Tag Archives: exploit

More Android exploits

As I pointed out in a previous post, Android is, if used incorrectly, just as insecure as any normal PC. After writing that post, a few reports on exploitable vulnerabilites in Android has surfaced.

There seems to be a bug in the credentials manager, which can be exploited to install applications without the users approval:

http://www.swedroid.se/sakerhetshal-i-android-funnet-android-1-x-till-2-2-drabbat/ (In Swedish)
http://www.idg.se/2.1085/1.352716/android-drabbat-av-allvarlig-bugg/ (Also in Swedish)

There is also a vulnerability in the browser in most Android phones on the market today:


In addition to this, on November 2, Coverity Inc., famous for its array of various code analysis software, published a report about a number of potential security issues in the Linux kernel used in Android:


So, as already pointed out: Be careful about which applications you download and which web sites you visit with your Android phone (or any network capable device, for that matter)!