This. Is. Major.
So, I have been meaning to create an xda-developers account for a while. And one of the reasons is this - a major security vulnerability potentially usable for data theft.
On all versions of android, If you have root, you can find information for ALL (previously, i think even if you press forget) wifi networks you have connected to. Even by WPS. The same goes for p2p. The file is located in /data/misc/wifi/ and is called wpa_supplicant.conf (p2p_supplicant.conf for p2p). This file contains a lot of sensitive information like the mac addresses, ssid's and passwords/passkeys. Keep in mind that these are ALL entirely unencrypted and are plain text format.
Here is an example of mine:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
You may be wondering: so this only affects root users?
Well, the answer is no.
An app could perform temporary root and send a copy of the wpa_supplicant.conf file to an attacker
and of course, an ordinary user would be none the wiser, for the root would be gone on the next boot up and they would not even have a clue what root is.
I do alot of root projects and it is my passion. This is something I have come across over time. I know this is the case from as far back as android eclair (2.1) to android oreo (8) but dont have an older android device to test it with.
Also, please try to mark this as a helpful post. I think I have made a breakthrough in Htc Wildfire Buzz (and potentially other devices) Network Unlocking via Root, but I cant post it here.
huh? This is not an exploit, if you say so then all the devices running an operating system is potentially exploitable. It all comes down to application's trust and system firewall to prevent this from happening.
Besides you don't need to root/administrator privileges to get MAC ID, wifi password on any operating system.
SpiritBreak3r said:
huh? This is not an exploit, if you say so then all the devices running an operating system is potentially exploitable. It all comes down to application's trust and system firewall to prevent this from happening.
Besides you don't need to root/administrator privileges to get MAC ID, wifi password on any operating system.
Click to expand...
Click to collapse
Ah yes sorry i confused it! Either way, this is major, root or no root
Related
I just installed a pretty slick little program that claims to be an antivirus, firewall, data backup, phone locator, etc. But that got me wondering... I would never ever connect my pc to the internet without heavy-duty firewall and antivirus software running. But I've never had it on my HTC HD2 running WM 6.5.5. Is it even necessary?
I've never seen an alert about a virus on this board or any blog/column sites. Is such software needed? Is it just a case of "playing it safe"?
Thought?
Thanks!
It's not really worth having any Antimalware or firewall on a Windows Mobile device. There have been very minor virus problems on Windows Mobile before, but the Antivirus applications were never any help until months after the viruses were discovered (since there are no Heuristics and the databases are generally updated monthly).
IMHO it's completely unnecessary on a phone and will only slow the device, so don't bother. Besides, while not the most elegant solution, the myriad of data/contact backup applications which could be used along side a hard reset could pretty much fix all the damage done by malware (provided the malware is not backed up as well!)
IF you plan on flashing roms at the rate of a normal member here you do not need antivirus. After a Hard reset the virus will be inoculated. Also getting a virus is very unlikely om wm.
dc41 said:
Is it even necessary?
Click to expand...
Click to collapse
In short, No.
In long, Noooooooooooooooooooooooooooooooooooooooooooooooo.
MalekoUK said:
In short, No.
In long, Noooooooooooooooooooooooooooooooooooooooooooooooo.
Click to expand...
Click to collapse
Thanks!
How do I prevent the fancy unit conversion tool etc from sending my phone number and my e-mail address (real name) to the manufacturer who then sells the data?
How do I prevent various apps from connecting to the internet and wasting my data volume?
-Tiz- said:
How do I prevent the fancy unit conversion tool etc from sending my phone number and my e-mail address (real name) to the manufacturer who then sells the data?
How do I prevent various apps from connecting to the internet and wasting my data volume?
Click to expand...
Click to collapse
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
One cannot say that there are 0 viruses for WinMo, but they are so less that an anti-virus is not really required.
Just watch where from and what you are installing and you should be fine.
Thread direction seems to be right. The topic is about AVs and firewalls.
I do not believe that an AV is of major importance. But I can hardly live without a firewall.
By now, some you have seen reports about the latest bit of under-the-covers eavesdropping, this time by HtcLoggers.apk. In case you haven't, this post on Android Police details the whole thing pretty well.
One thing that really caught my attention was the graphic showing all the different ways various bits of Android snoop on you:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Those of us not running HTC software don't have to worry about most of these. The one that remains for all of us, at least according to the research so far, is Google Checkin, part of GoogleServicesFramework.apk. You can see in the graphic what kind of information Checkin collects and where it puts it. I've seen /data/system/dropbox before, occasionally I clear it out because it collects a huge number of files. I hadn't really paid much attention to /data/system/usagestats.
Using Root Explorer, I see that the permissions on both these directories is rwx------. As an experiment, to see if I can block whatever Checkin is collecting, I deleted their contents and then removed all permissions on these directories (and rebooted for good measure). I did this about an hour ago. So far, the directories have remained empty.
My G2 (running ILWT CM7 build 216) appears to be functioning normally, including the Market. If anything malfunctions, I'll report here.
Update. More directories to block: /data/anr, /data/tombstones, /data/dontpanic. File to block: /data/system/userbehavior.db (I first used SQLite Editor to empty the file).
Do not attempt this procedure on /data/system/throttle -- this caused my phone to enter a boot loop, which I had to repair by booting into recovery and then reverting my permissions change through ADB.
Quick follow-up... Looks like removing all permissions on the two directories has no effect on the phone's behavior. I've seen no breakage and the directories remain empty. So if you want to thwart some data collection, this looks like a decent approach.
So now that some time has passed, what is veridict? Were there any averse affects on the phone? Does everything still work?
Still seeing no problems. I did the same thing to my Nook Color, and it's also behaving normally.
This is very interesting, I'll try changing the permissions too.
Updated original post: added a few more directories to block based on additional information reported by the Carrier IQ Logging Test App.
I also gave this a try...
And so far so good! Thanks!
I have been toying around a bit with the feature of full phone encryption (not just the apps and data but also the "sdcard" internal storage partition.
Observation 1 (which may or not be known or evident to you already, but which I still find odd): It is possible to encrypt a "full" or half full device, but it seems to be not possible to go and decrypt the device again later on while retaiing the data (assuming the right password of course). Being a long time user of Truecrypt I find this irritating, one could of course argue it is safety measure of some kind, but I really would see no harm in enabling the possibility. As the password would of course be required to get into the system and initiate the decryption process there is no additional risk - if the attacker already has the password he can use it to gain access and copy the plaintexted data someplace else anyways. So is this caused by architecture of the pre boot authorization, just sloppy and careless coding or am I missing something vital here?
Observation 2: The performance impact with encryption enabled is worse than I would have dared to believe. I used two different SD Card Speed measurement apps from the market to test speed on a regular, non-encrypted setup and on an encrypted setup.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Encryption enabled
Plaintext operation
All other settings in the apps and the device were identical.
Is this sloppy coding or are the Snapdragon CPU just ill-equipped to handle encryption algorithms efficiently enough? I don't really want to get into a grassroots debate here over how useful encryption may or may not be on a device that most of us want s-off and rooted, therefore allowing all sorts of exploits etc. but I am honestly surprised by the heavy performance hit.
Does anyone know what algorithms are used? I assume some run of the mill AES?
I bought 2 Chinese smartphones: One is from a company called "Doogee", and the second is called "BlackView"
The Doogee one came with many weird apps preinstalled, so I installed Malwarebytes, and it detected 2 malwares. Both removed. After a day, Malwarebytes prompted me that a malware app is trying to install itself (one of those I removed!) - So I stopped using this phone. Hopefully did not risk too much of my personal information (passwords, emails, etc).
Meanwhile, the other Chinese phone I ordered has arrived. Knowing about those security issues now, I immediately installed Malwarebytes, and it detected that the Sound Recorder app is a malware, and is actually using data(?):
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
T
@TroyGuard I would recommend to search for a custom rom build from source to get rid of that stock spy roms :good:
@TroyGuard
personally I wouldn't use them but as you have bought phones you probably want to.
Though on twitter recently Elliot Alderson (@fs0c131y was asking for such phones to analyse, he'd probably be happy to get one!
So If no custom ROM then you should be able to freeze those apps, system or preinstalled, that are risky or unknown (though they often come back, so freeze normally better). If you read the recent threads you will find links to a number of ways to do this, eg using TWRP, ADB, apps like Debloater etc which may work on those phones
WARNING: be careful freezing system apps, freezing an essential app can make your phone unusable, check online first if in doubt
Change all your passwords after this is done, to be safe.
(though there is still the possibility of a hardware backdoor , but I've not seen any reports of this.)
(Note: you probably won't get automatic OTA updates anymore as the ota updater is often part of the problem, besides you would have to refreeze apps after new install, but might be worth updating manually if it gives you important security patches)
Whenever I try to format to factory settings it says 'No PDP scenario exists!'. I'm not sure if it's normal or if there's even anything wrong with it. I was hoping somebody here could look at these logs:
Under the hood copied - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
pastebin.com
Thanks.
maybe this
Samsung account
us.community.samsung.com
raul6 said:
maybe this
Samsung account
us.community.samsung.com
Click to expand...
Click to collapse
I've read that thread a few times, there doesn't seem to be much of a solution. However, this post resembles my issues:
I have the same issue & have taken it to Samsung to do the oem flashing twice! Since I first powered the phone up my root folder files were timestamps "Dec 31 2008"!? & other priv app files "1st Jan 1970" this even persists across a re-flash & or factory reset! My local Samsung shop said they haven't got the expertise to offer a solution!... 3 mobile haven't returned my calls for help either! I believe I've managed to figure it out through a huge amount of research & in my case its due to a TROJAN RAT that uses the Bluetooth vulnerabilities to access & gain complete control of the phone & in my case during the initial startup sequence! Its a variety of the Trojan Agent banbra/aka "Black Moon"... it sets up SSH remote access control & it adapts very quickly to any security changes or updates, it has cloud support & i can only copy it out to shared storage to have it detected & removed as Ransomware (by Malwarebytes) but unfortunately the parent files are unaffected. It also encrypts selected files. It can even inject code & is a master manipulator of Web pages with XSS vulnerabilities & it very very infectious. Since this phone was delivered to me I've lost control of all my pc's, laptops,even Linux & my iPhones via Bluetooth or by hijacking the router. Any help would be very much appreciated!!
Due to my router and other systems being affected, running ADB is useless.
I'll pay someone to find a solution, the logs I posted can explain the issue far better than I can. Thanks again.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}