Android and Me » rooted

Google Wallet vulnerability easily reveals user’s PIN on devices that are rooted

Nick Gray — Thu, 09 Feb 2012 14:42:03 +0000

Google Wallet has been hacked! Wallet Cracker, an application developed by Zvelo, is able to use brute-force attacks to reveal the Google Wallet PIN number which keeps the application secure. While this vulnerability is as serious as they come, it only affects Android handsets which have been rooted.

As soon as the vulnerability was discovered, Zvelo released its findings to the Google Wallet team who “agreed to work quickly to resolve it.” We do not know when Google Wallet will be updated to fix the PIN vulnerability, but we suggest you take some additional precautions to make sure your handset is secure just in case it falls into the wrong hands. Those of us who have been victims of credit card fraud know how quickly things can spiral out of control.

Google issued a response to The Next Web that said they are aware of the issue. We don’t know if Google is working on a fix yet, but suggested that users not install Google Wallet on rooted devices.

The zvelo study was conducted on their own phone on which they disabled the security mechanisms that protect Google Wallet by rooting the device. To date, there is no known vulnerability that enables someone to take a consumer phone and gain root access while preserving any Wallet information such as the PIN.

We strongly encourage people to not install Google Wallet on rooted devices and to always set up a screen lock as an additional layer of security for their phone.Google

How many of you are currently using Google Wallet on a rooted device?

Stop Celebrating: HTC’s unknown Bootloader policy [OPINION]

Russell Holly — Tue, 31 May 2011 13:27:33 +0000

For the Android modder community, it’s been an emotional couple of weeks. When the HTC Sensation and the HTC Evo3D were announced, there was a great deal of excitement. Each of these devices have a fantastic look and feel to them, and they come with some of the first dual core Snapdragon processors from Qualcomm. Combined with the latest version of HTC’s SenseUI, which is a tremendous improvement over what was already hailed as one of the best Android UI’s, these devices were gaining popularity at an alarming rate.

That is, of course, until it was revealed that these devices would come equipped with HTC’s shiny new cryptographic signature based bootloader. Anger filled the social networks of the world, followed by plans of mass exodus. The Cyanogenmod developer team announced that they had no plans to work with devices locked down in such a way, and even began recommending users switch to LG Android devices. Nearly a week later, HTC’s Facebook page assured the masses that they were “reviewing” their bootloader policy.

Within hours, the internet had mobilized in the form of Facebook comments, thousands of tweets, and petitions all across the web in the hopes that HTC would reconsider. Then, late Thursday night, something that smells oddly like success happened; HTC’s Facebook page had announced, in the form of a message from the CEO of HTC, that they will “no longer be locking the bootloaders on our devices.” As quickly as the internet turned to rage, it turned to sheer rapturous joy. Over 7,700 “likes” on the facebook page, and tens of thousands of tweets and Facebook comments cheering and celebrating this decision were, and still are, being spread across the social universe. Only, what exactly are we all celebrating?

For all intents and purposes, it seems pretty likely that HTC pulled the wool over our eyes, and we not only accepted it, but proceeded to thank them! As a lover of HTC products myself, I’m aware that these seem like harsh sentiments. They come, however, at the disturbing realization that a vast majority have no idea what has actually happened, and more importantly what has been happening to bring us to this point. HTC announced that they would no longer be locking their bootloaders, right? Let’s take a look at what this actually is.

For starters, it is important to point out that prior to the implementation of cryptographic signatures, HTC’s devices were not fully open. Every HTC Android device, with the exception of the Nexus One, has had some form of software protection on the device to stop users from unlocking the bootloader. An exploit of some kind was discovered on each of the devices in order to achieve “unlocked” status, and the task has been increasingly difficult to accomplish. When an HTC device gets in the hands of a hacker, particularly an XDA-developers.com hacker, the long process towards breaking these devices becomes their life. Some devices devouring the man with hours worth of attempts, re-attempts, and eventual success, all by volunteers in their free time. This has never really been an easy process, though at times it does seem that way on the outside, especially when devices are unlocked so soon after their release to market.

With this knowledge, I can’t help but ask what HTC actually MEANS by an unlocked bootloader. The only one they’ve ever released that was not specifically a developer phone has been the Nexus One, through a very simple “fastboot oem unlock” command from a computer with the Android Software Development Kit. Will HTC deploy this strategy to all of their new phones, or will they simply resort back to the less difficult previous methods? At this time, HTC has not been willing to comment, but it’s clear that I’m not the only one questioning the definition. Earlier today Verizon Wireless’ twitter account released a statement that unlocked devices “would not be activated on Verizon Wireless”. Before the online rage had reached a fever pitch, Verizon had retracted the statement via Twitter and apologized for the confusion. We may never know wheat went on behind the scenes there, but it shows that even HTC’s partners don’t know what’s going on here.

So, what of existing devices? Once we are offered some sort of definition, will this be applied to existing devices? The hacker community got lucky with the Thunderbolt when an Engineering ROM showed up with everything they needed to skate by, but shouldn’t HTC release something that would allow existing users to legitimately unlock their devices? Or, will they take a que from Motorola, and release their existing batch of devices as planned, and promise to unlock the future ones? For all intents and purposes, the Sensation is finished, fully baked and ready to go. PR reps are already getting review devices sent to them. Will HTC unlock these? There’s no information, only a Facebook post full of wishes. Hopefully HTC makes “the right decision” in this case.

When PC Magazine’s Sascha Seagan commented that “99% of users probably didn’t even know what a bootloader was” I decided to take a look and see exactly who cared about this. When asked, the creator of Rom Manager, a popular piece of software used to managed ROM’s and manipulate the bootloader, noted that he had just above 600,000 active installations of his app. Now, for the sake of argument, and since there’s no other way to track this data, lets assume that for every person who is actively using Rom Manager, there is another person who is either unlocking their bootloader manually, or using some other service. Compare that (speculated) 1.2 million to Google’s recent announcement of 450,000 activations a day and over 100 million total activations of Android, Sascha was pretty darn close.

In the end, we’ve been given very little to go on. HTC’s vague yet hope inspiring statement was a nice gesture, but to have only made the statement on Facebook, and not have followed it up by now with either details or allowed their reps to comment makes me incredibly suspicious that they don’t have an ACTUAL plan yet. With devices like the Sensation and the Evo 3D right around the corner, this statement is sure to boost morale and increase sales, but then they need to actually deliver something. It will already be pretty rough if/when the Sensation gets into the hands of hackers and they find the cryptographic signature still in place. It will be even worse if HTC decides that those devices weren’t included in their statement. We’ve been shown what is essentially an empty bag and been assured it’s full of pixie dust, and that may hurt HTC even worse in the end.

Interview with Android Hacker JesusFreke

Admin — Mon, 16 Feb 2009 16:20:44 +0000

When T-Mobile first released the HTC G1, many of the early adopters were Linux users and fans of open source. One of the most sought after features for Android, was the ability to gain root access to the G1. After root access was gained, users began creating their own custom builds of the Android operating system and even replaced the system bootloader. The most popular custom build, and the one I have flashed on my G1, was released by JesusFreke. Since his first release months ago, JesusFreke has continued to push out new builds each time an official update is sent out from Google.

We were lucky enough to sit down with JF for a few minutes and get his thoughts on Android and the future of his releases. If you are interested in learning more about “rooting” your phone, read to the end of the article where I include the appropriate links. Root access is suggested for advanced users only. You can break your phone if you do not know what you are doing.

Task Manager for Root Users

Android and Me: What are your thoughts on Android as a mobile platform?

JesusFreke: I really like that it is open source. I would say that was the #1 reason that I bought the phone. It’s unfortunate that we can’t currently build from source an equivalent build to the officially released ones, but it sounds like it will get to that point eventually. I really hope they make it so that we can at least run the Google apps on our own custom builds. I think a *lot* more people would be running a custom build if we could.

AAM: What inspired you to release your own builds for Google Android? Do you have a history of hacking phones or releases for other platforms?

JF: It was mostly a case of being in the right place at the right time, with the right knowledge. I had pre-ordered my G1 so I was one of the first people to get one. At first, we didn’t know about the infamous “root bug” of course, so once I had got my phone, I was bummed that I didn’t have root access. I spent some time looking around in the source, trying to find some way to get root. One of the areas that I had investigated heavily was the recovery image, so I had become familiar with it. A week or two later, the root bug was found and everyone was happy that they could get root on their phone. Then the dreaded RC30 came out which fixed the root bug. Since I was already familiar with the recovery image and how the updates worked, I was ready to dissect the RC30 update and create a new one with root access re-enabled. Shortly after my first “root-enabled” RC30 update, I released another version with a few more modifications and features.. and I just kept going from there.

I don’t have any experience with other mobile platforms. The G1/Android is my first “smart” phone, and the first phone/mobile community that I’ve been an active member of.

AAM: How would you rate Google’s relations with open source developers in respect to Android?

JF: I think it’s awesome that you can connect to #Android on freenode and talk to some of the very same developers that work on Android. Not to mention all the Android related google groups. There are certainly still some rough spots to be sanded out with their support for open source (can’t use google apps on builds from source), but I definitely feel that they are headed in the right direction in this area.

Superuser Whitelist

AAM: Can you share with us what you do when you are not are not writing code?

JF: I have some unusual hobbies. I enjoy unicycling, slacklining, playing the didgeridoo and playing various types of percussion – my current focus is on the Indian tabla. I also enjoy reading, mostly fantasy and science fiction books, and listening to various forms of world music (among other things).

AAM: Over 100k users have visited the forums where your Android releases were first posted. Do you have any idea how many people have downloaded and are running your work?

JF: Based on the downloads on the various mirrors that I release my firmware on, my best guesstimate is around 5k people.

AAM: I have seen quite a few users send you donations in appreciation for your work. Has this altered the amount of time you spend on your releases?

JF: Yeah, I’ve received a fair amount of donations, and I’m very appreciative to those who choose to donate. It does not affect the amount of time I spend though. This is a “fun” hobby project for me. I do it because I enjoy doing it, and the amount of time I put into it reflects that. For me, that usually means periods of very intense activity, followed by breaks of low activity as I recover.

AAM: Multi-touch is one of the features that got a lot of people interested in rooting their phones. Will you continue to add new functionality to the G1 when possible?

JF: Yes, I will continue to add functionality where it’s possible. Currently we are limited to what types of functionality we can add, because we can’t rebuild some of the components from source. Or rather, we can’t build them in a way that is compatible with the official releases. The multi-touch stuff was mostly done by lukehutch. He, ryebrye and zinx found a way to implement the underlying multi-touch support with changes just in the kernel, which is one of the components that we *can* rebuild from source. They also made changes in the Browser application to use the new multi-touch support.

Terminal Emulator on Android

AAM: Do you have any future plans for your releases you can share with us? Will we be seeing an auto-updater in the next major release?

JF: I don’t plan to include an auto-updater in my build, but there is one that is being developed that users will be able to install from the market. In general, I don’t include Android applications in my builds, at least not ones that can be installed seperately, because I think it’s better to give the user the choice to install it or not. Additionally, when I include an application in the firmware, it makes it harder to upgrade or uninstall it. Finally, space in /system is at a premium, so it’s better to have applications like that installed normally, so they are stored in /data on the phone, rather than /system.

The 2 exceptions are the Superuser application, because it provides a more secure way to get root access on the phone, and the Terminal Emulator application, which I consider an “essential” application.

I would definitely like to add the ability to restore backups directly from recovery mode, instead of having to use fastboot to do the restore. Other than that, I only have a few minor changes currently planned, but nothing too major.

If you would like to follow the progress of JesusFreke and his releases please check out his blog. If you are interested in rooting and flashing your phone, head over to the XDA-developers forum. Please share your experiences and questions with rooting in the comments.

Animated Boot Screen for G1 Android

Admin — Thu, 12 Feb 2009 03:20:19 +0000

This is the first time I have seen someone do animated boot screens. I enjoyed the glowing red eyes and I thought I would share it. Directions for installing on your rooted G1 can be found here. I installed it on my G1 and it looks nicer than the video.