Android 2.3 Has Serious Security Vulnerability: Researcher

A computer security researcher from the North Carolina State University (NCSU) has revealed that he has come across serious security vulnerability in Android 2.3 – the latest version of Android OS for smartphones. Xuxian Jiang, the researcher figured out that the vulnerability could potentially give access to user data and details regarding installed applications. In fact, this vulnerability is similar to the one identified on previous versions of the OS – which was eventually plugged.

 The vulnerability seems to be caused by the SD card in the phone and according to Jiang, the only way to mitigate it currently is to remove the SD card or disable it. Now, that being an extreme step, users might want to disable Java Script on the default Android browser as an intermediate method. Another way to marginally safeguard you is by using an alternative browser for our Android phone – like Firefox, for example.

Jiang also states that the vulnerability can be exploited by prompting the user to click a simple link to a malicious website. The site can then eavesdrop on the data stored on your SD card which could include stuff like personal photos, voice mails and worse – online banking related data. The vulnerability could also allow attackers to find out all of the applications installed on a phone, and upload many of the applications onto a remote server – including all built-in applications.

Currently, the only device running Android 2.3 is the Nexus S and Jiang has confirmed that the device is affected by this bug. Incidentally, it was largely thought that Google had fixed a similar bug that affected older versions of Android. However, it seems on Android 2.3, the fix released by Google can be bypassed.

Now, that we know about this vulnerability, we hope Google fixes this one soon along with that nagging reboot bug on the Nexus S.

 

[Via NCSU]

Want to stay up-to-date? Subscribe to OnlyGizmos by Email!