Home > slashdot > Researcher To Release Web-Based Android Attack

Researcher To Release Web-Based Android Attack

November 4th, 2010 11:48 admin Leave a comment Go to comments

CWmike writes “A computer security researcher says he plans to release code Thursday that could be used to attack some versions of Google’s Android phones over the Internet. The attack targets the browser in older, Android 2.1-and-earlier versions of the phones. It is being disclosed Thursday at the HouSecCon conference by M.J. Keith, a security researcher with Alert Logic. Keith says he has written code that allows him to run a simple command line shell in Android (video) when the victim visits a website that contains his attack code. The bug used in Keith’s attack lies in the WebKit browser engine used by Android. Google said it knows about the vulnerability. ‘We’re aware of an issue in WebKit that could potentially impact only old versions of the Android browser,’ Google spokesman Jay Nancarrow confirmed in an e-mail. ‘The issue does not affect Android 2.2 or later versions.’ Version 2.2 runs on 36.2 percent of Android phones, Google says”

Source: Researcher To Release Web-Based Android Attack

Related Articles:

  1. Apple Delays Release of LGPL WebKit Code
  2. Code Used To Attack Google Now Public
  3. New Attack Uses Attackers’ Own Ad Network To Deliver Android Malware
  4. New JavaScript-Based Timing Attack Steals All Browser Source Data
  5. Researcher Claims To Have Chrome Zero-Day, Google Says “Prove It”
blog comments powered by Disqus