Allwinner Leaves Root Exploit in Linux Kernel, Putting ARM Devices at Risk
Running a Bitcoin node on your ARM single board computer? Fan of cheap Chinese tablets and smartphones? Maybe you contributed to the recent CHIP computer Kickstarter, or host a wallet on one of these devices. Well, if any of these applies to you, and your device is powered by an Allwinner SoC, you should probably wipe it and put an OS on it with the most recent kernel release. Why? Allwinner left a development “tool” on their ARM Linux kernel that allows anyone to root their devices with a single command. This oversight has serious security implications for any Allwinner powered device,....
Related News
The fifth episode of the Bitcoinist Podcast aired today. It’s available on our RSS feed, Soundcloud, gPodder, Stitcher, and a growing number of podcasting apps and services. In this episode, My co-host, Caleb Chen and I, discuss the rise in Bitcoin’s price, Jacob Appelbaum’s ousting from the Tor project, Windows 10’s various new security flaws, the kernel level Allwinner ARM exploit, play with drones in the background, and more. The podcast is in full swing again, so subscribe with whatever service you prefer, and rest assured that new content is on it’s way. We’ll be putting up new....
Google is the latest giant tech company to enter the IoT space with Fuchsia – a new operating system that seems to be targeting IoT devices. Little, if anything, has been officially announced, but the code has been publicly released. It’s use of Magneta, based on the LittleKernel Project, a far more scalable kernel than Linux’s, which is currently used on Chrome and Android, has led many to speculate the new OS is targeted at the IoT market as it is far more suitable for small devices. Apparent Google employees stated on the projects public discussion channel that they will not confirm or....
5 March 2016 – Amazon has retracted their move to disable encryption on Fire OS and HDX devices. They have no plans to quickly fix this issue, though, saying that the update reenabling this security feature will come sometime in Spring. This leaves Amazon device users without an option for device encryption for at least a few months, putting their privacy and data at risk. Given Amazon’s heavy integration of monetized services and cloud applications, this security fix seems like it should be a higher priority for the internet retail giant.
For many years, a lot of people assumed Linux was one of the most secure operating systems in the world. Due to its smaller market share, and completely different codebase from Windows, Linux has been rather safe from major virii and malware. However, there is one simple exploit that lets an assailant breach a Linux machine by pressing the backspace 28 times in a row. Two Spanish security researchers discovered this strange – and very unusual – Linux bug by tapping a specific key more than once in quick succession. Unlike in most cases where computers are involved, smashing the same button....
It is no secret how mobile Android devices are vulnerable to a wide range of attacks, which could have drastic consequences for consumers. Especially when it comes to financial details being leaked, these Android vulnerabilities will need to be addressed sooner rather than later. Accessibility clickjacking is one of the more recent forms of malware putting over 500 million devices – and Bitcoin users around the world – at risk. Accessibility Clickjacking is A Major Risk On Android. Earlier this month, security researchers unveiled more details on a new type of malware that is putting....