The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: smartphone

OnePlus 6 Flaw Allows to Boot Any Image Even With Locked Bootloader

OnePlus 6 Flaw Allows to Boot Any Image Even With Locked Bootloader

June 11, 2018Mohit Kumar
Have you recently bought a OnePlus 6? Don't leave your phone unattended. A serious vulnerability has been discovered in the OnePlus 6 bootloader that makes it possible for someone to boot arbitrary or modified images to take full admin control of your phone—even if the bootloader is locked. A bootloader is part of the phone's built-in firmware and locking it down stops users from replacing or modifying the phone's operating system with any uncertified third-party ROMs, ensuring the system boots into the right operating system. Discovered by security researcher Jason Donenfeld of Edge Security , the bootloader on OnePlus 6 is not entirely locked, allowing anyone to flash any modified boot image on to the handset and take full control of your phone. In a video demonstration, Donenfeld showed how it is possible for an attacker with physical access to OnePlus 6 to boot any malicious image using the ADB tool’s fastboot command, giving the attacker complete control ove
Android P Will Block Background Apps from Accessing Your Camera, Microphone

Android P Will Block Background Apps from Accessing Your Camera, Microphone

February 26, 2018Mohit Kumar
Yes, your smartphone is spying on you. But, the real question is, should you care? We have published thousands of articles on The Hacker News, warning how any mobile app can turn your smartphone into a bugging device—' Facebook is listening to your conversations', ' Stealing Passwords Using SmartPhone Sensors', 'Your Headphones Can Spy On You' and 'Android Malware Found Spying Military Personnel' to name a few. All these stories have different objectives and targets but have one thing in common, i.e., apps running in the background covertly abuse ‘ permissions ’ without notifying users. Installing a single malicious app unknowingly could allow remote attackers to covertly record audio, video, and taking photos in the background. But, not anymore! In a boost to user privacy, the next version of Google's mobile operating system, Android P, will apparently block apps idling in the background from accessing your smartphone's camera a
Smart Devices Can Be Hijacked to Track Your Body Movements And Activities Remotely

Smart Devices Can Be Hijacked to Track Your Body Movements And Activities Remotely

August 20, 2017Unknown
If your smartphones, tablets, smart refrigerators, smart TVs and other smart devices are smart enough to make your life easier, their smart behavior could also be leveraged by hackers to steal data, invade your privacy or spy on you, if not secured properly. One such experiment has recently been performed by a team of student hackers, demonstrating a new attack method to turn smart devices into spying tools that could track your every move, including inferring sexual activity. Dubbed CovertBand , the attack has been developed by four researchers at the University of Washington's Paul G. Allen School of Computer Science & Engineering, and is so powerful that it can record what a person is doing through a wall. The CovertBand tracking system makes use of the built-in microphones and speakers—found in smartphones, laptops, tablets, smart assistant and other smart devices—as a receiver to pick up reflected sound waves, tracking the movements of anyone near the audio sourc
Dutch Police Seize Another Company that Sells PGP-Encrypted Blackberry Phones

Dutch Police Seize Another Company that Sells PGP-Encrypted Blackberry Phones

May 11, 2017Swati Khandelwal
The Dutch police arrested four suspects on Tuesday on suspicion of money laundering and involvement in selling custom encrypted BlackBerry and Android smartphones to criminals. The Dutch National High Tech Crime Unit (NHTCU), dedicated team within the Dutch National Police Agency aims to investigate advanced forms of cyber crimes, carried out investigation and found that the phone brand "PGPsafe" was selling customized BlackBerry and Android smartphones with the secure PGP-encrypted network to the "possible criminal end users." PGP (Pretty Good Privacy) is an open source end-to-end encryption standard that can be used to cryptographically sign emails, documents, files, or entire disk partitions in order to protect them from being spied on. Selling custom security-focused encrypted phones does not involve any crime itself, but Dutch police have discovered evidence, which indicates over the years such phones had been sold to organized criminals involved in
New Exploit to 'Hack Android Phones Remotely' threatens Millions of Devices

New Exploit to 'Hack Android Phones Remotely' threatens Millions of Devices

March 17, 2016Swati Khandelwal
Attention Android users! Millions of Android devices are vulnerable to hackers and intelligence agencies once again – Thanks to a newly disclosed Android Stagefright Exploit . Yes, Android Stagefright vulnerability is Back… …and this time, the Stagefright exploit allows an attacker to hack Android smartphones in 10 seconds just by tricking users into visiting a hacker's web page that contains a malicious multimedia file. A group of security researchers from Israel-based research firm NorthBit claimed it had successfully exploited the Stagefright bug that was emerged in Android last year and described as the "worst ever discovered" . The new Stagefright exploit, dubbed Metaphor , is detailed in a research paper [ PDF ] that guides bad guy, good guy as well as government spying agencies to build the Stagefright exploit for themselves. Just yesterday, we reported about critical vulnerabilities in Qualcomm Snapdragon chip that could be exploited
How to Install Android 6.0 Marshmallow and When will Your Smartphone Get it?

How to Install Android 6.0 Marshmallow and When will Your Smartphone Get it?

October 05, 2015Swati Khandelwal
Google is eager to release the latest version of its mobile operating system, Android 6.0 Marshmallow , to some of its Smartphone and Tablet lineup. The latest Android 6.0 Marshmallow update brings a whole host of new features, including Doze mode, App permissions, Google Now on Tap, "Do not disturb" setting, and easier volume controls, among other features.  Read: You can check out the key new features of Android 6.0 Marshmallow here. Along with the newly launched Nexus 5X and Nexus 6P , Google is also releasing its latest Android 6.0 Marshmallow update for its existing Nexus devices – Nexus 5, Nexus 6, Nexus 7 (2013), Nexus 9 and Nexus Player – starting today. But, When will Your Smartphone Get Android 6.0 Marshmallow? Google Nexus devices are the first ones to get Android 6.0 Marshmallow. Android 6.0 Marshmallow for  Motorola: Motorola also confirmed Friday to issue Android 6.0 Marshmallow software updates for a number of its smartph
BodyPrint Technology Turns Smartphones into Biometric Scanners

BodyPrint Technology Turns Smartphones into Biometric Scanners

April 27, 2015Mohit Kumar
Yahoo! don’t want you to every time type a PIN or swipe your phone or scan your thumbprint in order to unlock your smartphone. Instead, it only wants you to place your smartphone device on your ear in order to do that. A new concept from Yahoo’s Research Labs is out that doesn’t focus on old fingerprint biometric scanners that are major form of biometric security on today’s smartphones, rather focuses on an idea of Bodyprint as the futuristic biometric security. A team of researchers from the Internet giant has developed a new biometric system called " Bodyprint ," which is a much affordable alternative to fingerprint scanners for mobile phones. What does Bodyprint scan? Bodyprint, built by researchers Christian Holz, Senaka Buthpitiya, and Marius Knaust, is designed to utilize different body parts as biometric sensors for different cases, depending on how the users are using their phones. As mentioned above, Bodyprint can recognize you from your ears
Your Location has been Shared 5,398 Times in Last 14 Days

Your Location has been Shared 5,398 Times in Last 14 Days

March 30, 2015Swati Khandelwal
Do you realize how often your smartphone is sharing your location data with various companies? It is more than 5000 times in just two weeks. That is little Shocking but True! A recent study by the security researchers from Carnegie Mellon reveals that a number of smartphone applications collect your location-related data — a lot more than you think. The security researcher released a warning against the alarming approach: " Your location [data] has been shared 5,398 times with Facebook, GO Launcher EX, Groupon and seven other [applications] in the last 14 days. " During their study, researchers monitored 23 Android smartphone users for three weeks. First Week - Participants were asked to use their smartphone apps as they would normally do. Second Week - An app called App Ops was installed to monitor and manage the data those apps were using. Third Week - The team of researchers started sending a daily “ privacy nudge ” alert that would ping particip
Samsung Galaxy S6 and Galaxy S6 Edge — 8 Things You Should Know

Samsung Galaxy S6 and Galaxy S6 Edge — 8 Things You Should Know

March 02, 2015Swati Khandelwal
A whole lot of things gone in the official kickoff of Mobile World Congress 2015 , but a unique phone with a curved screen on both sides of the device acquired everybody’s attention. That’s what unveiled by Samsung late Sunday. Samsung has officially unveiled its next-generation flagship Smartphones — Samsung Galaxy S6 and Samsung Galaxy S6 Edge . This time, the company didn’t just focus on the specs and features, but also on design — unique and sleek. 1. EYE-CATCHING PREMIUM DESIGN Both Samsung Galaxy S6 and Samsung Galaxy S6 Edge comes with a sleek glass-and-metal body on the front and back. On one hand, the Samsung Galaxy S6 Edge has a screen that curves around both sides with a comfortable grip, giving the phone a much smarter look. While, the Samsung Galaxy S6 has the most beautiful appearence to ever exist in the entire Samsung's S series. The new Galaxy smartphones are made of 'stronger metal' and comes with the toughest glass, Corning Gorilla
Built-In Backdoor Found in Popular Chinese Android Smartphones

Built-In Backdoor Found in Popular Chinese Android Smartphones

December 18, 2014Swati Khandelwal
Chinese smartphone manufacturers have been criticized many times for suspected backdoors in its products, the popular Chinese smartphone brands, Xiaomi and Star N9500 smartphones are the top examples. Now, the China's third-largest mobile and world's sixth-largest phone manufacturer 'Coolpad' , has joined the list. Millions of Android smartphones sold by Chinese smartphone maker Coolpad Group Ltd. may contain an extensive "backdoor" from its manufacturer that is being able to track users, push unwanted pop-up advertisements and install unauthorized apps onto users' phones without their knowledge, alleged a U.S. security firm. OVER 10 MILLION USERS AT RISK Researchers from Silicon Valley online security firm Palo Alto Networks discovered the backdoor, dubbed " CoolReaper ," pre-installed on two dozens of Coolpad Android handset models, including high-end devices, sold exclusively in China and Taiwan. The backdoor can let attacke
Facebook SDK Vulnerability Puts Millions of Smartphone Users' Accounts at Risk

Facebook SDK Vulnerability Puts Millions of Smartphone Users' Accounts at Risk

July 03, 2014Mohit Kumar
Security researchers from MetaIntell, the leader in intelligent led Mobile Risk Management (MRM), have discovered a major security vulnerability in the latest version of Facebook SDK that put millions of Facebook user's Authentication Tokens at risk. Facebook SDK for Android and iOS is the easiest way to integrate mobile apps with Facebook platform, which provides support for Login with Facebook authentication, reading and writing to Facebook APIs and many more. Facebook OAuth authentication or ‘ Login as Facebook ’ mechanism is a personalized and secure way for users to sign into 3rd party apps without sharing their passwords. After the user approves the permissions as requested by the application, the Facebook SDK implements the OAuth 2.0 User-Agent flow to retrieve the secret user’s access token required by the apps to call Facebook APIs to read, modify or write user's Facebook data on their behalf. ACCESSING UNENCRYPTED ACCESS TOKEN It is important that
Wiko Mobiles Can be Remotely Crashed with a Text Message

Wiko Mobiles Can be Remotely Crashed with a Text Message

June 13, 2014Swati Khandelwal
A vulnerability has been identified in Wiko Mobiles that could allow anyone to remotely  force it to shut down abruptly with a text message only. Wiko is  a two-year-old French Mobile manufacturing company known for its cheapest mobiles and smartphones. French  blogger Korben reported that just by sending a  Short Message Service (SMS) with text  "="  (without the quotes) to Wiko mobiles could force them to restart and  knock them off a cellular network. He demonstrated the flaw in a video as shown below: He successfully tested Wiko Mobile flaw with official Android operating system and also reproduced it with custom Android ROM i.e. CyanogenMod, which concludes that the flaw could be in Wiko Mobile Hardware, rather than software. The Flaw was accidentally discovered by a reader, so currently we have no technical explanation that why Wiko mobiles can't behave equal as other smartphones do after receiving 'equal' symbol in SMS. If y
WhatsApp Flaw leaves User Location Vulnerable to Hackers and Spy Agencies

WhatsApp Flaw leaves User Location Vulnerable to Hackers and Spy Agencies

April 16, 2014Swati Khandelwal
If you are using WhatsApp to chit-chat with your friends or relatives, then you should be careful about sharing your location with them using WhatsApp ‘Location Share’ feature. No doubt, WhatsApp communication between your phone and company’s server is now encrypted with SSL, which means whatever you are sharing with your friends, is secured from the man-in-the-middle attacks . But the extremely popular instant messaging service for Smartphones that delivers more than 1 billion messages per day has another serious security issue. According to Researchers at UNH Cyber Forensics Research & Education Group , WhatsApp location sharing service could expose your location to hackers or Spy Agencies. While sharing the location on WhatsApp users need to first locate themselves on Google Map within the app window, as shown:  Once selected, WhatsApp fetches the location and thumbnail (an image) from the Google Map service to share it as the message icon, but unfortunately Wh
Mobile Charger That Can Power-Up Your Smartphone in 30 Seconds

Mobile Charger That Can Power-Up Your Smartphone in 30 Seconds

April 12, 2014Swati Khandelwal
Going for a meeting or for a party and your Phone's battery discharged? Oops!  Yes, I know this happens with most of us once in a day or I can rather say all of us. Smartphones are smart enough but not that smarter as expected keeping in mind today’s lifestyle. Phones are the basic necessity now-a-days, but this comes up with another tension-tension of charging at regular intervals, which took most of our precious time. GET-SET CHARGE IN 30 SECONDS Now, if I say that your Smartphone will charge in just 30 seconds, then you definitely won’t believe it. But saying this won't be wrong, Israeli start-up claims to have created a battery that uses nanotechnology to charge your Smartphone in 30 seconds. StoreDot unveiled the device Monday at Microsoft's Think Next Conference in Tel Aviv . The prototype charger is capable to charge your Smartphone 100% within few blinks of your eyes, all in about 30 seconds. It depends on bio-organic quantum dots that are na
First Paid Fake Android Antivirus App Downloaded 10,000 times from Google Play Store

First Paid Fake Android Antivirus App Downloaded 10,000 times from Google Play Store

April 07, 2014Swati Khandelwal
Well, we all are very conscious, when it comes to the security of our personal information, security of our financial data and security of everything related to us. In the world of Smart devices where our Smartphones knows more than we know ourselves. To keep our device protected from harmful viruses, malware or spyware, we totally depend on various security products such as antivirus, firewall and privacy guard apps, that we typically install from some trusted sources, Google Play Store. Most Antivirus apps are available to download for free, but some of them are paid with extra premium features like advance firewall protection, anti theft, App Locker or Cloud Backup etc. But do you believe that just because you're downloading an application from an official app store and also if its a premium paid version, you're safe from malicious software? Think twice. PAID, BUT FAKE ANTIVIRUS APP In Past, Mobile Security Researchers had spotted numerous fake mobile anti
Free Microsoft Windows for the Internet of Things and Mobile Devices

Free Microsoft Windows for the Internet of Things and Mobile Devices

April 07, 2014Swati Khandelwal
Tomorrow, 8th April could be a sad day for all those who are still using Windows XP, as it is an official assassination day of it, but there is also a good news that Microsoft is going to stop charging for its Windows Operating System on on the devices with screens smaller than nine inches. Yes, Free a Windows OS for the  Internet of Things (IoTs) ,  such as Mobile Devices, Smart thermostats, Smart TVs, wearable devices etc., that was announced by Microsoft at Build 2014 conference on Wednesday. “ To accelerate the creation of great mobile devices running Windows and grow our number of users, we announced today that Windows will be available for $0 to hardware partners for Windows Phones and tablets smaller than 9” in size, ” said Terry Myerson, executive vice president, OS Group at Microsoft and he also added that it will include a one-year subscription to Office 365. FREE, BUT NOT OPEN SOURCE Free Windows , means the manufacturers of small tablets, phones and any o
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.