A team of security researchers have demonstrated how a security flaw in Android 4.0.4 can be exploited by a clickjacking rootkit.

The research team is lead by North Carolina State University professor Xuxian Jiang, who succeeded in developing a proof-of-concept rootkit that attacks the Android framework as opposed to the underlying operating system kernel. The researchers contend that such a rootkit could potentially be downloaded with an infected app and be used to manipulate the smartphone.

In the video, the demonstrator was able to hide applications on the device, as well as get them to launch when icons for other applications are clicked. If downloaded with an infected application, the rootkit could for example hide the smartphone’s browser and replace it with a browser that looks exactly the same but actually steals all of the user’s information.

Thousands of iPhone owners have joined forces with a team of hackers to help them find new ways to jailbreak Apple’s phone software.

Jailbreaking involves unlocking a device so that it is not restricted to running software officially approved by the manufacturer.

Mobile phones that run Google’s Android operating system do not face this restriction and Microsoft allows its Windows Phone 7 operating system to be unlocked. But Apple has always fought very hard to prevent anyone jailbreaking its devices.

The latest version of the iPhone’s operating system is proving to be extremely hard to jailbreak fully, according to Joshua Hill, a member of the Chronic Dev hacker team.

“Apple is really making it tough for us. The iPhone is now better protected than most nuclear missile facilities,” he says.

Bug Hunt
Bugs may result in a program crashing or shutting down, and they are like gold dust to hackers because sometimes they can be exploited to create a jailbreak.

To help prevent this, Apple’s phones record details of program crashes and send these reports back to the company. Apple’s programmers can then analyse the crash reports and fix any underlying bugs that pose serious security risks.

Crash Reports
The solution to this problem is to subvert Apple’s crash reporting capability by turning it against the company, he says.

“Chronic Dev is ready to turn this little information battle into an all-out, no-holds-barred information WAR,” Mr Hill wrote on the Chronic-Dev blog recently, using his nom de guerre Posixninja.

To do this he has written and distributed a program called CDevreporter that iPhone users can download to their PC or Mac. The program intercepts crash reports from their phones destined for Apple and sends them to the Chronic Dev team.

“In the first couple of days after we released CDevreporter we received about twelve million crash reports,” he says.

Legal Breaks
Jailbreaking phones is legal in the United States, thanks to a ruling in July 2010 by the Library of Congress – an agency that carries out legal research for the US government.

“There’s nothing Apple can do that would make jailbreaking impossible,” he says.

“Apple will always add new features to its phones, and there will always be bugs in its software. It’s just a matter of find the right ones.”

Elcomsoft Phone Password Breaker (EPPB) enables forensic access to password-protected backups for smartphones and portable devices based on RIM BlackBerry and Apple iOS platforms. The password recovery tool supports all Blackberry smartphones as well as Apple devices running iOS including iPhone, iPad and iPod Touch devices of all generations released to date, including the latest iPhone 4 and iOS 4.3.

The new tool recovers the original plain-text passwords protecting encrypted backups for Apple and BlackBerry devices. The backups contain address books, call logs, SMS archives, calendars and other organizer data, camera snapshots, voice mail and email account settings, applications, Web browsing history and cache.

But, there is a catch. The new feature requires Media Card encryption to be switched on and set to either “Security Password” or “Device Password” mode. If this condition is met, EPPB will be able to run password recovery against device security password. What is also important and rather exciting is that you don’t need the BlackBerry device itself. All that is needed is a media card that was used in that device. Actually, that only need one specific file from that media card, so yes, the recovery can be off-loaded and the password can be recovered offline.

Download : EPPB 1.80

After HP announced it would discontinue production of its TouchPad tablet last week, it looked like early HP tablet adopters spent $500 on a dud. If you’re an enterprising software hacker, however, there could be an opportunity to make your money back — and then some.

A hardware-modification web site is offering a $1,500 cash bounty for the first person to successfully port a full version of the Android operating system over to HP’s TouchPad.

Hacknmod.com offers a tiered bounty system for would-be TouchPad hackers: Just getting Android to run on the TouchPad without taking full advantage of the tablet’s hardware will win you a cool $450. But the more you’re able to integrate the system software into the device, the more cash you’ll earn. Get the Wi-Fi, multitouch capability, audio and camera up and running, and you’ll add another $1,050 to the pot.

While the bounty is characteristic of the Android-modding crowd which basically wants to slap Android onto anything with a circuit board and touch screen, it’s also an admirable effort to breathe new life into a dying piece of hardware. After reports of dismal sales and third-party retailers sitting on hundreds of thousands of unsold TouchPads, HP decided to kill production after a mere 49 days on the market.

It was bad news for current TouchPad owners. No more HP hardware gives little incentive for webOS app developers to continue producing applications for the platform. In turn, TouchPad owners miss out on the latest popular applications to come to mobile devices. And of course, it gives potential customers no incentive to buy the remaining TouchPads retailers have in stock, costing HP and retail stores hundreds of millions of dollars. Everyone loses.

But if the porting plans work, it could mean bringing a slew of Android apps over to HP’s tablet. If the TouchPad can be made capable of running thousands of Android apps, the device may not be obsolete.

This isn’t the first time the Android-modification community tried to port the operating system over to non-Android devices. Android modders have run the operating system on Barnes And Noble’s Nook Color e-reader, certain Nokia smartphones and even an iPhone.

The Hacker’s Choice announced a security problem with Vodafone’s Mobile Phone Network.

An attacker can listen to UK Vodafone mobile phone calls.

An attacker can exploit a vulnerability in 3G/UMTS/WCDMA – the latest and most secure mobile phone standard in use today.

The technical details are available at http://wiki.thc.org/vodafone.

The problem lies within Vodafone’s Sure Signal / Femto equipment.

A Femto Cell is a tiny little home router which boosts the 3G Phone signal. It’s available from the Vodafone Store to any customer for 160 GBP.

THC managed to reverse engineer – a process of revealing the secrets – of the equipment. THC is now able to turn this Femto Cell into a full blown 3G/UMTC/WCDMA interception device.

A Femto is linked to the Vodafone core network via your home Internet connection. The Femto uses this access to retrieve the secret key material of a Vodafone customer who wants to use the Femto.

THC found a way to circumvent this and to allow any subscriber – even those not registered with the Femto – to use the Femto. They turned it into an IMSI grabber. The attacker has to be within 50m range of the UK Vodafone customer to make the customer’s phone use the attacker’s femto.

The second vulnerability is that Vodafone grants the femto to the Vodafone Core Network HLR /AuC which store the secret subscriber information. This means an attacker with administrator access to the Femto can request the secret key material of a UK Vodafone Mobile Phone User.

This is exactly what happened. The group gained administrator access to the Femto. An attacker can now retrieve the secret key material of other Vodafone customers.

This secret key material enables an attacker to listen to other people’s phone calls and to impersonate the victim’s phone, to make phone calls on the victim’s cost and access the victim’s voice mail.

This is clearly a design flaw by Vodafone. It is disgusting to see that a major player like Vodafone chooses ‘newsys’ as the administrator password, thus allowing anyone to retrieve secret data of other people.