Another silly file permissions bug. At least the exploitation of this one was a little bit more interesting.
Yawn. LG loses, users win.
Read the rest of this entry »
Someone mentioned to me that yesterday’s root for the Motorola XYBoard appeared to not work on the Xoom Family Edition (FE), so I took a look. What I found was a set of vulnerabilities so egregious that it’s hard to not draw comparisons to a deliberate backdoor.
Another day, another tablet rooted. I wonder when Motorola will realize that it’s hopeless to try to prevent device owners from controlling their own hardware.
Read the rest of this entry »
Someone told me that LG patched the last vulnerability used to root the LG Esteem. Here’s another root.
Read the rest of this entry »
Yesterday, I tried a little experiment in releasing a root exploit for the Motorola Droid 4. I set up a bounty, where the first $200 would go towards me buying myself a Droid 4 in exchange for the work I’ve done developing the exploit, and the remaining bounty money would go directly to the American Red Cross. I thought this would be a good arrangement for everyone: users get a shiny root exploit for a few bucks, I get a new phone in payment, and money gets donated to charity. Everybody wins.
Read the rest of this entry »
After getting a taste of rooting tablets with the Lenovo Thinkpad tablet, I decided to turn my attention to the Sony Tablet S. It turned out to be a tough device to root.
Another day, another Android root. Let’s just skip the details this time and let Lenovo figure it out for themselves. The following root package only works on Windows. I feel like a Linux traitor right now, but 99% of the people using this run Windows, and if you run Linux, just peek at the batch script and perform the steps manually.
Recently, the EFF launched an initiative to collect and analyze Carrier IQ profiles, which dictate exactly what information is collected by the Carrier IQ application, and where and when it is submitted to the carrier. Jered Wierzbicki and Peter Eckersley published a great tool that converts the profiles, which are WBXML-encoded blobs, to human-readable XML.
However, not all Carrier IQ profiles are stored in this format on disk. Instead, they may be kept inside a file named “archive.img”. In this post, I describe how I reverse engineered the format used to store these profiles in order to create a tool to extract them.
Read the rest of this entry »
Since the beginning of the media frenzy over CarrierIQ, I have repeatedly stated that based on my knowledge of the software, claims that keystrokes, SMS bodies, email bodies, and other data of this nature are being collected are erroneous. I have also stated that to satisfy users, it’s important that there be increased visibility into what data is actually being collected on these devices. This post represents my findings on how CarrierIQ works, and what data it is capable of collecting.
Read the rest of this entry »