Hackers Release Data-Stealing Program to Push Google to Plug Holes at Security Conf.


Super Mod/News Team
Staff member
Premium Member
Jan 27, 2010
Reaction score
Lafayette Hill, Pa
Current Phone Model
HTC One M8
Hackers Release Data-Stealing Program to Push Google to Plug Holes at Security Conference

by Quentyn Kennemer on July 31st, 2010

Well this is quite the unsettling story. Two “security experts” (I prefer to call them hackers) have drafted up a tool that would allow the user of it to probe an Android device to intercept emails and SMS messages.

The program is a “root” utility that disguises itself as a program to help easily root your phone, but will do some other extracurricular activity before it’s done (that’s if it even goes through the process of rooting at all).

Know that the hackers aren’t doing this with any malintent: they want Google to get off their butts and fix the security holes before a serious incident goes down.

The tool was released to thousands of hackers at the DefCon 18 security and hacking conference going on this weekend. At first, you may not think releasing the scary tool is in yours or anyone’s best interests, but it forces Google’s hand in making sure things are set straight before too long.

This isn’t unlike the story we heard about exactly one year ago where a known SMS flaw plagued millions of handsets (housing many types of operating systems) and would allow the sender of an SMS to send something similar to a denial-of-service attack which would keep you from being able to make and receive calls, send and receive text messages, and use your phone’s data.

Following the revelation of that bug at a similar conference, Google, Apple, and other software vendors found themselves pushing out updates within days to fix it.

If this is anything like that, then I’m sure Google’s already hard at work to take care of that.

[via Reuters]
via Phandroid
very interesting... and a bit scary....
very interesting... and a bit scary....

Typically if an issue has been around for a while and not fixed something like this happens.

Security by obscurity is not secure at all. Whereas if I tell you exactly how I'm going to lock you out and you still can't get in...well that's the kind of security I want.

This conference is a big deal in the hacker/security world. Feds show up looking for criminals as well as looking to recruit folks.

They didn't just pick on Android either. One speaker showed how he could remotely hack ATM machines to spit money out. You can bet someone will be locking those down tighter soon too as those machines can hold up to $600k.
No download link for the tool ? :(
Have to start searching for that tool , sounds like it might come in handy