Researcher Releases Android Exploit In Webkit Browser Engine

Use Netsparker


And Android security hits the news once again, it’s not a vulnerability in the OS per-say but rather in the browser based on the Webkit engine. It does highlight the inherent fragmentation problems with the Android platform and the security concerns that come with running old OS and software versions.

It’s a problem that is plaguing Android right now with different phones running different core OS versions (from 1.5 to 2.2) – on top of that 3rd party skins for the OS from Samsung, Motorola and more. This makes updating the OS slow and many users are stuck with old versions and no news regarding updates.

A security researcher has released proof-of-concept code that exploits a vulnerability in most versions of Google’s Android operating system for smartphones.

M.J. Keith of Alert Logic said he released the attack code to expose what he characterized as inadequate patching practices for the open-source mobile platform. Rather than find the underlying bug himself, he searched through a list of documented security flaws for Apple’s Safari, which relies on the same Webkit browser engine used in Android. In short order, he had an attack that exploits about two-thirds of the handsets that rely on the OS.

“They need a better patching system,” Keith told The Register. “They do a good job of repairing future releases, but I think a better patching system needs to be set up for Android.”

The bug Keith’s code exploits was fixed in Android 2.2, but according to figures supplied by Google, only 36 percent of users have the most recent version. That means the remainder are susceptible to the attack.

Google has claimed that they are changing the architecture with the upcoming release of Gingerbread, many of the system apps will be pushed to the Marketplace – meaning they can push out updates much faster and easier than if everything is integrated in the OS image.

Of course core problems with the kernel or underlying OS will still have to be addressed via firmware updates, but still like this – which effects the browser – could be negated if a new browser version could be pushed out from the Android Marketplace.

The same goes for the recent Critical Zero Day Abobe Flash Flaw Which Put Android Phones At Risk.


What’s more, Keith said he had no trouble finding other documented Webkit vulnerabilities that have yet to be fixed in version 2.2.

“I found about four or five and I wasn’t trying to [do] an exhaustive search,” he said.

A Google spokesman declined to comment for this post. To be fair, Android’s design does a good job of segregating the functions of one application from those of another. That would make it hard for someone exploiting the bug Keith demonstrated to gain root privileges or access to many of the targeted handset’s resources. But it still would allow an attacker to access anything the browser can read, including a phone’s Secure Digital memory card.

The bigger point, Keith said, is that most users have no idea their devices are vulnerable to bugs that were patched long ago on other platforms.

“I wanted to demonstrate that nobody’s being notified that their Android phone is vulnerable to this stuff,” he explained. Google “wants to pretend it’s not there.”

It is a serious problem that Android is facing right now and I hope Google do more to address this and work alongside with the handset vendors so OS updates can be pushed out in a more efficient and timely manner.

The exploit code can be found here:

Android 2.0-2.1 Reverse Shell Exploit

Source: The Register

Posted in: Exploits/Vulnerabilities, Hardware Hacking

, , , ,


Latest Posts:


Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.


Comments are closed.