diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


Android Browser Remote Shell Exploit Released at HouSecCon

A security researcher M.J. Keith has released a code that could be used to attack Google’s Android phones running 2.1-and-earlier versions over the Internet at HouSecCon conference in Houston. Keith says he wrote code that allows him to run a simple command line shell in Android when the victim visits a website that contains his attack code.

The bug used in Keith’s attack lies in the WebKit browser engine used by Android.Google said it knows about the vulnerability. “We’re aware of an issue in WebKit that could potentially impact only old versions of the Android browser,” Google spokesman Jay Nancarrow confirmed in an email.

“The issue doesn’t affect Android 2.2 or later versions.”

Version 2.2 runs on 36.2% of Android phones, Google says. Older phones such as the G1 and HTC Droid Eris, which may not get the updated software, could be at risk from this attack. Android 2.2 is found on phones such as the Droid and the HTC EVO 4.

Because Android walls off different components of the OS from each other, Keith’s browser exploit doesn’t give him full, root access to a hacked phone. But he can access anything that the browser read.


Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...