froyo-gingerbread

Android 2.3 Gingerbread security flaw reveals microSD contents to hackers

January 31, 2011 - Written By Chris Yackulic

Xuxian Jiang, a computer security researcher at a North Carolina State University, has discovered a security vulnerability in Google’s latest OS release, Android 2.3 (Gingerbread).

The bug gives hackers access to user data, similar to an issue that was rectified in previous OS versions, but it seems to have been overlooked with 2.3. It basically takes the clicking of a link with malicious code attached, but once clicked hackers have the ability to scan all the files on your phone’s microSD memory card, then pick up personal data: photos, applications, voicemails, online banking details, and then upload the files to a remote server.

There have been a couple of ideas suggested to avoid being compromised by this in the wild, however both ideas have an impact on other features. The first it to disable or remove your microSD card, but this may stop you from saving photos or having enough storage capacity. The next  suggestion was to disable JavaScript on your Android browser, but this will stop you loading websites that require JavaScript functionality.  The least disruptive method would be to use a completely different third-party browser, such as Firefox.

A spokesperson from Google has said that they had been contacted by Jiang about the flaw a couple of days ago and that Google has now developed a fix that will be rolled out in an upcoming Android 2.3 maintenance upgrade. However, no confirmation of a date for the update has been given.

Source: Engadget, eWeek