Ordentligt säkerhetshål i Android
Google’s new Android version 2.3, a.k.a. Gingerbread, was supposed to close a previous data-leak hole in the smartphone operating system, but a researcher has discovered a new, similar hole in the OS.
Xuxian Jiang, a security researcher at NC State University, has tested and confirmed the bug on a Nexus S smartphone running Android 2.3. An attack would work like this: An Android user clicks on a malicious link in an email or in the browser, and an attacker could then read and upload any files on the phone’s SD memory card, including things like online banking information, pictures, and saved voicemails. An attacker could also root out the phone’s apps and upload them to a remote server, according to Jiang, who is an assistant professor in the computer science department.
Google’s Android 2.3 was built to fix a similar flaw identified last year that gave an attacker access to files stored on the memory card. But NC State’s discovery shows that Google’s “fix” for the flaw can be bypassed.