Friday, November 15, 2019
Get Adobe Flash player

(WIRED) — From the results of the Pwn2Own hacking competition, it looks like Android and Windows Phone 7 are tough nuts to crack.

It took only two days for hackers to crack into the Apple and Blackberry operating systems during the three-day Pwn2Own tournament last week, while Android and Windows Phone 7 models were abandoned and left unhacked by the end of the contest.

Is this because their operating systems are more secure? Yes and no.

“The survival of a target at Pwn2Own does not automatically declare it safer than a target that went down,” last year’s Internet Explorer Pwn2Own winner Peter Vreugdenhil cautions. The contestants who were lined up to beat the Android and WP7 devices in the competition withdrew for a variety of reasons.

Pwn2Own, now in its fifth year, is a hacking competition divided into two areas: web browsers and mobile phones.

This year, Microsoft Internet Explorer 8, Apple Safari 5.0.3, Mozilla Firefox, and Google Chrome were the web-browser targets. In the mobile phone category, the Dell Venue Pro (Windows Phone 7), Apple iPhone 4 (iOS), BlackBerry Torch 9800 (Blackberry 6) and Nexus S (Android) were targeted.

The OS and browser versions were frozen last week (so for example, Apple’s Safari 5.0.4 update was not used), ensuring that all contestants are working on the same version of each OS.

Pwning and owning occurs if the hacker defeats the frozen version. If the exploit they used still exists in the current firmware, they are also eligible to receive a monetary prize. The 2011 Pwn2Own competition ran March 9 to 11.

Vreugdenhil says many different factors determine how hard a target is to hack. There’s the safety of the software itself, the exploit mitigations that are already in place for that software, and then the amount of research that has already been conducted (which can speed up the process of writing an actual exploit).

Firefox and Chrome web browsers were also left undefeated because contestants withdrew from Pwn2Own.

“Chrome has the advantages of having multiple exploit-mitigation techniques that certainly make it more difficult to hack. As for Android, we see no particular reason why Android would be harder to hack than one of the other targets.”

Safari, Chrome, iPhone, Android and Blackberry all use WebKit in their browsers, which means that they are all susceptible to exploitation through the browser — and that’s exactly how the iPhone and Blackberry were attacked.

Charlie Miller, a Pwn2Own veteran, worked with Dion Blazakis to hack the iPhone 4 in this year’s competition using a flaw in its Mobile Safari Web browser and a “specially-crafted webpage.” A team of 3 (Vincenzo Iozzo, Willem Pinckaers, and Ralf Philipp Weinmenn) defeated the BlackBerry Torch using a similar technique.

So what did the contest’s organizers think of the outcome of 2011’s Pwn2Own?

Vreugdenhil and other organizers were not surprised that the iPhone went down quickly. It has been a major target and a lot of research has already been done on that platform.

Android’s survival was a bit of a surprise, since it is also a big target and had four contestants lined up.

Although no device is unhackable, some factors contribute to a safer product. For those that are out to find the safest phone on the market, Vreugdenhil says you’ll want to compare features such as DEP (Data Execution Prevention), ASLR (address space layout randomization), Sandboxing, code signing and the ease with which software can be updated on the device.

Google pulls 21 apps in Android malware scare

Posted by arnon_k On March - 3 - 2011 ADD COMMENTS

(Mashable) — Google has just pulled 21 popular free apps from the Android Market. According to the company, the apps are malware aimed at getting root access to the user’s device, gathering a wide range of available data, and downloading more code to it without the user’s knowledge.

Although Google has swiftly removed the apps after being notified (by the ever-vigilant “Android Police” bloggers), the apps in question have already been downloaded by at least 50,000 Android users.

The apps are particularly insidious because they look just like knockoff versions of already popular apps. For example, there’s an app called simply “Chess.” The user would download what he’d assume to be a chess game, only to be presented with a very different sort of app.

These apps are all pirated versions of popular games and utilities — an expeditious solution for busy hackers.

Once downloaded, the apps root the user’s device using a method like rageagainstthecage, then use an Android executable file (APK) to nab user and device data, such as your mobile provider and user ID. Finally, the app acts as a wide-open backdoor for your device to quietly download more malicious code.

Below is a partial list of the bad apps, all of which were made by an entity called Myournet.

If you’ve downloaded one of these apps, it might be best to take your device to your carrier and exchange it for a new one, since you can’t be sure that your device and user information is truly secure.

Considering how much we do on our phones — shopping and mobile banking included — it’s better to take precautions.

Falling Down

Super Guitar Solo

Super History Eraser

Photo Editor

Super Ringtone Maker

Super Sex Positions

Hot Sexy Videos


Hilton Sex Sound

Screaming Sexy Japanese Girls

Falling Ball Dodge

Scientific Calculator

Dice Roller

Advanced Currency Converter

APP Uninstaller

Funny Paint

Spider Man

Remember, the Android Market is open, which can be great and unfortunate in different circumstances. Always read user reviews before you download; and if you have any doubts, play it safe.

Android users wait and wait for OS updates

Posted by arnon_k On February - 28 - 2011 ADD COMMENTS

Editor’s note: Amy Gahran writes about mobile tech for She is a San Francisco Bay Area writer and media consultant whose blog,, explores how people communicate in the online age.

(CNN) — Samsung’s popular Galaxy S series of Android smartphones has been available on the four major U.S. wireless carriers for nearly a year.

While many users like these phones, there have been widespread complaints about lagging operating system updates.

As of February 24, many owners of the Samsung Captivate on AT&T are finally able to update their phones to the 2.2 version of Android, called “Froyo,” which still isn’t the latest Android OS available.

Additionally, Captivate owners who use a Mac rather than a Windows computer have not been able to update their phones. That’s because this operating system update is not being delivered wirelessly by AT&T. Rather, users only install it by using a USB cable to connect their phones to a computer running Samsung’s Kies Mini software — which only works on PCs.

Captivate owners who have PCs and have been able to get this update seem pleased judging by their tweets. I’ve seen few reports of update problems, and they’re enjoying the improved speed and functionality of their phones.

Understandably, most Mac-owning Captivate owners aren’t too pleased with the situation.

In January, PC Magazine reported: “A user revolt is starting among the tech blogs and on Twitter about Samsung’s absolutely shameful lack of communication on updating its U.S. Galaxy S phones.” Since then, T-Mobile released a Froyo update for its Galaxy phone, the Vibrant.

Meanwhile, this week Sprint started releasing — and then Thursday abruptly halted — Froyo updates for its Galaxy S phone, the Epic 4G. According to Boy Genius Report, owners of phones that received the update have been reporting problems related to data connectivity, as well as SD card problems when attempting to access photos or music.

And owners of the Verizon Fascinate are still awaiting any word of their Froyo update.

All of this underscores a key point about choosing a smartphone: Before you commit to a device — and especially if you’re signing a two-year carrier contract with it — check which version of the operating system it’s running.

If the phone you want isn’t yet shipping with the latest OS, you might want to consider other phones that have the latest OS. Or at least wait, when possible, until the model you desire starts shipping with the latest OS.

For instance, the 2.3 version of Android, Gingerbread, was released last December. So far it’s only available on the Nexus S.

In December, Android Central published their predictions about which devices might get Gingerbread updates sooner rather than later — but that’s still all guesswork and rumors at this point. So if you’re currently considering buying an Android phone, it might be a good idea to wait under phones with Gingerbread are actually shipping.

It’s rather frustrating to pay $200 or more for a phone, plus $100 or more per month for service, only to find that — despite promises from the manufacturer and wireless carrier of speedy updates — nearly a year later you’re still waiting for your phone to catch up with current technology.

Meanwhile, you might start to see your phone’s performance degrade because it’s not keeping pace with the rest of the mobile ecosystem.

Right now this is mostly a concern for Android, Windows Mobile, and Symbian phones. iPhones, iPads, and BlackBerries are comparatively monolithic distribution environments for OS updates, since they each only involve a single manufacturer. Where multiple manufacturers and carriers are involved, the OS update picture gets much more complex. And so far, Samsung is not establishing a great update track record for its Android devices.

The opinions expressed in this post are solely those of Amy Gahran.

Sony chose Android, should Nintendo take iOS?

Posted by arnon_k On February - 18 - 2011 ADD COMMENTS

For now, the dust has settled following Sony’s back-to-back announcements, starting with the NGP and now this past weekend’s Sony Ericsson Xperia Play unveiling. Regardless of how one might feel about the position Sony is attempting to secure in the portable gaming market, there are more ramifications that may not be present on the surface.

Portable gaming is no longer a two-console market. Five years ago it seemed Nintendo and Sony would battle to the death with the DS and PSP. Now, in a portable gaming market that has expanded to the world of “waiting room” casual games, the iOS and Android platforms have proven themselves worthy of bringing legitimate competition. Categorize these mobile OSes how you will, but they are directly affecting the sales of gaming-focused devices.

In an effort to bring some sort of familiar gaming experience to the core gamers who might be sick of sliding and tapping their way to victory, Sony felt the need to develop the first-ever PlayStation Certified mobile smartphone in the form of the Sony Ericsson Xperia Play–a device running Android 2.3. Though it may seem like a trivial detail of just another OS on a mobile device, Sony has chosen Google and Android as an ally in what’s becoming a serious portable gaming turf war.

Out of the gate Apple may not be feeling the pressure, but one would imagine the lines of communication between it and the world’s most successful portable console manufacturer might be opening up.

Try to imagine for a second all the glory that playing the entire library of NES games on a smartphone would provide. We’re pretty sure Nintendo isn’t entering the mobile phone market anytime soon, so if the company wanted to print more money by offering its vault up for bid, right about now seems to be the time to get that ball rolling.

But alas, Nintendo is a company that operates in mysterious ways. With the upcoming release of the 3DS we’d imagine the company has its hands full, but we’d be surprised if it didn’t have some sort of an answer to the competition’s recent venture. Shortcomings aside, when the Xperia Play does release this spring, Nintendo will then have a gaping hole in its arsenal.

A Nintendo partnership with Apple doesn’t seem very practical, though, which is almost certainly why Sony chose Android. Think about it. Microsoft, an obvious competitor, wasn’t an option and there was no way Apple would add buttons to its device just for Sony’s sake. That said, we sure are paying closer attention to the budding Apple rumors that are starting to suggest some sort of slide-out functionality for an iPhone. Surely it’s crossed the minds of Apple execs to make that slide-out an actual game pad, right?

It may not be this year, but soon there will come a time when a consumer asks, “How long will I have to carry around both a phone and a gaming system?”

What do you think is Nintendo’s next move? Try and strike a deal with Apple or head to Android? Of course if Apple does in fact have an iPhone with gaming buttons up its sleeve, neither Nintendo nor Sony will have a choice in the matter anyway.

Read more: