Monday, March 27, 2023

Android 2.1 & earlier versions are vulnerable to web attack

This post is contributed by

You might want to be careful the next time you visit an unknown website on your Android mobile device. A computer security researcher has discovered a bug that could be used to attack some versions of Google’s Android device over the internet.

According to M.J. Keith, a security researcher with Alert Logic, the attack targets the browser in older, Android 2.1-and-earlier versions of the phones. The bug used in Keith’s attack lies in the WebKit browser engine used by Android.

But thanks to how Android operating system is built, the browser exploit does not allow full, root access to a hacked phone. But the hack gives access to anything that the browser can read including browser history, SD card and more.

The issue does not affect Android 2.2 or later versions but only about 36% of the Android devices in the market runs version 2.2.

Third party Android browsers such as the Skyfire and Opera Mini are probably safe from these attacks.

Google is aware of this vulnerability but declined to comment.

Read: Researcher outs Android exploit code

Technical details of the exploit can be found here- Android 2.0-2.1 Reverse Shell Exploit

Kugan is the co-founder of MalaysianWireless. He has been observing the mobile industry since 2003. Connect with him on Twitter: @scamboy

Related Articles

Stay Connected with Us


Hosted at AIMS Data Centre


Latest Articles