New Android bug called a 'privacy disaster'

93comments
New Android bug called a 'privacy disaster'
Any Android user not running Android 4.4 is at risk for a bug that researchers are calling a "privacy disaster". And while that leaves 3 out of every 4 Android users as possible targets, the actual number of vulnerable Android devices is a lot lower since this bug right now, only affects those who are using the Android Open Source Platform browser.

The bug enters the 'bloodstream' of your Android device when you direct the browser to a specially designed website that injects infected javascript into your phone, bypassing the SOP protection used by most of today's browsers to protect such an occurrence from happening. Once your phone is infected, it can be controlled. According to one security researcher, "If I can do that, I can do all sorts of things; scrape web pages, read password fields, hijack a session."

Another researcher, Rafay Baloch, discovered the bug at the beginning of the month. So far, he has successfully exploited a number of older Android models like the Samsung Galaxy S III, Motorola DROID RAZR, Sony Xperia tipo, the HTC Evo 3D and the HTC Wildfire. And the chances are, things are going to get worse. The exploit code has been uploaded to Metasploit. This software is used by hackers to break into places they shouldn't be in. And according to a University professor, this exploit allows access to all of your private data. Hopefully, Google is working on a way to exterminate this rather "nasty bug".


source: Forbes
Create a free account and join our vibrant community
Register to enjoy the full PhoneArena experience. Here’s what you get with your PhoneArena account:
  • Access members-only articles
  • Join community discussions
  • Share your own device reviews
  • Build your personal phone library
Register For Free

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless