Thursday, March 7, 2013

Flaw in Samsung Note2 POP-UP Browser, allows attackers to bypass Android lock screen and throw open the internet browser

Just about was reading about the vulnerability which was discovered a couple days back with the Samsung Note 2. 
Co-incidentally I detected one which throws open the "POP-UP Browser" and its open pages to the attacker when the device is securely locked with a numeric or alphanumeric pass key.

When will it be flawed.
In the Note 2 there is Setting in 
Settings -> Lock screen-> Lock Screen options ->Information Ticker
If the Information Ticker is ON 
If you have accessed a site in the pop-up browser it will be vulnerable

How the attacker can
1) Lock the screen with secure lock like -- Pattern / Pin / Password 
2) Now click the home screen or power button to activate the phone
3) Click on the news or ticker item in the scroll
4) The un-locker password  screen will appear.
5) Now  instead of the lock pattern click on the "emergency call"
6) Boom!!!.. a pop up will appear with the item click and your "POP-UP Browser" provides free access to attacker..

So What if it appears
Attacker can access the Internet completely
From the pop up, attacker can replace the site with which ever he wishes to access..

Attacker can open a site whose details are stored and access your personal data(multiple sites)

Also the CLIPBOARD is vulnerable ----
Not only that, the attacker can also have the access to the clipboard items. If there is sensitive information (username / password) it would be thrown open to attacker 

What have I seen this flaw on
I have seen this only on my Samsung Note II N7100 with 4.1.2 update in India. The device does not have any rooted applications.
This may be possible on other phone variants as well which have the "POP-UP BROWSER"

Is there a way to avoid
1) Do no use the "POP-UP Browser"
2) Disable the Information ticker and this flaw be suppressed until a "POP-UP Browser" is open on the screen before the screen is locked.

Who is at fault
As per my observation, the "POP-UP Browser" is completely at fault. But I do not get a option to disable it completely.
Request the Samsung team to fix the Vulnerability in POP-UP Browser

Saturday, August 6, 2011

Preparing a Bootable USB (Windows 7)

Most of us have USB Flash drives. Making a USB Flash drive bootable and using it to install your OS is a very viable way of going about things. We can say good bye to CD/DVD scratch issue and making us helpless at times.
In this blog, I shall show you how to install Windows XP, Windows Vista and Windows 7 using a USB Flash drive.

The hardware required for this is: a USB Flash drive (at least 4 GB as many of the Versions span around 2.0 - 4.0 GB), and a Netbook/Desktop.

Formatting the USB drive

If you are running Windows Vista or Windows 7, open command prompt by running the command "cmd". “Right click” on “cmd” icon and click “Run as Administrator”

Type following commands one by on
"diskpart"   -- will open the native Win application for Disk Partition 

"list disk”   -- will list all the disks 

“select disk 3”   -- here 3 is the number corresponding to the USB disk, so you
                               can replace it with what is shown in your system


create partition primary"


format fs=fat32 quick"


     Making the drive ready to boot and install Windows Vista/ Windows 7
          Have Win 7 DVD : 
                Insert in the DVD Drive .
     Have a Win 7 ISO Image:
                You might need a Disk Cloning Software to mount the ISO image. 
                     There are a lot of utilities available on internet.I used Virtual CloneDrive
                 from "Slysoft" availabe @

               Mounting an ISO Image
                ·      Right click on WIN 7 ISO Image and click “Mount”
                     ·        Mounted ISO image will be seen as Disk Drive in “My  Computer”

Type the following commands
"K:"         -- Assuming the DVD/Mounted drive is K

Cd boot"

Bootsect /nt60 I:"    --  “I” is the driver letter of your USB Disk

     Now your USB Flash Driver is ready to boot. Just simply copy all the files from the Mounted CD/DVD to the USB Flash drive and you are ready to install WIN7 from USB.

For Installallation :

To install Windows Vista/ Windows 7 on your Netbook, you must set the Netbook to boot through the USB Flash drive. To achieve this, go to the BIOS and make USB HDD (or USB ZIP) as primary boot device. Start the Netbook, press a key to boot through the USB drive, and install Windows as usual. Remember to reset the boot sequence to boot from the internal hard drive when the system restarts the first time during the installation.