We use cookies on our websites. Information about cookies and how you can object to the use of cookies at any time or end their use can be found in our privacy policy.

Researcher Exposes MicroSD Security Vulnerability In Android 2.3

Researcher Exposes MicroSD Security Vulnerability In Android 2.3

Xuxian Jiang, a computer security researcher at North Carolina State University discovered a security issue with Android 2.3 while conducting "an Android-related research project" which allows an attacker to access information stored on the unlucky user's microSD card, including photos, personal and financial information, voicemails, and videos.

According to the source, the attack can occur by just selecting a link on a malicious site and can also find out what apps are installed on the phone.

Perhaps even more alarming is that the nature of the vulnerability is apparently not new. Last year, a similar exploit was uncovered for Android 2.2, which Google fixed. However, Jiang was able to bypass the fix used in Gingerbread.

Google told eWeek that Mr. Jiang has already contacted them about the vulnerability and that a fix is being made, which should be released in the next official update. In the mean time, there are ways for Gingerbread users to protect themselves.

Jiang explains that to protect themselves from the exploit, users can unmount the sdcard (not recommend), disable javascript, or use "a third-party browser for the time being." Finally, just be careful about what sites you choose to visit.

I'll personally be taking no steps against this vulnerability other than being a little more careful about which sites I visit. However, that doesn't mean that others users shouldn't be concerned, as I have uncovered no evidence whether or not the vulnerability is already being exploited for malicious intent.

If anyone asks you whether there are security risks within Android, don't hesitate to use this case as an example.

Image from Engadget

Source: Engadget

Recommended articles


Write new comment:
All changes will be saved. No drafts are saved when editing
Write new comment:
All changes will be saved. No drafts are saved when editing

  • Exactly. The people making the malicious software will want the biggest bang for their buck, so they'll target the most used OSes. I'm surprised that I don't hear more about vulnerabilities in iOS devices though. You'd think with their popularity, they' be attracting their own amount of malware. The microSD card function obviously isn't there, but they could be targeted in other ways...

  • There's security risks for all os's. Even apple's os has vulnerabilities, it's when an os has a large share of the market that people make malicious software to attack it.