Android

Android browser vulnerability plugged by Gingerbread

Ken N.
posted by Ken N.
Nov 24, 2010, 4:04 PM
Android browser vulnerability plugged by Gingerbread
Android has become a major player in the mobile community, and is on its way to being the #1 smartphone OS in the world. That also means it's become one of the most likely targets for hackers. Android users have uncovered a vulnerability, in which websites can gain unofficial access to all the information on your SD card.

It works like this: the Android browser doesn't prompt you for permission when it downloads a file. It then saves the file on your SD card, from which it can run JavaScript locally without permission. That JavaScript can then expose your data.

The discovery was originally made by Thomas Cannon, who found that these exploits gained access to whatever is stored on the SD card. For many, that just means music and apps, but it could also include personal photographs, or even sensitive business or personal information.

On the upside, the exploit isn't capable of mining just anything on your device. It has to know the name of what it's looking for, but that could still include ubiquitously named folders like "Music" and "Photos".

The Android team is working on a fix for Gingerbread (Android 2.3), which is expected to be announced on December 6th. Especially considering not all devices will be upgraded to Gingerbread at the outset, you should be wary of suspicious or unknown websites until you receive the update.

source: Android Community via SlashGear

Android Data Stealing Vulnerability from Thomas Cannon on Vimeo.

FEATURED VIDEO

Featured stories

T-Mobile is giving away five Pixel 4 XL handsets; here is how to enter the sweepstakes
T-Mobile is giving away five Pixel 4 XL handsets; here is how to enter the sweepstakes
Next-gen Samsung Galaxy Buds leak with all-new design, no silicone tips
Next-gen Samsung Galaxy Buds leak with all-new design, no silicone tips
Here's why we are on the way to $1500 phones
Here's why we are on the way to $1500 phones
Apple iPad Pro 2020 Review
Apple iPad Pro 2020 Review
Top 10 games with BEST graphics for Android and iOS
Top 10 games with BEST graphics for Android and iOS
The OnePlus 8 Pro 5G earns a best display award, and we have the tests to demo why
The OnePlus 8 Pro 5G earns a best display award, and we have the tests to demo why
Apple's iPhone 9 is coming soon as '2020 iPhone SE' in red, white, black
Apple's iPhone 9 is coming soon as '2020 iPhone SE' in red, white, black
Best wireless chargers for iPhone and Samsung Galaxy phones
Best wireless chargers for iPhone and Samsung Galaxy phones

Popular stories

The OnePlus 8 5G and 8 Pro price on Verizon or T-Mobile tipped by CEO
The OnePlus 8 5G and 8 Pro price on Verizon or T-Mobile tipped by CEO
This flagship phone hints how OnePlus 8 Pro will shame Galaxy S20 Ultra's 120Hz display
This flagship phone hints how OnePlus 8 Pro will shame Galaxy S20 Ultra's 120Hz display
All on the T-Mobile Sprint merger: plan price changes, 5G coverage, stores and prepaid
All on the T-Mobile Sprint merger: plan price changes, 5G coverage, stores and prepaid
Latest Samsung Galaxy Note 20 leak reveals huge design clue
Latest Samsung Galaxy Note 20 leak reveals huge design clue
The OnePlus 8 Pro 5G earns a best display award, and we have the tests to demo why
The OnePlus 8 Pro 5G earns a best display award, and we have the tests to demo why
T-Mobile's tech chief reveals changes in how subscribers are using its 4G and 5G networks
T-Mobile's tech chief reveals changes in how subscribers are using its 4G and 5G networks

Hot phones

Latest Stories

View more news
This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless