A computer security researcher released code November 4 that could be used to attack some versions of Google’s Android phones over the Internet. The attack targets the browser in older, Android 2.1-and-earlier versions of the phones.
It was disclosed November 4 at the HouSecCon conference in Houston by a security researcher with Alert Logic. The researcher said he has written code that allows him to run a simple command line shell in Android when the victim visits a Web site that contains his attack code.
The bug used in the attack lies in the WebKit browser engine used by Android. Google said it knows about the vulnerability. “We’re aware of an issue in WebKit that could potentially impact only old versions of the Android browser,” a Google spokesman confirmed in an e-mail. “The issue does not affect Android 2.2 or later versions.” Version 2.2 runs on 36.2% of Android phones, Google says. Older phones such as the G1 and HTC Droid Eris, which may not get the updated software, could be at risk from this attack. Android 2.2 is found on phones such as the Droid and the HTC EVO 4.
Source: http://www.computerworld.com/s/article/9195058/Researcher_releases_Web_based_A%20ndroid_attack
No comments:
Post a Comment