x PhoneArena is hiring! Reviewer in the USA

New Android bug called a 'privacy disaster'

Posted: , by Alan F.

Tags :

New Android bug called a 'privacy disaster'
Any Android user not running Android 4.4 is at risk for a bug that researchers are calling a "privacy disaster". And while that leaves 3 out of every 4 Android users as possible targets, the actual number of vulnerable Android devices is a lot lower since this bug right now, only affects those who are using the Android Open Source Platform browser.

The bug enters the 'bloodstream' of your Android device when you direct the browser to a specially designed website that injects infected javascript into your phone, bypassing the SOP protection used by most of today's browsers to protect such an occurrence from happening. Once your phone is infected, it can be controlled. According to one security researcher, "If I can do that, I can do all sorts of things; scrape web pages, read password fields, hijack a session."

Another researcher, Rafay Baloch, discovered the bug at the beginning of the month. So far, he has successfully exploited a number of older Android models like the Samsung Galaxy S III, Motorola DROID RAZR, Sony Xperia tipo, the HTC Evo 3D and the HTC Wildfire. And the chances are, things are going to get worse. The exploit code has been uploaded to Metasploit. This software is used by hackers to break into places they shouldn't be in. And according to a University professor, this exploit allows access to all of your private data. Hopefully, Google is working on a way to exterminate this rather "nasty bug".

"The mere fact that it potentially gives access to private data is a huge problem, after all it’s that data can then be used to commit further crimes against you."-Professor Alan Woodward, security expert, University of Surrey

source: Forbes

93 Comments
  • Options
    Close






posted on 16 Sep 2014, 10:54 24

2. JMartin22 (Posts: 1984; Member since: 30 Apr 2013)


Here's the annual monthly Android virus/malware article, sponsored by phoneArena.

posted on 16 Sep 2014, 11:04 7

7. ihavenoname (Posts: 1693; Member since: 18 Aug 2013)


I rather want to hear about possible threats instead of PA not telling about them just to please guys/girls like you, just saying.

posted on 16 Sep 2014, 11:11 17

12. JMartin22 (Posts: 1984; Member since: 30 Apr 2013)


This is more or less just contrived propaganda. These always just conveniently spawn out of no where and they capitalize on it. Only way you're going to get infected is if you are engaging in risky behaviour on your device. Just use common sense

posted on 16 Sep 2014, 11:22 2

19. elitewolverine (Posts: 5188; Member since: 28 Oct 2013)


risky behavior? you mean going to a site?

I handle hacked phones weekly, everything from rooted devices to a grandmother getting hit. Simply put is not just contrived propaganda. So much so that a great amount of apps in the app store are considered malware infected because of ads.

So a person playing a game could potentially get this bug if the ad directed them to the site.

One would consider your constant attack on PA about android a propaganda against the reality that this does exist, effects millions of users annually.

posted on 16 Sep 2014, 11:28 7

25. JMartin22 (Posts: 1984; Member since: 30 Apr 2013)


I don't know anyone in this reality or the next that's going to get "glitched" into rerouting you into a site that's going to infest you with malware. What are you doing then? Trying to download console/PC games onto your phone that don't exist for the platform? Why don't we see these same supposed slip ups that can come from human judgment error on iOS then?

posted on 16 Sep 2014, 11:33

27. elitewolverine (Posts: 5188; Member since: 28 Oct 2013)


Then you havent worked for a carrier. Daily i get these types of calls. So to each their own.

If it wasnt popular, and hitting MILLIONS, hackers wouldnt care, its why you dont see malware on ios desktop vs windows desktop, simple share. And the fact that it works.

And this could be done through ad space as well. Simple ad, throw it up, now a game is sporting an ad linker, accidently hit ad when playing game, and bam infected.

posted on 16 Sep 2014, 14:22 7

69. BlankSpaceNai (Posts: 127; Member since: 23 Apr 2014)


I have worked for a carrier and Im kinda looking at you with a big raised eyebrow.

First. Hacking of phones isnt as common as you say it is where your getting them daily, if your getting a 'weekly' problem with hackers, then you should recheck the devices to see whats really going on, maybe your just getting malware. Also, malware is childs play in forms of fixing. If your working for a carrier, inform your customers to READ the comment sections when they download an app, you can learn if an app is really infected that way.

Second. The chance of the 'exploit' happening is even rarer due to the fact that it requires lesser protected browsers to infect. So that lowers the chances even further of it happening. Basically, you have to fit a small criteria of customers who have the right recipe of disaster for this 'exploit' to work.

Last. This
"If it wasnt popular, and hitting MILLIONS, hackers wouldnt care, its why you dont see malware on ios desktop vs windows desktop, simple share. And the fact that it works."

Really...you've never seen malware on ios? I for one, have, and I'll say this. After trying to fix an issue on IOS, I will gladly pay to not do it again. You are correct, it is difficult for it to enter IOS, BUT ITS ALSO DIFFICULT TO GET OFF AS WELL. But you can try to speak wonders about IOS anytime you like, I got the time, if you have the knowledge.

posted on 16 Sep 2014, 11:09 12

10. Ninetysix (Posts: 2461; Member since: 08 Oct 2012)


Source: Forbes

Yep.

posted on 16 Sep 2014, 11:12 12

14. JMartin22 (Posts: 1984; Member since: 30 Apr 2013)


Lol Forbes, the most biased PoS pro-Apple website.

posted on 16 Sep 2014, 11:20 8

18. Ninetysix (Posts: 2461; Member since: 08 Oct 2012)


Phew. Good to know this is just a made up propaganda since it's from Forbes. Metasploit and other sites are reporting the same though so I'm not sure if they are Pro-apple as well.

posted on 16 Sep 2014, 11:33 6

28. JMartin22 (Posts: 1984; Member since: 30 Apr 2013)


Only time you praise or believe something is when it reaffirms your blind, one-sided notion. For the record, sites like this also parrot information like this from the original source

posted on 16 Sep 2014, 11:37 3

32. Armchair_Commentator (Posts: 222; Member since: 08 May 2014)


are you talking about yourself or someone else?

posted on 16 Sep 2014, 11:38 2

33. Ninetysix (Posts: 2461; Member since: 08 Oct 2012)


All good brosephine. I'm running 4.4.2 on my Galaxy S4.

posted on 16 Sep 2014, 13:45

64. tedkord (Posts: 12312; Member since: 17 Jun 2009)


I don't think Forbes is Apple biased - they did rank Google as more innovative than Apple. The thing is, when that happened, Apple fans were questioning Forbes' veracity.

Moral : there are rationalizers on both sides of the court.

posted on 16 Sep 2014, 11:22

21. elitewolverine (Posts: 5188; Member since: 28 Oct 2013)


and source, JMartin22, blind to reality...just saying

posted on 16 Sep 2014, 11:58 4

40. swiekekodok (Posts: 58; Member since: 19 Jul 2014)


Damn,....are u iZombie fanboy?

posted on 16 Sep 2014, 13:30

56. elitewolverine (Posts: 5188; Member since: 28 Oct 2013)


Yup so much so i own none of their devices and refuse to own one as well.

Current choice of phone is a wp as my daily driver, and a note 3 as a 'just cause' device.

posted on 16 Sep 2014, 11:43

36. darkkjedii (Posts: 22147; Member since: 05 Feb 2011)


Yet here you are trolling on it as usual.

posted on 16 Sep 2014, 12:15 9

44. JMartin22 (Posts: 1984; Member since: 30 Apr 2013)


Still camping? I hear that iPhone has another 3 weeks to go

posted on 16 Sep 2014, 10:55 4

3. madmikepr (Posts: 138; Member since: 09 Aug 2011)


"Any Android User not Running Android 4.4"...
Ok I'm Good To Go
HTC One M8

posted on 16 Sep 2014, 10:56 5

4. blackberry_Boy (Posts: 213; Member since: 27 May 2014)


And that's one of the reason's why I went back to IOS and want a blackberry again because of stupid shyt like this

posted on 16 Sep 2014, 11:38 1

34. lalalaman (Posts: 631; Member since: 19 Aug 2013)


A windows phone? It might be a better option than android and ios in security other than BlackBerry, and better in feature than BlackBerry

posted on 16 Sep 2014, 14:59

74. meanestgenius (Posts: 13104; Member since: 28 May 2014)


Windows Phones do not have better features than BlackBerry's. Windows Phones don't even support true multitasking or have systems access in their file manager.

posted on 16 Sep 2014, 13:27 3

54. marbovo (Posts: 658; Member since: 16 May 2013)


Thats is not the reason, you don't need to lie

posted on 17 Sep 2014, 07:43

91. GeorgeDao123 (Posts: 431; Member since: 20 Aug 2013)


Well, you're about to be popular soon. Your nude photos will be leaked.

posted on 16 Sep 2014, 11:03 15

6. MrKoles (Posts: 368; Member since: 20 Jan 2013)


If this is a privacy disaster, what would you, Phonearena, call the iCloud issue?

posted on 16 Sep 2014, 11:37 7

31. register (unregistered)


Thats not a privacy disaster. The users used it wrong.

posted on 16 Sep 2014, 12:48

49. wyrishman (Posts: 39; Member since: 11 May 2014)


Haha those were my thoughts too.

posted on 17 Sep 2014, 07:56

92. MrKoles (Posts: 368; Member since: 20 Jan 2013)


Keep telling this yourself

posted on 16 Sep 2014, 11:40 3

35. Commentator (Posts: 3709; Member since: 16 Aug 2011)


They called it "the celebrity scandal that engulfed Apple."

Source:http://www.phonearena.com/news/Apple-will-now-inform-you-if-your-iCloud-account-has-been-accessed-from-the-web_id60441

* Some comments have been hidden, because they don't meet the discussions rules.

Want to comment? Please login or register.

Latest stories