x PhoneArena is hiring! Reviewer in the USA

New Android bug called a 'privacy disaster'

Posted: , by Alan F.

Tags:

New Android bug called a 'privacy disaster'
Any Android user not running Android 4.4 is at risk for a bug that researchers are calling a "privacy disaster". And while that leaves 3 out of every 4 Android users as possible targets, the actual number of vulnerable Android devices is a lot lower since this bug right now, only affects those who are using the Android Open Source Platform browser.

The bug enters the 'bloodstream' of your Android device when you direct the browser to a specially designed website that injects infected javascript into your phone, bypassing the SOP protection used by most of today's browsers to protect such an occurrence from happening. Once your phone is infected, it can be controlled. According to one security researcher, "If I can do that, I can do all sorts of things; scrape web pages, read password fields, hijack a session."

Another researcher, Rafay Baloch, discovered the bug at the beginning of the month. So far, he has successfully exploited a number of older Android models like the Samsung Galaxy S III, Motorola DROID RAZR, Sony Xperia tipo, the HTC Evo 3D and the HTC Wildfire. And the chances are, things are going to get worse. The exploit code has been uploaded to Metasploit. This software is used by hackers to break into places they shouldn't be in. And according to a University professor, this exploit allows access to all of your private data. Hopefully, Google is working on a way to exterminate this rather "nasty bug".

"The mere fact that it potentially gives access to private data is a huge problem, after all it’s that data can then be used to commit further crimes against you."-Professor Alan Woodward, security expert, University of Surrey

source: Forbes

93 Comments
  • Options
    Close




posted on 16 Sep 2014, 10:54 24

2. JMartin22 (Posts: 1899; Member since: 30 Apr 2013)


Here's the annual monthly Android virus/malware article, sponsored by phoneArena.

posted on 16 Sep 2014, 11:04 7

7. ihavenoname (Posts: 1693; Member since: 18 Aug 2013)


I rather want to hear about possible threats instead of PA not telling about them just to please guys/girls like you, just saying.

posted on 16 Sep 2014, 11:11 17

12. JMartin22 (Posts: 1899; Member since: 30 Apr 2013)


This is more or less just contrived propaganda. These always just conveniently spawn out of no where and they capitalize on it. Only way you're going to get infected is if you are engaging in risky behaviour on your device. Just use common sense

posted on 16 Sep 2014, 11:22 2

19. elitewolverine (Posts: 5076; Member since: 28 Oct 2013)


risky behavior? you mean going to a site?

I handle hacked phones weekly, everything from rooted devices to a grandmother getting hit. Simply put is not just contrived propaganda. So much so that a great amount of apps in the app store are considered malware infected because of ads.

So a person playing a game could potentially get this bug if the ad directed them to the site.

One would consider your constant attack on PA about android a propaganda against the reality that this does exist, effects millions of users annually.

posted on 16 Sep 2014, 11:28 7

25. JMartin22 (Posts: 1899; Member since: 30 Apr 2013)


I don't know anyone in this reality or the next that's going to get "glitched" into rerouting you into a site that's going to infest you with malware. What are you doing then? Trying to download console/PC games onto your phone that don't exist for the platform? Why don't we see these same supposed slip ups that can come from human judgment error on iOS then?

posted on 16 Sep 2014, 11:33

27. elitewolverine (Posts: 5076; Member since: 28 Oct 2013)


Then you havent worked for a carrier. Daily i get these types of calls. So to each their own.

If it wasnt popular, and hitting MILLIONS, hackers wouldnt care, its why you dont see malware on ios desktop vs windows desktop, simple share. And the fact that it works.

And this could be done through ad space as well. Simple ad, throw it up, now a game is sporting an ad linker, accidently hit ad when playing game, and bam infected.

posted on 16 Sep 2014, 14:22 7

69. BlankSpaceNai (Posts: 127; Member since: 23 Apr 2014)


I have worked for a carrier and Im kinda looking at you with a big raised eyebrow.

First. Hacking of phones isnt as common as you say it is where your getting them daily, if your getting a 'weekly' problem with hackers, then you should recheck the devices to see whats really going on, maybe your just getting malware. Also, malware is childs play in forms of fixing. If your working for a carrier, inform your customers to READ the comment sections when they download an app, you can learn if an app is really infected that way.

Second. The chance of the 'exploit' happening is even rarer due to the fact that it requires lesser protected browsers to infect. So that lowers the chances even further of it happening. Basically, you have to fit a small criteria of customers who have the right recipe of disaster for this 'exploit' to work.

Last. This
"If it wasnt popular, and hitting MILLIONS, hackers wouldnt care, its why you dont see malware on ios desktop vs windows desktop, simple share. And the fact that it works."

Really...you've never seen malware on ios? I for one, have, and I'll say this. After trying to fix an issue on IOS, I will gladly pay to not do it again. You are correct, it is difficult for it to enter IOS, BUT ITS ALSO DIFFICULT TO GET OFF AS WELL. But you can try to speak wonders about IOS anytime you like, I got the time, if you have the knowledge.

posted on 16 Sep 2014, 11:09 12

10. Ninetysix (Posts: 2339; Member since: 08 Oct 2012)


Source: Forbes

Yep.

posted on 16 Sep 2014, 11:12 12

14. JMartin22 (Posts: 1899; Member since: 30 Apr 2013)


Lol Forbes, the most biased PoS pro-Apple website.

posted on 16 Sep 2014, 11:20 8

18. Ninetysix (Posts: 2339; Member since: 08 Oct 2012)


Phew. Good to know this is just a made up propaganda since it's from Forbes. Metasploit and other sites are reporting the same though so I'm not sure if they are Pro-apple as well.

posted on 16 Sep 2014, 11:33 6

28. JMartin22 (Posts: 1899; Member since: 30 Apr 2013)


Only time you praise or believe something is when it reaffirms your blind, one-sided notion. For the record, sites like this also parrot information like this from the original source

posted on 16 Sep 2014, 11:37 3

32. Armchair_Commentator (Posts: 222; Member since: 08 May 2014)


are you talking about yourself or someone else?

posted on 16 Sep 2014, 11:38 2

33. Ninetysix (Posts: 2339; Member since: 08 Oct 2012)


All good brosephine. I'm running 4.4.2 on my Galaxy S4.

posted on 16 Sep 2014, 13:45

64. tedkord (Posts: 10231; Member since: 17 Jun 2009)


I don't think Forbes is Apple biased - they did rank Google as more innovative than Apple. The thing is, when that happened, Apple fans were questioning Forbes' veracity.

Moral : there are rationalizers on both sides of the court.

posted on 16 Sep 2014, 11:22

21. elitewolverine (Posts: 5076; Member since: 28 Oct 2013)


and source, JMartin22, blind to reality...just saying

posted on 16 Sep 2014, 11:58 4

40. swiekekodok (Posts: 58; Member since: 19 Jul 2014)


Damn,....are u iZombie fanboy?

posted on 16 Sep 2014, 13:30

56. elitewolverine (Posts: 5076; Member since: 28 Oct 2013)


Yup so much so i own none of their devices and refuse to own one as well.

Current choice of phone is a wp as my daily driver, and a note 3 as a 'just cause' device.

posted on 16 Sep 2014, 11:43

36. darkkjedii (Posts: 19734; Member since: 05 Feb 2011)


Yet here you are trolling on it as usual.

posted on 16 Sep 2014, 12:15 9

44. JMartin22 (Posts: 1899; Member since: 30 Apr 2013)


Still camping? I hear that iPhone has another 3 weeks to go

posted on 16 Sep 2014, 10:55 4

3. madmikepr (Posts: 136; Member since: 09 Aug 2011)


"Any Android User not Running Android 4.4"...
Ok I'm Good To Go
HTC One M8

posted on 16 Sep 2014, 10:56 5

4. blackberry_Boy (Posts: 213; Member since: 27 May 2014)


And that's one of the reason's why I went back to IOS and want a blackberry again because of stupid shyt like this

posted on 16 Sep 2014, 11:38 1

34. lalalaman (Posts: 630; Member since: 19 Aug 2013)


A windows phone? It might be a better option than android and ios in security other than BlackBerry, and better in feature than BlackBerry

posted on 16 Sep 2014, 14:59

74. meanestgenius (Posts: 9672; Member since: 28 May 2014)


Windows Phones do not have better features than BlackBerry's. Windows Phones don't even support true multitasking or have systems access in their file manager.

posted on 16 Sep 2014, 13:27 3

54. marbovo (Posts: 658; Member since: 16 May 2013)


Thats is not the reason, you don't need to lie

posted on 17 Sep 2014, 07:43

91. GeorgeDao123 (Posts: 423; Member since: 20 Aug 2013)


Well, you're about to be popular soon. Your nude photos will be leaked.

posted on 16 Sep 2014, 11:03 15

6. MrKoles (Posts: 368; Member since: 20 Jan 2013)


If this is a privacy disaster, what would you, Phonearena, call the iCloud issue?

posted on 16 Sep 2014, 11:37 7

31. register (unregistered)


Thats not a privacy disaster. The users used it wrong.

posted on 16 Sep 2014, 12:48

49. wyrishman (Posts: 39; Member since: 11 May 2014)


Haha those were my thoughts too.

posted on 17 Sep 2014, 07:56

92. MrKoles (Posts: 368; Member since: 20 Jan 2013)


Keep telling this yourself

posted on 16 Sep 2014, 11:40 3

35. Commentator (Posts: 3665; Member since: 16 Aug 2011)


They called it "the celebrity scandal that engulfed Apple."

Source:http://www.phonearena.com/news/Apple-will-now-inform-you-if-your-iCloud-account-has-been-accessed-from-the-web_id60441

posted on 16 Sep 2014, 13:32 1

59. elitewolverine (Posts: 5076; Member since: 28 Oct 2013)


Nothing, it was someone guessing passwords and security questions, there was no 'hack' like you think of this program.

Also, google got hacked for 5million accounts at the same time. But since no celebrity info was leaked from google drive etc, it went under the radar. Say that again 5 MILLION.

posted on 16 Sep 2014, 13:49 3

66. tedkord (Posts: 10231; Member since: 17 Jun 2009)


And now you're either lying or misinformed. Google was not hacked, other sites were. The passwords were from third party sites where people used Gmail addresses as their user names.

Not one single password was hacked from Google.

posted on 16 Sep 2014, 11:07 2

8. ThePython (Posts: 869; Member since: 08 May 2013)


"Any Android user not running Android 4.4"

Yep. All good.

#MotorolaFTW

posted on 16 Sep 2014, 12:04 3

41. buccob (Posts: 2512; Member since: 19 Jun 2012)


"only affects those who are using the Android Open Source Platform browser"

Nope, me and my family use Chrome and Opera... so no risk here...

posted on 16 Sep 2014, 13:41 1

61. JunitoNH (Posts: 1608; Member since: 15 Feb 2012)


Simple solution, don't use your android device for banking and/or security solutions.

posted on 16 Sep 2014, 11:10 6

11. Sniggly (Posts: 7305; Member since: 05 Dec 2009)


Oh, so you have to go to a specific website to get the malware to begin with, AND you have to be using the stock browser instead of Chrome or a bunch of other options? Oh, and I assume that if the browser is updated the problem goes away?

Yay for FUD!

posted on 16 Sep 2014, 11:31

26. elitewolverine (Posts: 5076; Member since: 28 Oct 2013)


assume the browser is updated, only updated in 4.4.

Also not everyone wants to use chrome. I would say out of 50 people daily i find 10 that use chrome.

When the stock browser that says, browser/internet that is the icon that boots up with the phone, in your face. Most of the populace, hell i would garner 90% that could care less and doesnt even know this website exists wouldnt know.

The most common question "whats the difference, dont they get me to the internet..."

posted on 16 Sep 2014, 13:42 1

62. willard12 (Posts: 1528; Member since: 04 Jul 2012)


In the survey you conducted on who uses what browser, how many people did you find that went to the specific website where the malware was located?

posted on 16 Sep 2014, 11:16 4

15. Quezdagreat (Posts: 428; Member since: 05 Apr 2012)


uh-oh 90% of you fandroids are at risk lol

posted on 16 Sep 2014, 11:52 3

37. blingblingthing (Posts: 522; Member since: 23 Oct 2012)


90% of android users are not using 4.4 and using an AOSP browser? NO

posted on 16 Sep 2014, 12:18 6

46. JMartin22 (Posts: 1899; Member since: 30 Apr 2013)


We're at risk of being exposed to cheap attempts at trolling and propaganda telling us to duck under a table.

posted on 16 Sep 2014, 12:27 2

47. techspace (Posts: 1033; Member since: 03 Sep 2012)


I don't know about the fanboys but the regular android users are at risk of wasting their time in replying to your comment.

posted on 16 Sep 2014, 13:17 2

53. Quezdagreat (Posts: 428; Member since: 05 Apr 2012)


Absolutely, just like you did buddy.

posted on 16 Sep 2014, 13:38

60. techspace (Posts: 1033; Member since: 03 Sep 2012)


yes, exactly....at least you have accepted that you are wasting my time.

posted on 16 Sep 2014, 13:49

65. Quezdagreat (Posts: 428; Member since: 05 Apr 2012)


Yes I have, do you mind if I waste more of your time? Por favor?

posted on 16 Sep 2014, 14:24

70. techspace (Posts: 1033; Member since: 03 Sep 2012)


Yes, I do.

posted on 16 Sep 2014, 11:17 5

16. The_Innovation (Posts: 604; Member since: 18 Jul 2012)


Careful with your nudes. (pun intended)

posted on 16 Sep 2014, 11:17 3

17. Antimio (Posts: 313; Member since: 11 Nov 2013)


I'm 4.4KK and I use Chrome. Nothing to be worried about.

posted on 16 Sep 2014, 11:23

22. DirtyDan23 (Posts: 279; Member since: 12 Aug 2014)


Chrome beta ftw

posted on 16 Sep 2014, 11:25 2

23. Cicero (Posts: 854; Member since: 22 Jan 2014)


Yep. PA is more close to iPropaganda. Why not to use Chrome or other stabil web browser? And this article it is writed like a scary movie with parts of the reality of day to day use.

posted on 16 Sep 2014, 11:34

29. elitewolverine (Posts: 5076; Member since: 28 Oct 2013)


because the vast populace, sees the stock internet/browser that comes with the phone, and doesnt care as long as they get to the web.

posted on 16 Sep 2014, 11:27 3

24. rockvw62 (Posts: 3; Member since: 21 Jun 2012)


Who uses the aosp browser anyway? People over 60 who most likely would never visit the specific bug site anyway?

posted on 16 Sep 2014, 11:56 1

39. Scott93274 (Posts: 4066; Member since: 06 Aug 2013)


I don't know. Working in the IT field, I see people do some really stupid stuff. ...Really stupid stuff....

posted on 16 Sep 2014, 13:31

58. Ashoaib (Posts: 3229; Member since: 15 Nov 2013)


same here... there are many great scientist in my company and sometime I wonder(sometime they wonder) that among which people I am working :)

posted on 16 Sep 2014, 11:35 2

30. register (unregistered)


Still I will choose Android over that revolutionary phone.

posted on 16 Sep 2014, 11:55

38. Scott93274 (Posts: 4066; Member since: 06 Aug 2013)


Seeing as this is only affecting folks with Android < 4.4 & running basic run of the mill web browser, I highly doubt that any regular visitor of this site is affected. Oddly enough, even though 3 out of 4 people are at risk by this gaping hole, Google's stock is up today. I swear the Stock market makes no sense to me.

posted on 16 Sep 2014, 15:35

80. strudelz100 (Posts: 644; Member since: 20 Aug 2014)


< 4.4 and AOSP Browser affects 90+% of Samsung devices.

Just saying.

posted on 16 Sep 2014, 12:13 2

42. Blitz (Posts: 15; Member since: 02 Dec 2013)


I have noticed, this specifc author's articles are always biased towards Android.

posted on 16 Sep 2014, 12:15 3

43. yowanvista (Posts: 340; Member since: 20 Sep 2011)


Sounds like BS, the AOSP browser is obsolete and hasn't been maintained for years and it doesn't even ship on those Jelly Bean devices. It's up to OEMs like Samsung to fix their AOSP browser forks that shipped with their GB/ICS firmware. You honestly can't designate that an 'Android bug' since it affects a discontinued component of AOSP that is no longer being worked on by Google.

posted on 16 Sep 2014, 12:43 3

48. JMartin22 (Posts: 1899; Member since: 30 Apr 2013)


Leave it to the tech media to muck up that distinction.

* Some comments have been hidden, because they don't meet the discussions rules.

Want to comment? Please login or register.

Latest stories