done. An official build of TWRP is already available and work is progressing nicely on an unofficial LineageOS 15.1 GSI. The OnePlus 6 isn't only receiving attention from users interested in the device for their personal use or projects, however, as security researchers are starting to take a closer look at the device to see what they can find.
New Rowhammer Exploits use Hardware Vulnerabilities to Root LG, Samsung, and Motorola Devices
New Rowhammer exploit successfully roots LG, Samsung, and Motorola devices using bit-flips. The exploit was previously thought to be unviable.
Google is constantly at war with hackers seeking to maliciously exploit security vulnerabilities in their products. Back in the middle of 2014, Google assembled a team of security analysts called 'Project Zero' to report zero-day exploits to the company so they can be patched before any nefarious third-party can take advantage of the undisclosed security hole. One such vulnerability, dubbed the 'Rowhammer' exploits, involves repeatedly accessing a row of memory to cause 'bit-flips' in adjacent rows of memory. This exploit occurs in some DRAM devices and can be used to gain read-write privileges to all of physical memory even within a user-space process.
Stagefright Explained: The Exploit That Changed Android
Stagefright is amongst the worst exploit Android has seen in recent. Click to read more about the specifics and to know how to protect yourself!
One of the strongest points of Android has primarily been its open source nature, which allows for stakeholders to fork, modify and redistribute the OS in a way that suits their particular needs. But this very advantage of being open source acts like a double-edged sword when it comes to the issues of malware and security. It is easier to find and patch flaws when you have a lot of able contributors on a project whose source code is available freely. However, fixing the issue at the source level does not often translate into the problem being fixed in the hands of the final consumer. As such, Android is not the premier choice when it comes to choosing an OS for data-sensitive enterprise needs.