Android Data Theft Vulnerability Detailed
It should come as no shock that Android has security holes, especially seeing that the majority of rooting and jailbreaking techniques exploit recently discovered or undisclosed vulnerabilities in order to escalate privileges and provide end users with the endless amounts of customisation and third party apps. Well there’s a dark side to that as well.
An independent security researcher has detailed a proof of concept method to surreptitiously slurp data from an Android handset using a combination of XSS (cross site scripting) and Javascript.
With the help of the open source security framework Metasploit, Thomas is easily able to disguise a download as an Adobe update, which actually contains code that will upload files to the attacker. He has tested it on the Android 2.2 emulator as well as an HTC Desire and is successfully able to pull pictures off the SD card. Google has sent word that a fix for Gingerbread is on the way, but that leaves a serious amount of devices running Android 2.2 that are vulnerable to this attack – which doesn’t say much about carriers working to keep users up to date and reduce fragmentation.
See video of the demonstration at Vimeo.
Related Topics Similar to This Article: »
Recent Activity: »
Author: Simon LR
Simon LR has written 111 articles for us.
The author of this post can be contacted at simon@techie-buzz.comComment Using Facebook
One Response to this Article | Share your Opinions/Comments
We moderate comments to prevent spam. Moderation is done within few hours. Please try and stay on topic and refrain from using abusive language. If you think there is a problem with this post, please email the post author or send us an email at tips@techie-buzz.com with the URL and the problem you see and we will rectify it as soon as we can.
Thanks, please bring more android news & resources.