Results 1 to 3 of 3

Thread: Security Expert Warns of Android Browser Flaw

  1. #1
    Senior Member
    Join Date
    Mar 2009
    Location
    USA
    Posts
    5,552
    Thanks
    364
    Thanked 2,241 Times in 1,111 Posts
    Blog Entries
    8

    Security Expert Warns of Android Browser Flaw


    Android Data Stealing Vulnerability

    While doing an application security assessment one evening I found a general vulnerability in Android which allows a malicious website to get the contents of any file stored on the SD card. It would also be possible to retrieve a limited range of other data and files stored on the phone using this vulnerability.

    The vulnerability is present because of a combination of factors. I’ve been asked nicely to remove some details from the following section, and as my intention is to inform people about the risk, not about how to exploit users, I’ve agreed:

    * The Android browser doesn’t prompt the user when downloading a file, for example "payload.html", it automatically downloads to /sdcard/download/payload.html
    * It is possible, using JavaScript, to get this payload to automatically open, causing the browser to render the local file.
    * When opening an HTML file within this local context, the Android browser will run JavaScript without prompting the user.
    * While in this local context, the JavaScript is able to read the contents of files (and other data).

    Then, once the JavaScript has the contents of a file it can post it back to the malicious website. This is a simple exploit involving JavaScript and redirects, meaning it should also work on multiple handsets and multiple Android versions without any effort.

    complete article

    source - Android Data Stealing Vulnerability | thomascannon.net
    Last edited by Stomp_442; 11-28-2010 at 11:40 AM.

  2. 1 User Says Thank You Stomp_442 For This Useful Post


  3. #2
    New Member
    Join Date
    Jan 2015
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Bowling didn't drop details on what the first batch of content would contain, though he did hint MW3 DLC would cover a wide spectrum, including Spec Ops and "a variety of things that players have never seen before.........!!!!!!!!!!!!
    kaleem

  4. #3
    WiiHacks Staff
    Only Site Donators Can PM Staff
    Senior Moderator
    Pob3008's Avatar
    Join Date
    Nov 2009
    Location
    Liverpool
    Posts
    6,846
    Thanks
    928
    Thanked 2,117 Times in 1,492 Posts
    Blog Entries
    13
    Thread from 2010?

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •