Client Login
 Quick Contact
Security Flaw Found in Android Browser
Category : General 02 Dec 2010 08:39 AM | Industry News
Security researcher Thomas Cannon recently warned Google about a security vulnerability he uncovered in all versions of its Android mobile operating system.
Using malware, cyber criminals can access all data stored on an Android-based smartphone's SD card, as well as other information stored directly on the device, according to Cannon. Hackers can use JavaScript to access the contents of any downloaded file or related files.
"This is a simple exploit involving JavaScript and redirects, meaning it should also work on multiple handsets and multiple Android versions without any effort."
In general, the vulnerability has to do with the way Android saves downloaded files--always in the same location. By using JavaScript, an attacker would be able to automatically open any downloaded file. The exploiter would need to know the name of the file but many applications typically save files with the same name.
The exploit has been tested and has worked on the HTC Desire, Galaxy Tab, and Nexus One. The exploit seems to be on all of the latest devices that have the Android browser.
Cannon says that the Android Security Team has responded immediately when he contacted them, and that they have already developed a fix that will be issued after they are done testing it. The also said the fix will be implemented in the maintenance release of Android's next version ("Gingerbread").