Android browser vulnerability exposes user data..!!

priyanshuit's picture


How to protect your Android smartphone from attacks.

A vulnerability in the Android browser could permit an attacker to steal the user's local data, according to a report yesterday from security expert Thomas Cannon.
Specifically, a malicious website could use the flaw to access the contents of files stored on the device's SD card as well as "a limited range of other data and files stored on the phone," Cannon explained.
In essence, the problem arises because the Android browser doesn't prompt the user when downloading a file. "This is a simple exploit involving JavaScript and redirects, meaning it should also work on multiple handsets and multiple Android versions without any effort," he noted.

A video included with Cannon's post
demonstrates the exploit in action using the Android emulator with Android 2.2,
or Froyo, but Cannon has found it on an HTC Desire with Android 2.2 as well.
Heise Security was able to reproduce the exploit on both a Google Nexus One and
a Samsung Galaxy Tab, both running Android 2.2, according to a report
on The H.

For the demo, Cannon first created a file on the SD card of the Android
device. Next, he visited a malicious page and watched as it grabbed the file
and automatically uploaded it to a server.



Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
2 + 4 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

About the Author

priyanshuit's picture

Name
priyanshu

Last Name
sahay

Gender
Male

Website / Blog
http://www.hackersonlineclub.com

About me
Myself PRIYANSHU. >> Certified Cyber Law Expert >> Certified Cyber Security Expert >> Certified Ethical Hacker >> Working on Cyber Security, Ethical Hacking, Investigation, VAPT, Web Designing. Catch Me On >> Facebook: http://www.facebook.com/priyanshu.it Twitter: http://twitter.com/priyanshu_itech Email: priyanshu@cyber-india.in

Location
Delhi

Recent comments