Share

Related Links

  • Alert Logic
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

Top 5 Stories

News

Google Android security exploit made fully public by ITsec researcher

12 November 2010

An IT security researcher has reportedly released the source code that could allow a hacker to gain remote access to a Google Android smartphone across the internet.

The researcher – MJ Keith of Alert Logic – apparently released the attack code, which he had previously talked about with journalists, at the HouSecCon security conference yesterday in Houston, Texas.

Reporting on this interesting turn of events, Robert McMillan of Techworld, said that the attack code could be used to compromise Android 2.1 – and earlier – driven smartphones.

"Keith says he has written code that allows him to run a simple command line shell in Android when the victim visits a website that contains his attack code", he said.

As previously reported by Infosecurity, the security bug centres on a flaw in the WebKit browser engine used by the Google Android smartphone operating system, as well as Google's Chrome web browser client.

The exploit's modus operandi appears to be similar to the 'onmouseover' flaw seen on Twitter back in September.

McMillan quotes Google as being aware of the flaw, but cites the company as saying it only affects older versions of the smartphone operating system, noting that Android 2.2 is running on more than 36% of Android smartphones.

There appears to be a spot of good news, however, as McMillan claims that, since "Android walls off different components of the operating system from each other, Keith's browser exploit does not give him full, root access to a hacked phone."

"But he can access anything that the browser can read", he noted.

This article is featured in:
Application Security  •  Internet and Network Security  •  Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×