Home / Mobile Operating System / Android / Android 2.1 & earlier versions are vulnerable to web attack

Android 2.1 & earlier versions are vulnerable to web attack

This post is contributed by AntiVirus365.net

You might want to be careful the next time you visit an unknown website on your Android mobile device. A computer security researcher has discovered a bug that could be used to attack some versions of Google’s Android device over the internet.

According to M.J. Keith, a security researcher with Alert Logic, the attack targets the browser in older, Android 2.1-and-earlier versions of the phones. The bug used in Keith’s attack lies in the WebKit browser engine used by Android.

But thanks to how Android operating system is built, the browser exploit does not allow full, root access to a hacked phone. But the hack gives access to anything that the browser can read including browser history, SD card and more.

The issue does not affect Android 2.2 or later versions but only about 36% of the Android devices in the market runs version 2.2.

Third party Android browsers such as the Skyfire and Opera Mini are probably safe from these attacks.

Google is aware of this vulnerability but declined to comment.

Read: Researcher outs Android exploit code

Technical details of the exploit can be found here- Android 2.0-2.1 Reverse Shell Exploit

About Kugan

Kugan is the founder of MalaysianWireless. He has been observing the mobile industry since 2003. Connect with him on Twitter: @scamboy

Check Also

Is Xiaomi Collecting Private Data on Smartphones & Apps?

Forbes raised concerns that, Xiaomi, a Chinese smartphone maker is collecting private data from its user's smartphone phone. Xiaomi denied the claims.


IP Addresses from Malaysia involved in exploiting Flaw in Twitter

Twitter security incident involved "high volume of requests coming from individual IP addresses located within Malaysia," among other countries.


Malaysia Police (PDRM) can Intercept your Voice Calls/SMS, check your Handphone

Malaysia Police (PDRM) has the power to check your smartphone, intercept/record all you communications including voice calls, SMS and Internet.