IT Security-Researcher MJ Keith of Alert Logic has found an exploit in our beloved Android OS. This involves the use of an attack code “piggy backed” on a loading a web page. Once the attack code is on the host phone it allows “hacker” to run simple command line shell in the Android system.
The security flaw targets WebKit’s brower engine used by Google in their smart phones as well as Google Chrome’s web browser. Reported to only be affecting Android 2.1 and below.
The biggest fear of this current exploit is not the “attack code” itself but rather the “malware” the code may download onto the affected device. Giving the bug the ability to import/export files. Meaning your device is an unlocked door to the “hacker.” On the positive side the “hole” does not give full “root” access to the malicious app.
Unknown if this exploit is being actively used at this time, considering MJ Keith wrote it. He has made the exploit known to Google. Receiving a less than acceptable brush off statement that the exploit was resolved with Android 2.2 and that over 36% of Android smartphones run 2.2 therefore the exploit is targeting an outdated OS.
For the leader in “Open Sourced” community Google has been very reluctant to publish security holes or patch information. Leaving it’s users in the dark when it comes to the security of their devices. Thus us Android afficianados must rely on Android news sites to become “in the know” Hopefully this will change in the future until it does we will keep you posted.