It should come as no shock that Android has security holes, especially seeing that the majority of rooting and jailbreaking techniques exploit recently discovered or undisclosed vulnerabilities in order to escalate privileges and provide end users with the endless amounts of customisation and third party apps. Well there’s a dark side to that as well.
With the help of the open source security framework Metasploit, Thomas is easily able to disguise a download as an Adobe update, which actually contains code that will upload files to the attacker. He has tested it on the Android 2.2 emulator as well as an HTC Desire and is successfully able to pull pictures off the SD card. Google has sent word that a fix for Gingerbread is on the way, but that leaves a serious amount of devices running Android 2.2 that are vulnerable to this attack – which doesn’t say much about carriers working to keep users up to date and reduce fragmentation.
See video of the demonstration at Vimeo.