Android 'Privacy Disaster'

A massive security flaw in Android OS has been detected by a security researcher Rafay Baloch. The bug was confirmed to affect all the devices that run Android below 4.4 (KitKat), which means that over 70% of Android owners might have lost their private data.

The bug allowed hackers to bypass the Android Open Source Platform (AOSP) Browser's Same-Origin Policy by malforming a javascript, thus allowing for interference of one website (attacker's) with any other website you had open in other tabs. In practice, not only could the hacker grant himself access to all your tabs but also steal a copy of your session cookie and "act on your behalf".

According to the source, Rafay Baloch got in touch with googlers in August to report the bug, but the security team said that they were not able to reproduce it on their end. A funny thing happened after the researcher had posted on the matter in his blog - all of a sudden, the tech giant managed to reproduce the exploit and eventually fixed the issue. Naturally, Baloch received no credit for reporting on the bug as the post appeared before the company managed to solve the issue. The researcher said to Google: “The mistake is from your side, not being able to properly communicate with researchers.” The megacorp gave no comment on that.

VIA: Forbes

Comments

Tech Informer

According to a study done by the McAfee 70% of bugs are created for Android.
The easiest way to protect your phone from it:
Don't run any app or game which asks for permission [at the time of download from play store] to read your personal data or to access Internet. But if you have to download something which asks this kind of permission, make sure that the app or game is from a well-known publisher.

 –  6 years ago  –  Was it helpful? yes | no (0)