closedownarrowexternal-linklogo-verticalmenu-barsearch Skip to main content
  1. uSwitch.com
  2. News
  3. 2010
  4. November
  5. New Android browser flaw allows malicious sites to steal SD card data

New Android browser flaw allows malicious sites to steal SD card data

New Android browser flaw allows malicious sites to steal SD card data

An eagle-eyed Android user has discovered a new vulnerability in the operating system that allows malicious websites to steal data stored in an SD card.

Security expert Thomas Cannon exposed a flaw in the stock Android browser that could be exploited by crafty websites to read local files stored on the SD card.

It involves the attacker sending an HTML file embedded with nasty JavaScript code that the browser executes without the user’s permission. The script then redirects contents of files and other data on the card back to the attacker’s server.

Cannon explained: "I came across the vulnerability while doing some independent security research and writing a JavaScript-based demo to show a weakness in the way some applications share data via Android's Content Providers.

"I was surprised that an HTML page with JavaScript could query the content providers and realised that this could be triggered by a malicious site."

Cannon reported the flaw to Google, which promptly acknowledged the problem.

It said in a statement: “We've developed a fix for an issue in the Android browser that could, under certain circumstances, allow for accessing files on a user's SD card.

“We're working to issue the fix to our partners and open source Android.”

The fix is expected to arrive with the next Android update, version 2.3, AKA Gingerbread. In the meanwhile, our advice to Android users would be to keep a watchful eye on sites they visit from their phones and to stay on the safe side, disable JavaScript on the browser until Gingerbread arrives next month.

Sign up for updates

Join our email list to get the inside line on the latest phones and money-saving offers. And we’ll help you make informed buying decisions with handset reviews and consumer guides too.

Latest news:

Sign up for updates

Join our email list to get the inside line on the latest phones and money-saving offers. And we’ll help you make informed buying decisions with handset reviews and consumer guides too.

back to top