Data Stealing Exploit Patched in Upcoming Gingerbread 2.3

November 26, 2010 - Written By Tal Schechter

Thomas Cannon, a security expert, found a security hole in the stock Android browser. This hole allows for third-party software to read/copy data from the SD card, just through some clever HTML coding. He explains it as follows:

  • The Android browser doesn’t prompt the user when downloading a file, for example"payload.html", it automatically downloads to /sdcard/download/payload.html
  • It is possible, using JavaScript, to get this payload to automatically open, causing the browser to render the local file.
  • When opening an HTML file within this local context, the Android browser will run JavaScript without prompting the user.
  • While in this local context, the JavaScript is able to read the contents of files (and other data).

He was asked to remove some details from this list, so that the exploit would not be so easy for would-be hackers.

After these issues were brought to the big Goog’s attention, it was verified by Heise Security. Apparently the very-soon-upcoming release of 2.3 Gingerbread will address this security threat. In the meantime, be wary of evil websites and HTML-embedded emails sent from strangers (or enemies).

This exploit is detailed below in the video.