New Android bug called a 'privacy disaster'

New Android bug called a 'privacy disaster'
Any Android user not running Android 4.4 is at risk for a bug that researchers are calling a "privacy disaster". And while that leaves 3 out of every 4 Android users as possible targets, the actual number of vulnerable Android devices is a lot lower since this bug right now, only affects those who are using the Android Open Source Platform browser.

The bug enters the 'bloodstream' of your Android device when you direct the browser to a specially designed website that injects infected javascript into your phone, bypassing the SOP protection used by most of today's browsers to protect such an occurrence from happening. Once your phone is infected, it can be controlled. According to one security researcher, "If I can do that, I can do all sorts of things; scrape web pages, read password fields, hijack a session."

Another researcher, Rafay Baloch, discovered the bug at the beginning of the month. So far, he has successfully exploited a number of older Android models like the Samsung Galaxy S III, Motorola DROID RAZR, Sony Xperia tipo, the HTC Evo 3D and the HTC Wildfire. And the chances are, things are going to get worse. The exploit code has been uploaded to Metasploit. This software is used by hackers to break into places they shouldn't be in. And according to a University professor, this exploit allows access to all of your private data. Hopefully, Google is working on a way to exterminate this rather "nasty bug".


source: Forbes

FEATURED VIDEO

93 Comments

93. rallyguy

Posts: 620; Member since: Mar 13, 2012

I don't know anyone who uses the stock browser.

90. drunkenjay

Posts: 1705; Member since: Feb 11, 2013

lol for some reason, it feels like android lamb are hacking apple software while apple lamb are hacking android software. edit: didnt know lamb (sh**p) was an offensive word LOLLLL this world where i cant say an animal anymore -o-

89. AlikMalix unregistered

This is just overhype to sell ads. The risk may be real, but I doubt 97% of android users would be affected. We'll have to see follow up reports to make any judgement yet or to troll. I bet we never hear about this again.

88. edelxander

Posts: 58; Member since: Oct 01, 2013

so android users, better start saving those nudes on icloud then.. it got the most secure feature.

87. Venkatramanan

Posts: 327; Member since: Aug 15, 2014

This is the problem we need to face, if we want more openness. I normally wont do any banking in my android device.Each OS has blind supporters who accuses other camp for their problems too. If any article which points out some problem in their favorite OS, It does not mean that they support other camp. All the OS / OEM fans are like that. We need to use our brains to analyse that why do we defend.

86. gigaraga

Posts: 1454; Member since: Mar 29, 2013

Is this article supposed to promote the new iToys? It feels like it does the way its structured with other news.

82. Whateverman

Posts: 3295; Member since: May 17, 2009

Has anyone else noticed that there is always a new malware scare for Android phones right before a new iPhone comes out? Not saying the treat isn't real, not saying PA is biased. Just saying an article like this always comes out a week or so before the new iPhone gotta on sale. Interesting!

75. strudelz100

Posts: 646; Member since: Aug 20, 2014

Why are people concerned about this when they hand over ALL of their data voluntarily to Google? Google exists by selling this data, and built Android and maintains GApps to keep all of your data flowing in. Which is pretty much the plan for the exploiters of this bug. Yet another plus of using Stock Android and Nexus devices for proper security updates. Or Windows Phone and iPhone.

77. wilsong17 unregistered

Where is your Info selling so I can make a fake id

78. strudelz100

Posts: 646; Member since: Aug 20, 2014

Ask Google.

81. tedkord

Posts: 17544; Member since: Jun 17, 2009

We did. They aren't selling or data. They are selling anonymous aggregate data that doesn't identify any particular person.

73. naittosan

Posts: 243; Member since: Jun 28, 2014

Just another reason I'm switching to Apple

63. Aboodbanafa

Posts: 27; Member since: Apr 25, 2014

Thank god I am a WP and ios user.

57. roscuthiii

Posts: 2383; Member since: Jul 18, 2010

Wow Alan, a lot of what amounts to "air quotes" in that "article"... Someone feeling a little "red around the rim" lately??? I'd have to double check with the source material, but this seems less like an Android bug, more like a JavaScript exploit as this type of thing can happen if a person visits "those types" of websites on a regular PC. If you can, check your browser settings... disable JavaScript. Unless you need it for something specific, you probably won't even notice it's off. The option is available in just about all browsers nowadays. That being said, if this bug circumnavigates JS being disabled, then yes, by all means it's a serious Android bug.

55. LikeMyself

Posts: 631; Member since: Sep 23, 2013

Concerns only AOSP roms like the ones in Chinese products!! Check this:http://www.androidauthority.com/material-design-award-ux-525912/

52. KonaStang4.6

Posts: 285; Member since: Nov 04, 2011

The AntiApple squad is out in full effect today...lol

51. wilsong17 unregistered

I find this really ironic just in time so people switch to the new iPhone and believe android is full of malware

50. Taters

Posts: 6474; Member since: Jan 28, 2013

Lol phone arena. Delete the positive Android articles and create more negative ones. I have to hand it to Apple though. Their cult spreads to the right places that give them great PR.

43. yowanvista

Posts: 341; Member since: Sep 20, 2011

Sounds like BS, the AOSP browser is obsolete and hasn't been maintained for years and it doesn't even ship on those Jelly Bean devices. It's up to OEMs like Samsung to fix their AOSP browser forks that shipped with their GB/ICS firmware. You honestly can't designate that an 'Android bug' since it affects a discontinued component of AOSP that is no longer being worked on by Google.

48. JMartin22

Posts: 2428; Member since: Apr 30, 2013

Leave it to the tech media to muck up that distinction.

79. strudelz100

Posts: 646; Member since: Aug 20, 2014

When most users are using said Samsung devices and AOSP browser; it affects Android's image as a whole. Common sense. Not technicalities.

42. Blitz

Posts: 17; Member since: Dec 02, 2013

I have noticed, this specifc author's articles are always biased towards Android.

38. Scott93274

Posts: 6044; Member since: Aug 06, 2013

Seeing as this is only affecting folks with Android < 4.4 & running basic run of the mill web browser, I highly doubt that any regular visitor of this site is affected. Oddly enough, even though 3 out of 4 people are at risk by this gaping hole, Google's stock is up today. I swear the Stock market makes no sense to me.

80. strudelz100

Posts: 646; Member since: Aug 20, 2014

< 4.4 and AOSP Browser affects 90+% of Samsung devices. Just saying.

30. register unregistered

Still I will choose Android over that revolutionary phone.

24. rockvw62

Posts: 3; Member since: Jun 21, 2012

Who uses the aosp browser anyway? People over 60 who most likely would never visit the specific bug site anyway?

39. Scott93274

Posts: 6044; Member since: Aug 06, 2013

I don't know. Working in the IT field, I see people do some really stupid stuff. ...Really stupid stuff....

58. Ashoaib

Posts: 3309; Member since: Nov 15, 2013

same here... there are many great scientist in my company and sometime I wonder(sometime they wonder) that among which people I am working :)

23. Cicero

Posts: 1166; Member since: Jan 22, 2014

Yep. PA is more close to iPropaganda. Why not to use Chrome or other stabil web browser? And this article it is writed like a scary movie with parts of the reality of day to day use.

29. elitewolverine

Posts: 5192; Member since: Oct 28, 2013

because the vast populace, sees the stock internet/browser that comes with the phone, and doesnt care as long as they get to the web.

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless