Another Exploit Found in Android’s Web Browser

Another Android browser exploit (via PC World) has been revealed. Reported by Thomas Cannon, security expert, the exploit allows malicious web pages to download SD card content and various system files to an online server. Android users, in particular, are vulnerable to this malicious hacker exploit. The flaw arises because of Android’s failure to prompt the user to allow the downloading of files.
“This is a simple exploit involving JavaScript and redirects, meaning it should also work on multiple handsets and multiple Android versions without any effort.”
The exploit has been tested and has worked on the HTC Desire, Galaxy Tab, and Nexus One. The exploit seems to be on all of the latest devices that have the Android browser.
[vimeo]http://vimeo.com/17030639[/vimeo]
Cannon received a quick response to his findings. Within 20 minutes of his post, he received notification that the exploit will be fixed with a patch that is being evaluated now for the new Gingerbread update.
It should be noted that this exploit, just as the ones before it, does not give full root access–only SD card and limited system data are vulnerable. The malicious user must also know the exact file path and directory in order to get your info.
Tips to help protect your device:
  1. Disable JavaScript in the Android browser
  2. Unmount SD card while using the browser
  3. Use alternate browser, such as Opera, which prompts users before download

Nowadays, with all our information being saved on our phones, it makes them prime targets. Keep up-to-date with exploits on our beloved Android by following the latest and greatest news at AndroidGuys.com.

About author

AndroidGuys
AndroidGuys 4627 posts

Founded on November 5, 2007, we've enjoyed bringing you the latest in Android news and rumors. Updated daily, we strive to deliver reviews, opinions, and updates on all things related to Android.

You might also like

News and Rumors

Office Depot lists 8GB Samsung Galaxy Tab 2 (10.1) at $399

Office Depot appears to be the first retail chain to offer up a price for Samsung’s upcoming successor to the Galaxy Tab 10.1.  The  8GB version of the Galaxy Tab

News and Rumors

WiMax Deal the Biggest Victory for Android Yet?

Today sees a monumental event in the wireless industry. Along with partners Intel, Time Warner Cable, Comcast, and Bright House Networks, Google has ponied up a share of a $3.2

News and Rumors

Another Unknown HTC Device Spotted in Wilds Of Taipei

A second HTC phone has been found in the wild today, looking very similar to the leaked devices from a week ago.

2 Comments

  1. Gary
    November 29, 14:37 Reply

    They need to put the browser on the Market so they can fix these things without a system update.

    • Benjamin Rubenstein
      November 29, 14:46 Reply

      Agreed. I’m sure it’ll happen eventually. That seems to be the direction Google is taking to make fragmentation a moot point.

Leave a Reply