Android security flaw affects millions of users

By Silky Malhotra | Published on 16 Sep 2014
HIGHLIGHTS

A security flaw in Android makes 75 percent of devices vulnerable to hackers.

Android security flaw affects millions of users

OnePlus TV 32Y1 - Smarter TV

Android TV with superior craftsmanship and elegant design - Buy Now

Click here to know more

Advertisements

Security experts have discovered a new flaw in Android browser that allows attackers to run scripts that can read the contents of any open tab and harvest private data. The security flaw affects Android devices running any version prior to 4.4.

The flaw was first reported by ethical hacker and blogger Rafay Baloch, who has tested it on a variety of devices, since then his findings have further been confirmed by others in the security industry. According to Google's own analytics, this affects at least 75 percent of all Android users as very large proportion of new phones also ship with Android 4.3 or lower.

According to reports the problem relates the Single-Origin Policy, which can be bypassed for the Android browser by deliberately feeding it a malformed instruction which allows scripts to be run without supervision. This simple exploit allows attackers to read data even from secure sites once they are opened, and redirect the data to any external site.

According to Baloch, "A SOP bypass occurs when a siteA.com is some how able to access the properties of siteB.com such as cookies, location, response etc. Due to the nature of the issue and potential impact, browsers have very strict model pertaining it and a SOP bypass is rarely found in modern browsers, however, they are found once in a while."

Google has not yet responded to the disclosure.

CISCO's annual Security report has stated that 99 percent of all mobile malware in 2013 targeted Android devices. According to a report by Trend Micro mobile malware threats will remain a growing concern and will continue to increase in 2014. Read: Google increases Android security with continuous malware scanning

Source: Rafay Baloch

logo
Silky Malhotra

Advertisements

Trending Articles

Advertisements

latest articles

View All
Advertisements

Top Products

Popular Mobile Phones

View All
hot deals amazon

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.

DMCA.com Protection Status