#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

how to root android | Breaking Cybersecurity News | The Hacker News

RAMpage Attack Explained—Exploiting RowHammer On Android Again!

RAMpage Attack Explained—Exploiting RowHammer On Android Again!
Jun 29, 2018
A team of security researchers has discovered a new set of techniques that could allow hackers to bypass all kind of present mitigations put in place to prevent DMA-based Rowhammer attacks against Android devices. Dubbed RAMpage , the new technique (CVE-2018-9442) could re-enable an unprivileged Android app running on the victim's device to take advantage from the previously disclosed Drammer attack , a variant of DRAM Rowhammer  hardware vulnerability for Android devices, in an attempt to gain root privileges on the target device. You might have already read a few articles about RAMpage on the Internet or even the research paper, but if you are still unable to understand— what the heck is RAMpage —we have briefed the research in language everyone can understand. Before jumping directly on the details of RAMpage, it is important for you to understand what is RowHammer vulnerability, how it can be exploited using Drammer attack to hack Android devices and what mitigations G

OnePlus Left A Backdoor That Allows Root Access Without Unlocking Bootloader

OnePlus Left A Backdoor That Allows Root Access Without Unlocking Bootloader
Nov 14, 2017
Another terrible news for OnePlus users. Just over a month after OnePlus was caught collecting personally identifiable information on its users, the Chinese smartphone company has been found leaving a backdoor on almost all OnePlus handsets. A Twitter user, who goes by the name "Elliot Anderson" ( named after Mr. Robot's main character ), discovered a backdoor (an exploit) in all OnePlus devices running OxygenOS that could allow anyone to obtain root access to the devices. The application in question is " EngineerMode ," a diagnostic testing application made by Qualcomm for device manufacturers to easily test all hardware components of the device. This APK comes pre-installed ( accidentally left behind ) on most OnePlus devices, including OnePlus 2, 3, 3T, and the newly-launched OnePlus 5. We can confirm its existence on the OnePlus 2, 3 and 5. You can also check if this application is installed on your OnePlus device or not. For this, simply go t

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu

Over 1 Million Google Accounts Hacked by 'Gooligan' Android Malware

Over 1 Million Google Accounts Hacked by 'Gooligan' Android Malware
Nov 30, 2016
If you own an Android smartphone, Beware! A new Android malware that has already breached more than 1 Million Google accounts is infecting around 13,000 devices every day. Dubbed Gooligan , the malware roots vulnerable Android devices to steal email addresses and authentication tokens stored on them. With this information in hands, the attackers are able to hijack your Google account and access your sensitive information from Google apps including Gmail, Google Photos, Google Docs, Google Play, Google Drive, and G Suite. Researchers found traces of Gooligan code in dozens of legitimate-looking Android apps on 3rd-party app stores, which if downloaded and installed by an Android user, malware starts sending your device's information and stolen data to its Command and Control (C&C) server. "Gooligan then downloads a rootkit from the C&C server that takes advantage of multiple Android 4 and 5 exploits including the well-known VROOT (CVE-2013-6282) and Towelroot (CV

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

New Drammer Android Hack lets Apps take Full control (root) of your Phone

New Drammer Android Hack lets Apps take Full control (root) of your Phone
Oct 24, 2016
Earlier last year, security researchers from Google's Project Zero outlined a way to hijack the computers running Linux by abusing a design flaw in the memory and gaining higher kernel privileges on the system. Now, the same previously found designing weakness has been exploited to gain unfettered "root" access to millions of Android smartphones, allowing potentially anyone to take control of affected devices. Researchers in the VUSec Lab at Vrije Universiteit Amsterdam have discovered a vulnerability that targets a device's dynamic random access memory (DRAM) using an attack called Rowhammer . Although we are already aware of the Rowhammer attack , this is the very first time when researchers have successfully used this attack to target mobile devices. What is DRAM Rowhammer Attack? The Rowhammer attack against mobile devices is equally dangerous because it potentially puts all critical data on millions of Android phones at risk, at least until a secu

Chainfire's SuHide — Now You Can Hide Your Android Root Status On Per-App Basis

Chainfire's SuHide — Now You Can Hide Your Android Root Status On Per-App Basis
Aug 30, 2016
Famous Android developer Chainfire released an experimental hack with a new app, called " Suhide ," that allows users to hide the root status of their rooted Android devices on an app-by-app basis. Rooting your Android device can bring a lot of benefits by giving you access to a wide variety of apps and deeper access to the Android system...But at what cost? One of the major drawbacks of rooting your device is losing access to certain apps, which includes banking, payment and corporate security apps that work with financial and confidential data, such as your bank details. Such apps don't work on rooted devices. A great example for this is Google's Android Pay . Since its launch, developers has been working hard to get Android Pay working for rooted devices, but unfortunately, they have not gotten much success. But Why Rooted Devices? It's because Google cares about your security. SafetyNet — That's How Google Detects Tampered Devices Google
Cybersecurity Resources