Security experts release tool to hack Android phones!

[mastermind1431]

Hey guys....

I just got to know that security experts release tool to hack Android phones!"

It wasn't difficult to build," said Nicholas Percoco, head of Spider Labs, who along with a colleague, released the tool at the Defcon hacker's conference in Las Vegas on Friday.

Check this out for more....

 

[G.Armour]

That's actually kind of scary to think someone can hack into your Android device, and you will have no idea they are there.

 

[Hrethgir]

WTF!!! They create a tool to hack Android, then go to a conference with a bunch of annonymous (and very possibly several malicious) hackers and GIVE it to them? Anyone else think this was a REALLY bad idea? Why not give it to Google first? I guess if I can go create an airbourne strain of Ebola, the best way to get the CDC to work on a cure wouldn't be to give it to them, but to release it to the general public. Yeah, that makes sense!

 

[Slick1020]

Don't get so worried. Most people hack android only to inform Google about the holes that they find.

 

[Hrethgir]

Don't get so worried. Most people hack android only to inform Google about the holes that they find.

I understand that, but to then make a tool and ditribute it to a group of annonymous hackers just seems like a really poor idea. And I'm not worried, I'm still using my iPhale 3Gs, so this doesn't affect me at the moment.

 

[mastermind1431]

Guys...
it's not to worry anyone here.. they are a kind of ethical hackers. This forum itself is to to pressure manufacturers to fix bugs...

Pls read the complete post here

 

[Hrethgir]

Guys...
it's not to worry anyone here.. they are a kind of ethical hackers. This forum itself is to to pressure manufacturers to fix bugs...

Pls read the complete post here

I did read it.

Nicholas Percoco, head of Spider Labs, who along with a colleague, released the tool at the Defcon hacker's conference in Las Vegas on Friday

The tool was released on a DVD given to conference attendees.

Attendees pay $ 140 in cash to attend and are not required to provide their names to attend the conference. Law enforcement posts under cover agents in the audience to spot criminals....

Seems that if the government is concerned enough about cybercriminals being there that they post undercover agents there, it might not be the right crowd to release a malicious hacking tool. I totally understand the "ethical hacker" thing and that it wa released to bring the problem to the forefront, but there's GOT to be a better way of doing it.

 

[darreno1]

Old news. Nothing to see here...move along.

 

[darreno1]

I understand that, but to then make a tool and ditribute it to a group of annonymous hackers just seems like a really poor idea. And I'm not worried, I'm still using my iPhale 3Gs, so this doesn't affect me at the moment.

Yeah except the newest version of IOS had a security hole big enough for a 747 to fly through. How do you think they were able to jailbreak the ifail 4 so easily? Apple was supposedly scrambling to plug it. Not sure if they did already.

 

[Alieno]

That's actually kind of scary to think someone can hack into your Android device, and you will have no idea they are there.

I wonder how this plays for the droid apps, we already saw news stories indicating that somr apps were insecure and/or logging personal data and sending it who knows were...its a scary thought to think that these kinds of loopholes exist

 

[Big D]

WTF!!! They create a tool to hack Android, then go to a conference with a bunch of annonymous (and very possibly several malicious) hackers and GIVE it to them? Anyone else think this was a REALLY bad idea? Why not give it to Google first? I guess if I can go create an airbourne strain of Ebola, the best way to get the CDC to work on a cure wouldn't be to give it to them, but to release it to the general public. Yeah, that makes sense!

They do this for recognition! I totally agree that it's probably not the best way to divulge such a serious and widespread hack, but how do you think these companies would survive if no one ever knew what they were working on?

 

[mastermind1431]

Yes, if some ethical hackers can create some tools that compromise your privacy, then the core hackers can do even better. One thing is sure that a core hacker, who consider hacking as a mean to make some extra money, will never come to such conferences by paying $140 to release their brain child to the public and to make the manufacture to fix it. They would rather improve the tool and use it to get more money out of it.

What do you say????

 

[bearsfan85]

Most of the serious hackers that are their for malicious intent wouldnt waste their time on android, most corporations still use blackberrys so if they wanted money they would go with that route, I have to agree with the earlier posts that most of them will make their money patching the hacking tool and selling it to google.

 

[tats_06]

Most of the serious hackers that are their for malicious intent wouldnt waste their time on android, most corporations still use blackberrys so if they wanted money they would go with that route, I have to agree with the earlier posts that most of them will make their money patching the hacking tool and selling it to google.

True...but android is on a high rise, so will the # of hackers and attempts...unfortunately.

 

[tom_pop]

Once someone has found a way to hack something its bound to come out in public one day anyway. If there is money to be made someone will try it. We will need spare and AntiVirus on our phones within a year I bet.

 

[Hrethgir]

Yeah except the newest version of IOS had a security hole big enough for a 747 to fly through. How do you think they were able to jailbreak the ifail 4 so easily? Apple was supposedly scrambling to plug it. Not sure if they did already.

Good thing I'm on 3.1.3 still, jailbroken with the security hole already fixed by Cydia, the unapproved-by-Apple 3rd party app store But yeah, the latest 4.0.2 update is supposed to be a fix for that security hole. But that's OK, that version is jailbroken already too.

 

[VIO]

everything has security leaks, but yeah there is a big one in android currently (unless you are running a build that fixed it).

Think about how many one click root apps there are for various devices. The fact that those exist shows just how easy it would be to secretly root a phone and then just go ahead and do ANYTHING you want on it.

O one of the exploits only needs an app to have "bluetooth settings" adjusting privileges to work. so this thing could pretend to be a BT toggle widget if it wanted to, and you would have no idea. NONE.

I am real big on rooting and what not, hell I review ROMs for the droid community, but this type of hole is not good at all. Honestly I cannot believe how foolproof this method would be.

 

[mrspeedmaster]

They do this because in the past, most of these hackers have already given the info the companies only to get the middle finger.
They then turn to the public and the companies usually then responds with a patch.

I've seen it a million times starting way back when Internet Explorer was popular.

WTF!!! They create a tool to hack Android, then go to a conference with a bunch of annonymous (and very possibly several malicious) hackers and GIVE it to them? Anyone else think this was a REALLY bad idea? Why not give it to Google first? I guess if I can go create an airbourne strain of Ebola, the best way to get the CDC to work on a cure wouldn't be to give it to them, but to release it to the general public. Yeah, that makes sense!

 

[storm14k]

They do this because in the past, most of these hackers have already given the info the companies only to get the middle finger.
They then turn to the public and the companies usually then responds with a patch.

I've seen it a million times starting way back when Internet Explorer was popular.

Pretty much...

If they don't do this Google would probably sit on the info like most other companies. Thats when you end up with someone malicious discovering it and find a Zero Day attack. Well then again I don't know if its Zero Day if they knew about it but its the same effect for the end user anyway.

 

[huxley_spark]

Went to defcon 18 and here to say, when they find a security risk, they inform the company before disclosure. don't hate hackers

 

[Weazol]

WTF!!! They create a tool to hack Android, then go to a conference with a bunch of annonymous (and very possibly several malicious) hackers and GIVE it to them? Anyone else think this was a REALLY bad idea? Why not give it to Google first? I guess if I can go create an airbourne strain of Ebola, the best way to get the CDC to work on a cure wouldn't be to give it to them, but to release it to the general public. Yeah, that makes sense!

what did you think they do at Defcon?

 

[mastermind1431]

Went to defcon 18 and here to say, when they find a security risk, they inform the company before disclosure. don't hate hackers

I personally don't hate hackers, but try to learn from them good things. We are little worried about the malicious hackers who could break into anyone's privacy...

 

[Weazol]

I personally don't hate hackers, but try to learn from them good things. We are little worried about the malicious hackers who could break into anyone's privacy...

Most of the "core" hackers as you call them would not waste their time on things like getting into your android phone...

So no reason to worry

 

[cr0wnest]

wtf? Why not create a tool to hack iphones instead? Androids have always been innocent!

 

[mastermind1431]

Most of the "core" hackers as you call them would not waste their time on things like getting into your android phone...

So no reason to worry

It's just the childhood of Android that are seeing now... there is a lot to grow... I'm sure that Google will groom this OS as ur intelligent Personal Assistant in near future.... People will relay more on Android than their PCs as they are handy and smart.... then why not looking at hackers looking at Android as well to make some extra $$??