Share

Android Drive-by Attack

Users who still have Android 2.0 and 2.1, beware. Your phone has high vulnerability of being exploited. This was released on Thursday by MJ Keith, in a presentation called “Better Watch Your Apps” that was held at the National Security Information Group HouSecCon conference in Houston.

This presentation showed that by using the Android browser, users could access a malicious site, and then by using a drive-by attack the shell remote script could be used to run a command line. If successful, someone could gain control of the Android browser, but due to sandboxing in the Android operating system, the attacker would only go as far as the browser would let them. This vulnerable exploit stems from WebKit, which is an open source rendering engine used in Android and also iPhone browsers.

Google is aware of the problem with WebKit that could potentially affect older versions of the Android browser. The good news from all of this is that those who have Android 2.2 are not affected as of yet. No more details have been released of what Google is doing to fix the exploit for the older versions.