The researchers identified the Android mobile OS flaw by testing a Samsung Nexus S device installed with Gingerbread using a proof-of-concept exploit code, according to a release by the EC-Council.
Attackers can exploit the Android flaw by tricking users into clicking on a malicious link, which then executes a malicious code on their phones. The malicious code would enable the attackers to open, view, and upload files, photos, voicemails and applications stored in the microSD card.
Google has not yet issued a patch for the flaw, the released noted. Earlier patches were issued for similar flaws in the previous versions of Android. Security professionals are advising Nexus S users to disable Javascript or install a different web browser such as Firefox to safeguard personal information. A fix could be included in the Android 3.0 operating system, which will be called Honeycomb, set for release this year, the EC-Council added.
Google just introduced the Gingerbread operating system in December. The new system is designed to prevent clickjacking by giving app developers the ability to enable touch filtering, notes Infosecurity.
The company said that, when enabled on Android 2.3 devices, the touch filtering “will discard touches that are received whenever the view's window is obscured by another visible window. As a result, the view will not receive touches whenever a toast, dialog or other window appears above the view's window.”