Search the Community
Showing results for tags 'phones'.
-
Am nevoie de ajutor va rog.am cautat pe tot google-ul despre root-area unui utok500d nu gasesc nimic fiecare cacat de program de acolo e facut pentru alte modele de telefoane ...pula mea sunt niste pisaturi gen kingroot sau plm .Daca ma puteti ajuta va rog din suflet cu o licienta la one click root e platita ,sunt sarac jur nu am bani de prea multe daca am utok dar va rog ceva acolo ceva care sa ma jute va rog e un telefon bun pentru mine altfel nu cerseam ceva ajutor aici.
-
Researchers have revealed that Android's 'factory reset' feature doesn't remove all data from devices, leaving up to 500 million users open to attack. The University of Cambridge has revealed that, even with full-disk encryption in play, performing a factory reset on Android smartphones leaves sensitive information up for grabs on the majority of devices. The university examined 21 phones, running Android versions 2.3 to 4.3, and found could up to 500 million Android devices might be at risk of leaving personal data available to attackers after being 'reset.' For example, the researchers found that they were easily able to access the previous owners Gmail account on 80 percent of the devices it tested. "We were able to retrieve the Google master cookie from the great majority of phones, which means that we could have logged on to the previous owner’s gmail account," the researchers said. All of the 21 phones left some sensitive data behind, including information generated by Facebook and WhatsApp, images, videos and text messages. They researchers noted Google's own-brand Nexus firms fared better than those from the likes of HTC and Samsung, but said that all vendors need to do more to protect user data. "The reasons for failure are complex; new phones are generally better than old ones, and Google’s own brand phones are better than the OEM offerings. However the vendors need to do a fair bit of work, and users need to take a fair amount of care." This research follows an investigation carried out back in 2014 which revealed that CEX and Cash Converters have been selling second-hand mobile phones containing sensitive information from their previous owners, despite promising these customers that the phones would be fully wiped before being sold on. In a seperate report, the Cambridge researchers note that such companies could carry out large-scale attacks given the sensitive data they are able to access, made easier by third-party remote wiping service that also fail to clear information from devices. "Antivirus software that relies on a faulty factory reset can only go so far, and there’s only so much you can do with a user process," the researchers said. "These failings mean that staff at firms which handle lots of second-hand phones (whether lost, stolen, sold or given to charity) could launch some truly industrial-scale attacks." These findings could spell bad news for businesses, with Good Technology revealing earlier this month that Android accounted for 26 percent of enterprise smartphone activiations in the first quarter of 2015. Source
-
Some of the IP phones designed by Cisco for small businesses are plagued by a vulnerability that allows a remote attacker to eavesdrop on conversations and make phone calls from affected devices, the company revealed last week. The unauthenticated remote dial vulnerability (CVE-2015-0670) affects version 7.5.5 and possibly later versions of Cisco Small Business SPA300 and SPA500 series IP phones.Cisco IP phones According to an advisory published by Cisco, the flaw is caused by improper authentication settings in the affected software’s default configuration. A remote, unauthenticated attacker can exploit the weakness by sending a maliciously crafted XML request to the targeted IP phone. Malicious actors could obtain sensitive information by listening in on audio streams from the device. They can also leverage the bug to make phone calls remotely from a vulnerable phone. “A successful exploit could be used to conduct further attacks,” Cisco said. “To exploit this vulnerability, an attacker may need access to trusted, internal networks behind a firewall to send crafted XML requests to the targeted device. This access requirement may reduce the likelihood of a successful exploit,” the company noted in its advisory. Cisco has confirmed the security hole, but updates that address this issue are not yet available. The company believes it’s unlikely for this medium severity vulnerability to be exploited. Until security updates become available, administrators are advised to enable XML execution authentication from the device’s settings menu, and limit network access to trusted users. The security hole was discovered by Chris Watts of Tech Analysis. In July 2014, the researcher reported two other flaws impacting Cisco SPA300 and SPA500 series IP phones: a cross-site scripting (XSS) vulnerability (CVE-2014-3313), and a vulnerability that can be exploited by a local attacker to execute arbitrary commands (CVE-2014-3312). At around the same time, Watts also identified a remote code execution flaw in Cisco modems. Earlier this month, Cisco announced the availability of security updates that fix vulnerabilities in Cisco Intrusion Prevention System (IPS), TelePresence Video Communication Server (VCS), Expressway, and TelePresence Conductor. Sursa
-
Security experts are still trying to assess the effects of the reported attack on SIM card manufacturer that resulted in the theft of millions of encryption keys for mobile phones around the world, but it’s safe to say that the operation has caused reverberations throughout the industry and governments in several countries. The attack, reported by The Intercept, is breathtaking in its scope and audacity. Attackers allegedly associated with the NSA and GCHQ, the British spy agency, were able to compromise a number of machines on the network of Gemalto, a global manufacturer of mobile SIM cards. The attackers have access to servers that hold the encryption keys for untold millions of mobile phones, allowing them to monitor the voice and data communication of those devices. The document on which the report is based was provided by Edward Snowden, and it says in part, “Gemalto–successfully implanted several machines and believe we have their entire network…” If true, that would mean that the attackers had access to far more than just those SIM encryption keys. Gemalto officials said in a statement that they were previously unaware of this operation. “The publication indicates the target was not Gemalto per se – it was an attempt to try and cast the widest net possible to reach as many mobile phones as possible, with the aim to monitor mobile communications without mobile network operators and users consent. We cannot at this early stage verify the findings of the publication and had no prior knowledge that these agencies were conducting this operation,” the statement says. Security researchers have said since the beginning of the NSA scandal–and before that, in some cases–that the agency and its allies have an intense interest in monitoring mobile communications. Mobile networks present different challenges than traditional computer networks do for attackers, but they are not insurmountable ones for organizations with the resources of NSA and GCHQ. Gemalto, as one of the larger SIM manufacturers on earth, would be a natural target for signals intelligence agencies, as it provides products to hundreds of wireless providers, including Verizon, AT&T and Sprint. Bruce Schneier, CTO of CO3 Systems and a noted cryptographer, said that this operation may represent the most serious revelation of the Snowden documents. “People are still trying to figure out exactly what this means, but it seems to mean that the intelligence agencies have access to both voice and data from all phones using those cards,” Schneier said on his blog. “I think this is one of the most important Snowden stories we’ve read.” The Gemalto revelation could have long-term effects for the technology industry and its relations with the government in the United States and UK. The relationships already have been strained by past revelations of NSA operations against infrastructure owned by companies such as Google, Yahoo and many others. This latest revelation likely won’t help matters. But White House officials aren’t worried. “We certainly are aware of how important it is for the United States government to work with private industry; that there are a lot of situations in which our interests are pretty cleanly aligned. And there are certainly steps that the U.S. government has taken in the name of national security that some members of private industry haven’t agreed with. But I do think that there is common ground when it comes to — and this is a principle that I’ve cited before — it’s hard for me to imagine that there are a lot of technology executives that are out there that are in a position of saying that they hope that people who wish harm to this country will be able to use their technology to do so,” Josh Earnest, White House press secretary, said during a briefing on Friday. Source
-
Android phones can be tracked without using their GPS or wi-fi data by studying their power use over time, a study has found. A smartphone uses more power the further away it is from a cellular base and the more obstacles are in its way as it reaches for a signal. Additional power use by other activities could be factored out with algorithms, the researchers found. They created an app designed to collect data about power consumption. "The malicious app has neither permission to access the GPS nor other location providers (eg cellular or wi-fi network)," the team - Yan Michalevsky, Dan Boneh and Aaron Schulman, from the computer science department at Stanford University, along with Gabi Nakibly, from Rafael Ltd - wrote in their paper. "We only assume permission for network connectivity and access to the power data. "These are very common permissions for an application, and are unlikely to raise suspicion on the part of the victim." There are 179 apps currently available on Android app store Google Play that request this information, the team add. Activity such as listening to music, activating maps, taking voice calls or using social media all drain the battery but this can be discounted due to "machine learning", the report says. "Intuitively the reason why all this noise does not mislead our algorithms is that the noise is not correlated with the phone's location," it says. "Therefore a sufficiently long power measurement (several minutes) enables the learning algorithm to 'see' through the noise." The tests were carried out on phones using the 3G network but did not measure signal strength as that data is protected by the device. 'Stuffed with sensors' "With mobile devices now becoming ubiquitous, it is troubling that we are seeing so many ways in which they can be used to track us," said cyber-security expert Prof Alan Woodward, from Surrey University. "I think people sometimes forget that smartphones are stuffed full of sensors from gyroscopes and GPS to the more obvious microphones and cameras. "This latest work shows that even that basic characteristics (power consumption) has the potential to invade privacy if monitored in the right way," he added. "We are approaching the point where the only safe way to use your phone is to pull the battery out - and not all phones let you do that." Source