PPCGeeks Forums HTC Arrive HTC HD2 HTC Thunderbolt HTC Touch Pro 2 HTC Evo 4G HTC Evo 3D Samsung Galaxy S II Motorola Droid X Apple iPhone Blackberry
Go Back   PPCGeeks > Android > Android HTC Devices > HTC Evo 4G
Register Community Search

Notices


Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 06-03-2010, 10:13 PM
redd214's Avatar
Back
Offline
Pocket PC: Droid X
Carrier: VZW
Location: _
 
Join Date: Nov 2008
Posts: 2,717
Reputation: 6395
redd214 is a trusted member of the communityredd214 is a trusted member of the communityredd214 is a trusted member of the communityredd214 is a trusted member of the communityredd214 is a trusted member of the communityredd214 is a trusted member of the communityredd214 is a trusted member of the communityredd214 is a trusted member of the communityredd214 is a trusted member of the communityredd214 is a trusted member of the communityredd214 is a trusted member of the community
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
MUST READ!! Hackers urge all EVO 4G owners to root device citing security flaws!

i dont know how much weight this holds but ummm, uh oh....dont shoot the messenger

Nice Hardware, Horrible Sprint Software

From Matt Mastracci - one of the guys from the unrEVOked project:

....It turns out that this is a really, really bad thing for users. The Sprint customizations of Android are so bad that an Android application could get access to all of your data with very little work. It’s so bad that I would not recommend purchasing the Sprint EVO or Hero.....

BGR Article

Remember how jubilant we all were the first time the EVO 4G was successfully rooted? We’ll we’re not smiling anymore. According to Matt Mastracci, one of the men responsible for the first successful root, customizations made to the UI at the request of Sprint have made the phone an easy target to a “whole suite of vulnerabilities” which “are so bad that an Android application could get access to [a user's personal] data with very little work.” As a temporary workaround, Mastracci suggests that EVO 4G owners root their device and is planning to release on Friday a “painless root” too dubbed unrevoked. Mastracci also said that if “Sprint gave users root access to their phone, he and the two hackers he is working with would “be sending these vulnerabilities straight to Sprint.” But until Sprint abandons its “anti-user approach”, Mastracci said he and his team would “hold the exploits close to our chest.”

Last edited by redd214; 06-03-2010 at 10:57 PM.
Reply With Quote
This post has been thanked 4 times.
  #2 (permalink)  
Old 06-03-2010, 11:22 PM
TeamMike's Avatar
PPCGeeks Regular
Offline
Pocket PC: Mogul -> TP -> EVO
Carrier: Sprint
Location: VA 757
 
Join Date: Nov 2007
Posts: 54
Reputation: 10
TeamMike is a n00b
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Re: MUST READ!! Hackers urge all EVO 4G owners to root device citing security flaws!

huh? i dont understand... laymens terms please...
Reply With Quote
  #3 (permalink)  
Old 06-03-2010, 11:35 PM
nate.spangler's Avatar
Halfway to VIP Status
Offline
Pocket PC: EVO
Carrier: sprint
Location: Michigander
 
Join Date: Apr 2008
Posts: 520
Reputation: 1040
nate.spangler is halfway to VIP status based on repnate.spangler is halfway to VIP status based on repnate.spangler is halfway to VIP status based on repnate.spangler is halfway to VIP status based on repnate.spangler is halfway to VIP status based on repnate.spangler is halfway to VIP status based on repnate.spangler is halfway to VIP status based on repnate.spangler is halfway to VIP status based on rep
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Re: MUST READ!! Hackers urge all EVO 4G owners to root device citing security flaws!

so will rooting by itself help/fix the security flaws or is there more that we need to do??
Reply With Quote
  #4 (permalink)  
Old 06-03-2010, 11:37 PM
Stunna4life888's Avatar
PPCGeeks Regular
Offline
Pocket PC: HTC Touch Pro
Carrier: Sprint
Location: North Carolina
 
Join Date: Mar 2009
Posts: 77
Reputation: 60
Stunna4life888 is becoming a great contributor
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Send a message via Skype™ to Stunna4life888
Re: MUST READ!! Hackers urge all EVO 4G owners to root device citing security flaws!

People are saying that with Sprint software programming an android app could capture all of your data. IE: passwords, bank account info and such. I have read here and there about it.
Reply With Quote
  #5 (permalink)  
Old 06-03-2010, 11:39 PM
Stunna4life888's Avatar
PPCGeeks Regular
Offline
Pocket PC: HTC Touch Pro
Carrier: Sprint
Location: North Carolina
 
Join Date: Mar 2009
Posts: 77
Reputation: 60
Stunna4life888 is becoming a great contributor
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Send a message via Skype™ to Stunna4life888
Re: MUST READ!! Hackers urge all EVO 4G owners to root device citing security flaws!

Quote:
Originally Posted by nate.spangler View Post
so will rooting by itself help/fix the security flaws or is there more that we need to do??
Assuming it only needs to be rooted. FYI there is an OTA update coming out to "fix" the SD card issue, if you plan on rooting by all means DO NOT DOWNLOAD THE UPDATE! Devs are saying that it will more than likely cost you root access as well. If and when someone update we will be able to pull files pertaining to that update and find a way for the SD card fix with a push apk more than likely
Reply With Quote
This post has been thanked 1 times.
  #6 (permalink)  
Old 06-03-2010, 11:47 PM
Mazzakre's Avatar
Halfway to VIP Status
Offline
Pocket PC: EVO!!!!
Carrier: Sprint
Location: Michigan
 
Join Date: Feb 2009
Posts: 706
Reputation: 605
Mazzakre knows their stuffMazzakre knows their stuffMazzakre knows their stuffMazzakre knows their stuffMazzakre knows their stuffMazzakre knows their stuff
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Re: MUST READ!! Hackers urge all EVO 4G owners to root device citing security flaws!

Quote:
Originally Posted by redd214 View Post
... Mastracci also said that if “Sprint gave users root access to their phone, he and the two hackers he is working with would “be sending these vulnerabilities straight to Sprint.” But until Sprint abandons its “anti-user approach”, Mastracci said he and his team would “hold the exploits close to our chest.”[/B]
So, he knows about vulnerabilities but isn't going to tell anyone about it and possibly get a fix for all users because Sprint wont give root access? Sounds kinda selfish no? Most users dont want/need root access but they will remain vulnerable because of this. Also, i didnt think any phone company gave root access to their users, not just Sprint.
Im grateful to the guy for all his hard work getting a root for the phone but come on.

Just read the article on grack and it looks like he's saying that the hole comes from rooting your phone not from just using the phone... or is he saying that the vulnerability is in how easy it is to root? Im so confused.
__________________
Running OMJ 2.3.3 with Sense 2.1 Rom for Evo.
What will YOU do with first?!

Last edited by Mazzakre; 06-03-2010 at 11:51 PM. Reason: update
Reply With Quote
This post has been thanked 1 times.
  #7 (permalink)  
Old 06-03-2010, 11:48 PM
nate.spangler's Avatar
Halfway to VIP Status
Offline
Pocket PC: EVO
Carrier: sprint
Location: Michigander
 
Join Date: Apr 2008
Posts: 520
Reputation: 1040
nate.spangler is halfway to VIP status based on repnate.spangler is halfway to VIP status based on repnate.spangler is halfway to VIP status based on repnate.spangler is halfway to VIP status based on repnate.spangler is halfway to VIP status based on repnate.spangler is halfway to VIP status based on repnate.spangler is halfway to VIP status based on repnate.spangler is halfway to VIP status based on rep
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Re: MUST READ!! Hackers urge all EVO 4G owners to root device citing security flaws!

thanks for the info. long time winmo user. never even touched an android phone as of yet. have to relearn all over again.
Reply With Quote
  #8 (permalink)  
Old 06-03-2010, 11:49 PM
honduranthunder's Avatar
PPCGeeks Regular
Offline
Pocket PC: HTC EVO
Carrier: Sprint
Location: USA
 
Join Date: Oct 2008
Posts: 170
Reputation: 60
honduranthunder is becoming a great contributor
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Wirelessly posted (Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 8.12; MSIEMobile6.0) Sprint T7380)

what kind of information is making users vulnerable?
__________________
reap, sow, and give thanks - words to live by.
Reply With Quote
  #9 (permalink)  
Old 06-03-2010, 11:51 PM
Stunna4life888's Avatar
PPCGeeks Regular
Offline
Pocket PC: HTC Touch Pro
Carrier: Sprint
Location: North Carolina
 
Join Date: Mar 2009
Posts: 77
Reputation: 60
Stunna4life888 is becoming a great contributor
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Send a message via Skype™ to Stunna4life888
Re: MUST READ!! Hackers urge all EVO 4G owners to root device citing security flaws!

Quote:
Originally Posted by Mazzakre View Post
So, he knows about vulnerabilities but isn't going to tell anyone about it and possibly get a fix for all users because Sprint wont give root access? Sounds kinda selfish no? Most users dont want/need root access but they will remain vulnerable because of this. Also, i didnt think any phone company gave root access to their users, not just Sprint.
Im grateful to the guy for all his hard work getting a root for the phone but come on.
A magician never reveals his secrets though. You never know whose on the other side of these board lurking and ready to cause some trouble. If he points itout some "Dev" may take in into his or her hands and run with it. Just gotta be careful these days thats all.
Reply With Quote
This post has been thanked 1 times.
  #10 (permalink)  
Old 06-03-2010, 11:58 PM
Mazzakre's Avatar
Halfway to VIP Status
Offline
Pocket PC: EVO!!!!
Carrier: Sprint
Location: Michigan
 
Join Date: Feb 2009
Posts: 706
Reputation: 605
Mazzakre knows their stuffMazzakre knows their stuffMazzakre knows their stuffMazzakre knows their stuffMazzakre knows their stuffMazzakre knows their stuff
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Re: MUST READ!! Hackers urge all EVO 4G owners to root device citing security flaws!

Quote:
Originally Posted by Stunna4life888 View Post
A magician never reveals his secrets though. You never know whose on the other side of these board lurking and ready to cause some trouble. If he points itout some "Dev" may take in into his or her hands and run with it. Just gotta be careful these days thats all.
I agree that its not a great idea to release all the info but why not send it directly to Sprint? I dont really need to know where the hole is but if there is one Google or Sprint knowing would be a great idea. Google is a multibillion dollar company, they would get to action quickly to patch it.

Reading the article he says that Google and Sprint have both been proactive in addressing it so maybe they do know about it? If so he sure didnt make that very clear in the article.
Reply With Quote
This post has been thanked 1 times.
Reply

  PPCGeeks > Android > Android HTC Devices > HTC Evo 4G


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -4. The time now is 08:52 AM.


Powered by vBulletin® ©2000 - 2024, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0
©2012 - PPCGeeks.com