The Inquirer-Home

Android SD card exploit exposed

Javascript vulnerability gives read access
Wed Nov 24 2010, 11:34

A JAVASCRIPT VUNERABILITY in Android has been found that allows dodgy websites to retrieve data from a smartphone's SD card.

The flaw was discovered by insecurity researcher Thomas Cannon and in his spare time he also posted a "proof of concept exploit" using Android 2.2 on an HTC Desire smartphone.

The Android browser automatically downloads files and Javascript can be used to access the payload information locally. The browser can also run Javascript and provide read access to the files without letting users know.

It's only possible to retrieve data from the SD card on smartphones if the directory path is already known.

"However, a number of applications store data with consistent names on the SD card, and pictures taken on the camera are stored with a consistent naming convention," said Cannon. That means hackers can easily access the data.

Though Cannon used Android 2.2 on an HTC Desire smartphone for proof of concept, the exploit will work on any smartphone running any version of Android. However, the flaw runs in the Android sandbox so it's not a root exploit and thus can't be used to steal any file from a phone, only those on the SD card.

Cannon has already alerted Google's Android Security Team, which is working on a fix, but he thinks the fix will still leave a huge number of users vulnerable.

"Not all OEMs are providing Android OS updates to all of their devices, and the ones that are we have seen are not always doing it in a timely fashion," he said.

"There may be legitimate reasons for this but the bottom line is there will still be a great deal of devices exposed for quite some time or perhaps forever." µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015