MicroSD Access Vulnerability in Android 2.3/Gingerbread

[dgstorm]

A security vulnerability that allows a hacker to access personal information when the user simply clicks on a web-link with their Android phone has been found by Xuxian Jiang, a computer security researcher at NC State University. The exploit allows a malicious Web-site to read and upload the entire contents of the phone’s microSD card, including saved voicemails, photos or online banking data. This vulnerability is similar to one found on all previous versions of the Anroid OS, and Google thought they had it fixed with Gingerbread. Unfortunately, Mr. Jiang found a way to bypass their new security measures. According to Sources, the best option to protect yourself from this vulnerability is to switch to a third-party browser, such as Firefox, until Google develops a fix.

Yikes! It's a good thing it was found by a researcher before some unscrupulous Malware hacker figured it out.

Source: Engadget

 

[bazar6]

... Yikes! It's a good thing it was found by a researcher before some unscrupulous Malware hacker figured it out.

Source: Engadget

Unless they already have, and we just don't know about it. You said use an alternate browser like firefox.. I guess it's just an issue with the stock browser? Too bad firefox isn't supported by Droid1. DolphinBrowser it is!

 

[pdroid]

It's important to make clear - this vulnerability does not currently exist on Froyo?

 

[WenWM]

Maybe this explains why the Nexus S doesn't have an SD card slot Talk about conspiracy theories...

 

[brokali]

Does that mean I am safe with Miren browser?

Sent from my Droid using DroidForums App

 

[brokali]

I am using cm7

Sent from my Droid using DroidForums App

 

[s13_slider]

Woo! Skyfire!

 

[moosez3]

so wait froyo has this as well?

 

[Biggdogg76]

Does this include ROMS with Gingerbread parts like PE4.2? It is still using the FRG83D so I think it is technically Froyo. Anyone know?