Android Phones Hit By SD Card Data Stealing Flaw

By SpiderGroup

24 Nov 2010

Well it wasn’t long ago that we Tweeted about Android suffering with a Trojan masked as a game which went around stealing user information from people who bought Android handsets. Well it seems as if Google are now currently working very hard to fix an issue for a zero-day flaw which allows hackers to deal data from an Android user’s S""D card.

Thomas Cannon, a security researcher discovered the Android data stealing vulnerability and reported it to Google last week before posting details on his blog.

The flaw works only is a user visits a specially crafted malicious site subsequently allowing the hacker to know the name and path of the file they want to steal. Not only this but with the release of newer firmware for Android, apps store data with consistent names on the SD card.

Thomas Cannon went on to say “It is also not a root exploit, meaning it runs within the Android sandbox and cannot grab all files on the system, only those on the SD card and a limited number of others,” he said.

The malicious website runs JavaScript without prompting the user when a file is opened.

“While in this local context, the JavaScript is able to read the contents of files and other data,”

Google said: “We’ve developed a fix for an issue in the Android browser that could, under certain circumstances, allow for accessing files on a user’s SD card. We’re working to issue the fix to our partners and the Android community,” the firm said in a statement.

-Source V3 

For more information, call us on 0117 933 0570 or fill in our contact form and we’ll get back to you.

This site doesn't support mobile landscape mode.
Please rotate back to portrait mode.