Android Bug Opens Memory Card to Remote Access

Advertisement

A recently-discovered Android vulnerability, affecting all current versions operating system, has the potential to let a malicious website access your phone’s memory card, reading any information that may be stored.

The bug is the result of several vulnerabilities in how the Android browser handles downloads to an external memory card. Someone exploiting these conditions could trigger the browser to automatically save a file containing JavaScript code to the card. Once that’s in place, the browser can be directed to open that local copy of the file, where the embedded JavaScript has open-access to other files stored on the memory card, able to read them as it pleases.

While personal documents and confidential business info are probably the most valuable targets to a ne’er-do-well using this avenue of attack, they’re thankfully also harder to get at. The JavaScript code needs to know just what it’s looking for; common files that are stored in the same places on many phones are the most vulnerable, whereas any personalization of the memory card’s directory structure will stymie the exploit.

Google is aware of the bug, and is expected to lock it down with the release of Gingerbread. Devices that don’t receive an Android 2.3 update or a specific patch for this bug will continue to remain vulnerable.

Source: Thomas Cannon

Via: Android Police

Share This Post
Advertisement
What's your reaction?
Love It
0%
Like It
0%
Want It
0%
Had It
0%
Hated It
0%
About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bitsRead more about Stephen Schenck!