November 1, 2014

Another Exploit Found in Android's Web Browser

Another Android browser exploit (via PC World) has been revealed. Reported by Thomas Cannon, security expert, the exploit allows malicious web pages to download SD card content and various system files to an online server. Android users, in particular, are vulnerable to this malicious hacker exploit. The flaw arises because of Android’s failure to prompt the user to allow the downloading of files.
“This is a simple exploit involving JavaScript and redirects, meaning it should also work on multiple handsets and multiple Android versions without any effort.”
The exploit has been tested and has worked on the HTC Desire, Galaxy Tab, and Nexus One. The exploit seems to be on all of the latest devices that have the Android browser.
Cannon received a quick response to his findings. Within 20 minutes of his post, he received notification that the exploit will be fixed with a patch that is being evaluated now for the new Gingerbread update.
It should be noted that this exploit, just as the ones before it, does not give full root access–only SD card and limited system data are vulnerable. The malicious user must also know the exact file path and directory in order to get your info.
Tips to help protect your device:
  1. Disable JavaScript in the Android browser
  2. Unmount SD card while using the browser
  3. Use alternate browser, such as Opera, which prompts users before download

Nowadays, with all our information being saved on our phones, it makes them prime targets. Keep up-to-date with exploits on our beloved Android by following the latest and greatest news at AndroidGuys.com.