Exposed Android Data Stealing
While doing an application security assessment one evening I found a general vulnerability in Android which allows a malicious website to get the contents of any file stored on the SD card. It would also be possible to retrieve a limited range of other data and files stored on the phone using this vulnerability.
The vulnerability is present because of a combination of factors. I’ve been asked nicely to remove some details from the following section, and as my intention is to inform people about the risk, not about how to exploit users, I’ve agreed:
- The Android browser doesn’t prompt the user when downloading a file, for example "payload.html", it automatically downloads to /sdcard/download/payload.html
Procedure: how the attacker gain access to the android phone is shown in the figure
The vulnerability appears to affect all versions of Android, including the current version 2.2. The Android security team has been informed about this vulnerability.