Data Stealing Exploit Found in Android
Data Stealing Exploit Found in Android
Posted 11/24/2010 at 3:23pm
| by Ryan Whitwam
3
Comments
Print
UK-based security consultant Thomas Cannon has identified a serious security flaw in Google's Android operating system. The exploit works on all versions of the platform, and could allow an attacker to view, and copy files from a device's SD card. Some of the important details are being held back by Cannon so Google has a chance to fix the exploit, but we do have an idea how it works.
A malicious website causes the browser to download a specially coded HTML file to the phone's SD card. Once there, the file is executed by JavaScript running on the site. When this HTML file is run locally, it is able to run JavaScript without user consent. An attacker can use this scripting access to copy files from the SD card. The only hitch? The exact filename and path must be known ahead of time.
This is not, as far as anyone knows, being actively exploited anywhere. There are some apps that always store important files in identical directories when installed, so it is possible an attacker could know where some files are kept. It is unclear what Google will do about this. All Android phones are affected. Will manufacturers and carriers be willing to push out updates even for older phones?
Image via Thomas Cannon
More like this
3
Comments
Comments are closed on this article
creek
November 25, 2010 at 1:56am
iOS has security flaw, users can require apple to solve it, correspondingly, if Android has security flaw, do we should require google? I'm a app creator of iFunia, creating video converter for apple, for apple's walled garden rather than opened Android.
Caboose
November 25, 2010 at 9:44am
I understand you're nothing but a spammer, but really, you should try a little harder.
You can REQUEST assistance from Apple, but Apple refuses to admit that they have any security flaws, until enough people bring it to light and the media catches wind of it. Then Apple will swoop down with a fix saying that they knew about it all along! The Android community relies on itself to repair a lot of issues. Some handset manufacturers will also release security fixes, etc.
Thirdly, you're an idiot!
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Original RickRoll Video Returns to YouTube After 24-Hour Copyright Hiatus http://t.co/MaH9Sxyy1 day 7 hours ago
- maximumpc: Corsair has decided not to go forward with its $78 million IPO, citing weak equity market conditions http://t.co/A5a4DAzj1 day 7 hours ago
- maximumpc: Want to work at Maximum PC? Our Online Managing Editor, Alex, is moving away, so we need a new one. http://t.co/9Z7JCh0E3 days 5 hours ago
