nLL

Mobile web, .Net, Android, gadgets and some random stuff

Nexus S and One receives Android 2.3.4 OTA update

Download for model i9020T, i9023 and build GRI40 and baseband KB1

(http://android.clients.google.com/packages/ota/google_crespo/a14a2dd09749.signed-soju-GRJ22-from-GRI40.a14a2dd0.zip)

 

Download for model i9023 and build GRI54

(http://v7.nonxt6.c.android.clients.google.com/packages/data/ota/google_crespo/486786a7fd97.signed-soju-GRJ22-from-GRI54.486786a7.zip)

 

To update manually follow the instructions at http://nolovelust.com/post/Nexus-S-receives-second-OTA-update-353e267378cdsigned-soju-GRH78C-from-GRH78353e2673zip.aspx

 

Changes on this update are as follows:

New: Video chat in Google Talk

Bug fix: Phone shuts down or reboots

Bug fix: Wi-fi & 3G icons both indicate active

Bug fix: Battery life

Bug fix: GPS location/navigation

Via http://www.google.com/support/forum/p/Google+Mobile/thread?tid=3812c1acf93b482f&hl=en

 

Android 2.3.3 download link for Nexus S

Go to Settings > About Phone to findout your version

Nexus S GRH78C
http://android.clients.google.com/packages/ota/google_crespo/98f3836cef9e.signed-soju-GRI40-from-GRH78C.98f3836c.zip

Nexus S GRH78
http://android.clients.google.com/packages/ota/google_crespo/e0b546c442bf.signed-soju-GRI40-from-GRH78.e0b546c4.zip

Download and copy file to your sd card/internal memory, boot in to boot loader with volume up+ power, select Recovery, press volume up + power after exclamation mark screen

 

Android 2.3 (Gingerbread) Data Stealing Vulnerability

Xuxian Jiang recently reported a vulnerability in latest Android version Gingerbread and Nexus S that runs it.

According to article it is poosible to steal information and list of applications from phones sd card and system partitions.

Article does not explain what is the  vulnerability but it looks like it is releted to some sort of upload feature. It may be that Android Gingerbread doesn;t request user confirmation for uploads so that you can steal some information by uploading some files via javascript.

Here is the full article:

 

 "While working on an Android-related research project, I came across a data stealing vulnerability in Android 2.3 (Gingerbread). This vulnerability is of the same nature with the one reported by Thomas Cannon during last November on Android 2.2 (Froyo). That particular bug is supposed to be fixed in Android 2.3 (Gingerbread) -- see the links here, here, here, and there.

Unfortunately, our finding here is that the patch contained in Android 2.3 is not an ultimate fix and can still be bypassed. We have a proof-of-concept exploit with a stock Nexus S phone and are able to successfully exploit the vulnerability to steal potentially personal information from the phone. The attack works by requiring the user to visit a malicious link. Based on the experiments with one of our Nexus S phones, we have leveraged the vulnerability to
Obtain the list of applications that are currently installed in the phone;
Upload the applications (located in /system and /sdcard partitions) to a remote server;
Read and upload the contents of any file (including photos, saved voicemails...) stored on the phone's /sdcard. Note that to do that, the exact pathname/filename needs to be known.

I notified the Google Android Security Team on 01/26/2011 and was pleased/impressed to receive their response within 10 minutes. After that, we exchanged emails, including a critical piece of exploit code, to better understand the nature of the vulnerability. From the interaction, I can tell that they took this issue seriously and the investigation was started immediately without any delay. Also, I need to mention that this attack is not a root exploit, meaning it still runs within the Android sandbox and cannot grab all files on the system (only those on the /sdcard and a limited number of others).

The vulnerability is now confirmed and I was told that an ultimate fix will be included no later than the next major release of Android. We are not aware of any active exploitation of this issue.

For responsible disclosure, I will not publish the details of the vulnerability until an ultimate fix is out. However, I would like to share the common intention by informing users about the potential risk (and absolutely NOT about how to exploit), which is the reason why I created this webpage.

Before the ultimate fix is out, there are several ways we can take to mitigate this threat. For example, we can temporarily disable Javascript support in the Android browser or switch to a third-party browser for the time being (e.g., Firefox). We can also choose to unmount the /sdcard. But that may greatly affect the usability of the phone. Users are also encouraged to be cautious when viewing unfamiliar websites.

Finally, I'd like to thank Nick from the Android Security Team for verifying the presence of this vulnerability and keeping me informed as this fix progresses."

Nexus S receives second OTA update 353e267378cd.signed-soju-GRH78C-from-GRH78.353e2673.zip

Update 26/02/2011 : You should download latest android 2.3.3 instead of below

Android 2.3.2 update for Nexus S is only 600kb, it fixes SMS bug where messages gets sent to different numbers also addressing Nexus S random reboot issue.

Download it from here

 

Installation instructions taken from http://www.redmondpie.com/download-and-install-android-2.3.2-on-nexus-s-how-to-guide/ 

 

Copy this file to the root of your SD card

Now power off your phone, hold down the “Volume Up” button, followed by the “Power” button to turn it back on.

Now use the volume rocker buttons to navigate to “Recovery” option and then select it using “Power” button.

Now when you see an exclamation mark –like image on the screen, hold down the “Power” button followed by “Volume Up” button.

At this stage you should be presented with Android’s Recovery menu. Now select the option to apply the update from SD card, followed by selecting the actual update “.zip” file using the “Power” button.

That’s it. Wait for the phone to complete the update process. Once its done, select “reboot system now” option to reboot your phone into Android 2.3.2 Gingerbread.