Xiaomi's latest flagship, the Mi Note 2, and its "concept" phone, the Mi MIX are the latest devices that can call XDA their home! Head on over to the forums to interact with other users!
from xda-developers http://ift.tt/2dXgjMa
via IFTTT
mercredi 26 octobre 2016
XDA Forums Live for the Xiaomi Mi Note 2 and Xiaomi Mi MIX
from xda-developers http://ift.tt/2dXgjMa
via IFTTT
9 Year Old Linux Kernel bug dubbed ‘Dirty Cow’ can Root every version of Android
Despite the fact that tens of thousands of users actively pore over the Linux kernel source code actively looking for security flaws, it's not unheard of for serious bugs to go unnoticed. After all, though the chances of missing something incredibly serious are lowered by having more eyes auditing the code, we're all still human and are bound to make a mistake. The mistake this time seems to be quite serious, unfortunately. A privilege-escalation exploit was recently discovered last week, and although it has already been patched in the mainline Linux kernel, the bug could potentially be exploited on nearly every Android phone on the market until each device receives the appropriate kernel patch.
Enter Dirty Cow
The privilege-escalation bug is known colloquially as the Dirty Cow exploit, though it is cataloged in the Linux kernel's bug tracker system as CVE-2016-5195. Though only discovered last week, the bug has existed within the Linux kernel's code for 9 years. Furthermore, the exploitable code is found in a section of the Linux kernel that is shipped on virtually every modern operating system built on top of the Linux kernel – that includes Android, by the way. What's worse is that the researchers who uncovered the exploit have found evidence that the exploit is being used maliciously in the real-world, so they are advising any and all vendors shipping software built on the Linux kernel to immediately patch the exploit.
Dirty Cow is itself not an exploit, but rather a vulnerability. However, this vulnerability allows for escalating the privilege of a user space process, granting it super user privileges. By exploiting this vulnerability, a malicious user space process can have unfettered root access on a victim's device. In more technical terms, the bug involves a race condition of the Linux memory duplication technique known as copy on write. By exploiting this race condition, users can gain write-access to memory mappings that are normally set to read-only. More details of the vulnerability can be gleaned from here, here, and here.
The security vulnerability is said to be rather trivial to exploit, and indeed within mere days of the vulnerability being made public a proof-of-concept privilege-escalation exploit has been demonstrated for all Android devices. Any Android device running a Linux kernel version greater than 2.6.22 (read: every single Android distribution in existence) can potentially fall victim to this proof-of-concept exploit. Though the proof-of-concept exploit does not actually attain root access, attacking the system using this vulnerability makes that quite simple. In an e-mail sent to ArsTechnica, Phil Oester, a Linux kernel developer who is cataloging known real-world exploits of Dirty Cow on his website had this to say about the bug:
Any user can become root in < 5 seconds in my testing, very reliably. Scary stuff.
The vulnerability is easiest exploited with local access to a system such as shell accounts. Less trivially, any web server/application vulnerability which allows the attacker to upload a file to the impacted system and execute it also works.
The particular exploit which was uploaded to my system was compiled with GCC 4.8.5 released 20150623, though this should not imply that the vulnerability was not available earlier than that date given its longevity. As to who is being targeted, anyone running Linux on a web facing server is vulnerable.
For the past few years, I have been capturing all inbound traffic to my webservers for forensic analysis. This practice has proved invaluable on numerous occasions, and I would recommend it to all admins. In this case, I was able to extract the uploaded binary from those captures to analyze its behavior, and escalate to the appropriate Linux kernel maintainers.
After further work by developers on demonstrating the effectiveness of exploiting Dirty Cow on Android, one developer was able to successfully root his HTC device within seconds by exploiting the vulnerability. We at XDA generally welcome the ability for users to acquire root access, but we do not celebrate the existence of root exploits such as this, especially one which is so widespread and potentially incredibly dangerous to end users. To give you an idea of how dangerous Dirty Cow can be in the wild, YouTuber Computerphile put together a quick video demonstrating the potential malicious attack vectors that hackers can use to quietly attain root access on your device.
Source: ArsTechnica [1]
from xda-developers http://ift.tt/2dKT7xv
via IFTTT
The XDA Crew at the Big Android BBQ
Have you ever wondered who is behind the XDA-Developers website? Here are some of the people that work to create great content for the community and keep everything running smoothly. Check out this video to see all the XDA people that attended the BBQ.
There were a few awesome booths this year at the Big Android BBQ. We took a tour of the event and checked out some of the best booths.
We had a lot of fun at the Big Android BBQ which was made possible by our sponsor UMi. Their latest phone, the UMi plus, has 4GB RAM, a 4,000mAh battery, and stock Android for $149. Click here to check it out!
umidigi.com
from xda-developers http://ift.tt/2dWzaaa
via IFTTT
Samsung Pay to Launch in 3 New Countries, New Features Coming
Samsung Pay was able to jump ahead of the other mobile payment services in part because Samsung acquired LoopPay back in February of last year. They ended up announcing Samsung Pay the very next month, but the service wasn't launched until August. Samsung Pay was first introduced in both the United States as well as South Korea and Samsung has been working hard to get it widely adopted ever since.
The company has had an advantage over other mobile payment services because of the technology it uses. Instead of requiring the payment terminal to be upgraded for contactless payments, Samsung Pay will actually work with payment systems that only support magnetic stripes. Samsung is able to do this by transmitting the credit card data to the terminal's swipe slot using an an electromagnetic field.
Samsung has just announced that Samsung Pay will be launching in Malaysia, Russia and Thailand by the end of the year. This brings the total number of countries that Samsung Pay is available in up to 10. Similarly to the announcement that Google recently made with Android Pay, Samsung Pay has also partnered up with MasterCard to offer a simplified and fast online payment and checkout option.
In this latest announcement, Samsung also talked about three new features that will be coming to their mobile payment service in the near future. Starting in November, users of Samsung Pay will be able to find deals from retail locations that are close to them. Another feature coming in November is the ability to use Samsung Pay for in-app payments thanks to a partnership with select merchants. Samsung say this feature is coming to Velocity, Raise, Fancy, Hello Vino, Wish, Touch of Modern and promises that more will be coming too.
With the company's latest financial partners (Capital One and USAA), Samsung Pay now supports over 500 banks and credit unions that represent over 85% of the debit and credit card market in the United States.
from xda-developers http://ift.tt/2eGhw8Z
via IFTTT
HTC’s Q3 Financial Results Reveal $57 Million Loss
Since the glory days of the HTC Evo 4G, HTC has failed to make significant waves with most of their smartphone products. Even the much venerated HTC One was unable to dethrone its Samsung flagship counterpart. Continuing on that downward trend, it seems HTC is still struggling to recover from the financial issues they've been having all year. HTC has been able to slow down their continual revenue loss each quarter, but their efforts haven't been enough to actually bring a net profit to the company. Although, HTC fans and investors can still point to the fact that there is a slight upward trend in revenue each quarter when they discuss how the company is improving the business.
For the third quarter of 2016, HTC was able to bring in $700 million in overall revenue. This is good news for the company because the earnings are actually up 18% when compared to the second quarter of this year. The overall revenue for HTC in the third quarter of 2016 is also up by 4% when compared to the third quarter last year. HTC attributes this short-term success due to how well the company did in September when revenue was up 42% compared to August, and up 31% compared to last September.
Unfortunately, HTC was still unable to bring in any profits for the quarter. It's unclear exactly where all of the money is distributed, but it's possible they are investing in future technology, future designs, or simply pumping it into the company's marketing budget. We have been hearing rumors about the HTC Ocean series of phones and how HTC is attempting to innovate when it comes to how we interact with our smartphones, so it's possible that they are betting big on some unannounced project.
Still, for the third quarter of this year, HTC actually lost $63 million, which adjusts to be $57 million post-taxes. This is much better performance than we have seen from HTC in the past, but there still isn't any profit to be found. The company will either need to bring down costs somewhere, or they will need a new product that boosts sales to finally be able to take them out of the red.
from xda-developers http://ift.tt/2dWu65T
via IFTTT
Bootloader Unlock Achieved on Verizon-based Google Pixel
Back when the Google Pixel duo were still in the leak stages, there were reports that the Verizon based Pixel devices would come with their bootloaders locked, and with no way to officially unlock them in a straightforward manner. This created an important distinction between the carrier-unlocked Pixel as it was sold directly from Google, and the carrier-locked Pixel sold from Verizon, despite having virtually no differences in hardware.
In case you bought the Pixel from Verizon despite their past history with locked bootloaders, here is a bit of good news. The Firewater dev team has announced that they have managed to unlock the bootloader on the Verizon variant of the Google Pixel.
Before you jump on and celebrate, do keep in mind that the dev team, known famously for their SunShine unlocks and S-Off solutions for HTC devices, has not yet released the unlock for the device. There is a "maybe" attached to their announcement, indicating that there is a possibility that this does not get released for the public at large.
There could be a few reasons why one would prefer buying the device from Verizon rather than from Google. One of the main draws for people often is the trade-in value that they receive when they hand in over their older devices, which can be as high as $200. This removes the hassle of selling a device which otherwise would not command such a high value in the second-hand market. The other reason often is staggered payment plans, but since Google is also offering the same with the Pixels in the USA, this does not stand as strongly.
The Pixel devices on Verizon do come with bloatware, but the bloatware can be disabled and uninstalled. Early reports mentioned that the Verizon based devices would have their updates routed through Verizon, though it was later clarified that both the Verizon and non-Verizon Pixels would receive updates at the same time. The locked bootloader still remains a valid concern for XDA readers, that is until the devs release their unlock solutions.
The reasons to not buy the Google Pixel from Verizon continue to shrink down. Still, I would personally avoid Verizon, just out of principle.
What are your thoughts on this development? Did you purchase your Pixel from Google, or from Verizon? Let us know in the comments below!
Source: Twitter: Firewater Devs
from xda-developers http://ift.tt/2ff7b7E
via IFTTT
mardi 25 octobre 2016
Join XDA at Droidcon UK & London Hack Weekend!
The largest Android developer conference in Europe is once again almost upon us as Droidcon UK returns to the Business Design Centre in London and XDA is sponsoring the conference. The event is a great opportunity to meet some of the biggest names in the industry, listen to some inspiring talks, enter to win loads of prizes and ask any questions you may have for the XDA staff, this year we will also be joined at the booth by staff from Honor. Attending the event for XDA this year are:
The event will be a lot of fun as always and with some great prizes up for grabs including Nextbit Robins and Aukey accessories be sure to drop by the XDA booth between talks. You can find the full programme here and just a few of the talks here:
Keynote: VR and AR – Technologies 40,000 years in the making
"Virtual and Augmented reality are at once both sparkly brand new, and descendants of humanity's most ancient arts. Google's Chief Game Designer will bring some perspective to the origins of these technologies, why they matter to us in terms of evolution and storytelling, and give an overview of how Google is now supporting them with tech like Android N, Tango, Daydream, and Spotlight Stories."
Android Application Security, The Right Way
"In this talk you will discover the typical attack surfaces of an Android application. We cover the importance of code protection, implementing secure coding practices, strong crypto implementations, executing in a secure environment and hardening network communications. You will walk away with best practices and common pitfalls to create secure applications."
Optimising apps built for the next billion users
"More users are unable to make it through the day on one full charge on their device and have to rely on their battery packs. Battery consumption, which is a side effect of sub optimal usage of resources, is quickly becoming one of the main reasons why applications are being uninstalled by users.
In developing nations where the next billions user are, things like network conditions and types of devices available are quite different when compared to developed nations. One has to factor in aggressive optimisation techniques to ensure that consumption of resources is kept low."
Building a framework with Clean Architecture
"The complexity of many Android apps are already surpassing that which was previously only the domain of desktop and enterprise software. Gone are the days of the simple app which just acts as a thin layer on top of your backend (well for us it is at least). We've grown to expect features such as offline support where in some cases complex business logic must be handled client side. It's become clear that you need architectures to match this complexity. While there have been many attempts to solve this challenge, over the last couple of years, the concept of Clean Architecture has gotten more and more attention in the Android developer community."
Droidcon London Hack Weekend
But the fun doesn't end there! Even after the talks have ended there is still plenty to get involved with as the Droidcon London Hack Weekend begins. Running from Friday 28th till Sunday 30th at CodeNode, the annual Android hackathon gives you a chance to take part in team challenges for some great prizes, while getting the chance to try out the latest tech and learn a thing or two. Entry is free, all you have to do is register here.
Are you attending Droidcon UK this year? Leave a comment below!
from xda-developers http://ift.tt/2e8U9V6
via IFTTT
Inscription à :
Articles (Atom)