Thomas Cannon, a security expert, found a security hole in the stock Android browser. This hole allows for third-party software to read/copy data from the SD card, just through some clever HTML coding. He explains it as follows:
- The Android browser doesn't prompt the user when downloading a file, for example
"payload.html", it automatically downloads to
He was asked to remove some details from this list, so that the exploit would not be so easy for would-be hackers.
After these issues were brought to the big Goog's attention, it was verified by Heise Security. Apparently the very-soon-upcoming release of 2.3 Gingerbread will address this security threat. In the meantime, be wary of evil websites and HTML-embedded emails sent from strangers (or enemies).
This exploit is detailed below in the video.