Overclock.net › Forums › Industry News › Software News › [Engadget]Android 2.3 security bug shows microSD access vulnerability
New Posts  All Forums:Forum Nav:

[Engadget]Android 2.3 security bug shows microSD access vulnerability

post #1 of 19
Thread Starter 
Quote:
A researcher at North Carolina State University is warning of an Android 2.3 security vulnerability that gives attackers access to your personal information, further proof that Gingerbread isn't all sugar and spice (to be fair, that SMS issue has since been remedied). According to Xuxian Jiang, the bug allows malicious websites to access and upload the contents of a user's microSD card, including voicemails, photos, and online banking information to a remote server. The flaw apparently resembles a similar bug in previous version of Android, thought to have been addressed with Gingerbread. However, as Jiang points out, that fix is easily bypassed.
android2.3gingerbread-bug2011.jpg
source
Nameless
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 965 Extreme EVGA Classified E759 Limited edition NF200 EVGA GTX 295 Corsair Dominator 6GB DDR3 Tri 
Hard DriveOptical DriveCoolingOS
WD Velociraptor 300GB LG Blue-Ray & HD DVD Drive Stock Intel Cooler Windows 8 Pro with Media Centre 
MonitorKeyboardPowerCase
Samsung SyncMaster 2233 & IIYAMA Prolite E2403WS Logitech G19 Gaming keyboard Corsair HX1000W SS TJ07 
MouseMouse Pad
Logitech G400 Optical Gaming mouse Steelseries Qck + 
  hide details  
Reply
Nameless
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 965 Extreme EVGA Classified E759 Limited edition NF200 EVGA GTX 295 Corsair Dominator 6GB DDR3 Tri 
Hard DriveOptical DriveCoolingOS
WD Velociraptor 300GB LG Blue-Ray & HD DVD Drive Stock Intel Cooler Windows 8 Pro with Media Centre 
MonitorKeyboardPowerCase
Samsung SyncMaster 2233 & IIYAMA Prolite E2403WS Logitech G19 Gaming keyboard Corsair HX1000W SS TJ07 
MouseMouse Pad
Logitech G400 Optical Gaming mouse Steelseries Qck + 
  hide details  
Reply
post #2 of 19
So how so you prevent others from giving them access to this flaw? Disconnect from data connection and go phone-only mode?
ಠ-ಠ
(15 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500K ASUS P8P67 Deluxe EVGA GTX580 Mushkin DDR3 Silverline Stilletto(4x4)16GB 1333MHz 
Hard DriveHard DriveOptical DriveOS
WD Caviar BLACK  Kingston V200 2x LG DVD RAM w/ lightscribe Win7 Pro 64-bit 
MonitorKeyboardPowerCase
BenQ XL2410T 23.6" 120Hz LED LCD Razer Lycosa ENERMAX REVOLUTION 850W CM HAF 922M 
MouseMouse PadAudio
Razer Mamba ALLSOP high precision mousepad Creative Labs X-fi Titanium HD 
  hide details  
Reply
ಠ-ಠ
(15 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500K ASUS P8P67 Deluxe EVGA GTX580 Mushkin DDR3 Silverline Stilletto(4x4)16GB 1333MHz 
Hard DriveHard DriveOptical DriveOS
WD Caviar BLACK  Kingston V200 2x LG DVD RAM w/ lightscribe Win7 Pro 64-bit 
MonitorKeyboardPowerCase
BenQ XL2410T 23.6" 120Hz LED LCD Razer Lycosa ENERMAX REVOLUTION 850W CM HAF 922M 
MouseMouse PadAudio
Razer Mamba ALLSOP high precision mousepad Creative Labs X-fi Titanium HD 
  hide details  
Reply
post #3 of 19
Online banking information?

Ok Engadget rolleyes.gif
    
CPUMotherboardGraphicsRAM
Core i5 4670k ASUS Maximus VI Gene Gigabyte GTX 460 1GB Kingston Hyper-X 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 OCZ Vertex 3 WD6401AALS WD5000AAKS 
CoolingOSMonitorMonitor
Noctua NH-D14 elementary OS Dell Ultrasharp U2312HM LG W2442PA-BF 
KeyboardPowerCaseMouse
Microsoft Sidewinder X4 Corsair HX750W Corsair Graphite 600T Logitech G700 
Audio
ASUS Xonar DG 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Core i5 4670k ASUS Maximus VI Gene Gigabyte GTX 460 1GB Kingston Hyper-X 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 OCZ Vertex 3 WD6401AALS WD5000AAKS 
CoolingOSMonitorMonitor
Noctua NH-D14 elementary OS Dell Ultrasharp U2312HM LG W2442PA-BF 
KeyboardPowerCaseMouse
Microsoft Sidewinder X4 Corsair HX750W Corsair Graphite 600T Logitech G700 
Audio
ASUS Xonar DG 
  hide details  
Reply
post #4 of 19
Google must have really pissed off engadget.... LOL
Gaming rig
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7-4790K Asus Z97 Pro Wifi EVGA GTX970sc Crucial ballistic 16GB DDR3 1866 
Hard DriveHard DriveOptical DriveCooling
Samsung 850 EVO 256GB SSD WD 1TB HDD Samsung DVDRW Corsair H60 
OSMonitorKeyboardPower
W 10 Pro Samsung 23" Logitech g105 Corsair 750w 
Case
Corsair Carbide Spec-02 
  hide details  
Reply
Gaming rig
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7-4790K Asus Z97 Pro Wifi EVGA GTX970sc Crucial ballistic 16GB DDR3 1866 
Hard DriveHard DriveOptical DriveCooling
Samsung 850 EVO 256GB SSD WD 1TB HDD Samsung DVDRW Corsair H60 
OSMonitorKeyboardPower
W 10 Pro Samsung 23" Logitech g105 Corsair 750w 
Case
Corsair Carbide Spec-02 
  hide details  
Reply
post #5 of 19
Thread Starter 
And most phones will never get an update anyways :/
Nameless
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 965 Extreme EVGA Classified E759 Limited edition NF200 EVGA GTX 295 Corsair Dominator 6GB DDR3 Tri 
Hard DriveOptical DriveCoolingOS
WD Velociraptor 300GB LG Blue-Ray & HD DVD Drive Stock Intel Cooler Windows 8 Pro with Media Centre 
MonitorKeyboardPowerCase
Samsung SyncMaster 2233 & IIYAMA Prolite E2403WS Logitech G19 Gaming keyboard Corsair HX1000W SS TJ07 
MouseMouse Pad
Logitech G400 Optical Gaming mouse Steelseries Qck + 
  hide details  
Reply
Nameless
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 965 Extreme EVGA Classified E759 Limited edition NF200 EVGA GTX 295 Corsair Dominator 6GB DDR3 Tri 
Hard DriveOptical DriveCoolingOS
WD Velociraptor 300GB LG Blue-Ray & HD DVD Drive Stock Intel Cooler Windows 8 Pro with Media Centre 
MonitorKeyboardPowerCase
Samsung SyncMaster 2233 & IIYAMA Prolite E2403WS Logitech G19 Gaming keyboard Corsair HX1000W SS TJ07 
MouseMouse Pad
Logitech G400 Optical Gaming mouse Steelseries Qck + 
  hide details  
Reply
post #6 of 19
This is the same argument that makes people buy Macbooks because they're "more secure" than windows. rolleyes.gif
I would call being able to rip open an iphone's security and jailbreak it by simply visiting a website a huge security breach, but you never see articles about that.

Then again, Engadget employees pleasure themselves to a picture of the apple logo so i'm never surprised at their articles about android.
Edited by Higgins - 1/29/11 at 1:41pm
    
CPUMotherboardGraphicsRAM
Intel 2500k Gigabyte Z68X-UD3H-B3 XFX HD5870 16GB G.Skill RipjawsX 
Hard DriveOptical DriveCoolingOS
60GB OCZ Vertex 3 + 2x TB Seagate LG DVD+RW Stock Intel Windows 7 64bit / OSX Mountain Lion 
MonitorKeyboardPowerCase
Dell ST2210 + 17" IBM Das Ultimate S Antec TruePower 650W Antec P183 
MouseMouse PadAudioAudio
Logitech MX Revolution X-Trac Ripper Objective 2 + ODAC Combo Sennheiser HD650 + Klipsch 2.1 Promedia 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel 2500k Gigabyte Z68X-UD3H-B3 XFX HD5870 16GB G.Skill RipjawsX 
Hard DriveOptical DriveCoolingOS
60GB OCZ Vertex 3 + 2x TB Seagate LG DVD+RW Stock Intel Windows 7 64bit / OSX Mountain Lion 
MonitorKeyboardPowerCase
Dell ST2210 + 17" IBM Das Ultimate S Antec TruePower 650W Antec P183 
MouseMouse PadAudioAudio
Logitech MX Revolution X-Trac Ripper Objective 2 + ODAC Combo Sennheiser HD650 + Klipsch 2.1 Promedia 
  hide details  
Reply
post #7 of 19
Quote:
Originally Posted by Schoat333;12186941 
Google must have really pissed off engadget.... LOL

Didn't they say that Google ripped off some code, and it turned it they didn't?
Edited by Pings - 1/29/11 at 1:59pm
post #8 of 19
Quote:
Originally Posted by UnAimed;12189115 
And most phones will never get an update anyways :/

Like my samsung fascinate which is stuck on 2.1 Thank god for Xda-devs to bring 2.2 on it.
Heavy HAF
(15 items)
 
New Build
(12 items)
 
 
CPUMotherboardGraphicsRAM
Intel i7 920  MSI Big bang Xpower X58 EVGA GTX 570 G-Skill Razer Ripjaw X 4GB x 4 
Hard DriveOptical DriveCoolingCooling
1 TB WD Black x 3 SAMSUNG 22X DVD Burner Venomous x - CPU Cooler 120 mm Fans x 6 
OSMonitorKeyboardPower
Windows 7 Ultimate 24" Sceptre x 2 Adesso Mechanical Keyboard Thermaltake Toughpower 1200W 
Case
Coolermaster HAF 932 
CPUMotherboardGraphicsRAM
i7 4770k ASUS Z87 Deluxe GTX 570 (For Now) G-Skill 16GB  
Hard DriveCoolingOSKeyboard
2x256 Vertex 4 Raid 0 Corsair H100i Windows 8.1 Sceptre 24 
PowerCaseMouseMouse Pad
CM V700W Fractal R4 Razer Deathadder Steelseries 
  hide details  
Reply
Heavy HAF
(15 items)
 
New Build
(12 items)
 
 
CPUMotherboardGraphicsRAM
Intel i7 920  MSI Big bang Xpower X58 EVGA GTX 570 G-Skill Razer Ripjaw X 4GB x 4 
Hard DriveOptical DriveCoolingCooling
1 TB WD Black x 3 SAMSUNG 22X DVD Burner Venomous x - CPU Cooler 120 mm Fans x 6 
OSMonitorKeyboardPower
Windows 7 Ultimate 24" Sceptre x 2 Adesso Mechanical Keyboard Thermaltake Toughpower 1200W 
Case
Coolermaster HAF 932 
CPUMotherboardGraphicsRAM
i7 4770k ASUS Z87 Deluxe GTX 570 (For Now) G-Skill 16GB  
Hard DriveCoolingOSKeyboard
2x256 Vertex 4 Raid 0 Corsair H100i Windows 8.1 Sceptre 24 
PowerCaseMouseMouse Pad
CM V700W Fractal R4 Razer Deathadder Steelseries 
  hide details  
Reply
post #9 of 19
That got me wondering why it shown New Jersey network showing on facebook access from my droid. Deleted allowed access. Might format my cell but may not solve anything. Had plans to get a brand new cell in March anyways. They better fix this contraption!
post #10 of 19
sigh.......pretty soon we gonna have to run AV and/or FW on our phones frown.gif
    
CPUMotherboardGraphicsRAM
X5680@4.8GHz 192x25x1.47v EVGA X58 Classified(E759) EVGA GTX980 Ti SLI @1515/8400 6x4GB GSkill Ripjaws@1540 8-8-8-20-2T-1.55v 
Hard DriveHard DriveHard DriveCooling
Corsair Force GT 120GB/OS Corsair Force LS 60GB/PAGE Toshiba 4TB/GAMES CPU-EK Supremacy 
CoolingCoolingCoolingCooling
MB-EK FB Classified GPU-EK FC TitanX/Backplates Rad-Swiftech 360mm MCR-320/Pump Rad-Barrow 280mm 
CoolingCoolingCoolingOS
Ram-Corsair 2x60mm Resevoir-Barrow 250x50mm Misc-6x120mm/2x140mm/NZXT Sentry,Barrow 3/8 fit... Windows 10 Pro x64 
MonitorKeyboardPowerCase
Seiki 50'' 3840x2160 30hz Logitech G110 EVGA Supernova G2 1300 Lian Li PC-A77F 
MouseMouse PadOtherOther
Logitech G9x Xtrac Ripper XL Logitech G27 Logitech G940 
Other
Xbox One controller 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
X5680@4.8GHz 192x25x1.47v EVGA X58 Classified(E759) EVGA GTX980 Ti SLI @1515/8400 6x4GB GSkill Ripjaws@1540 8-8-8-20-2T-1.55v 
Hard DriveHard DriveHard DriveCooling
Corsair Force GT 120GB/OS Corsair Force LS 60GB/PAGE Toshiba 4TB/GAMES CPU-EK Supremacy 
CoolingCoolingCoolingCooling
MB-EK FB Classified GPU-EK FC TitanX/Backplates Rad-Swiftech 360mm MCR-320/Pump Rad-Barrow 280mm 
CoolingCoolingCoolingOS
Ram-Corsair 2x60mm Resevoir-Barrow 250x50mm Misc-6x120mm/2x140mm/NZXT Sentry,Barrow 3/8 fit... Windows 10 Pro x64 
MonitorKeyboardPowerCase
Seiki 50'' 3840x2160 30hz Logitech G110 EVGA Supernova G2 1300 Lian Li PC-A77F 
MouseMouse PadOtherOther
Logitech G9x Xtrac Ripper XL Logitech G27 Logitech G940 
Other
Xbox One controller 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [Engadget]Android 2.3 security bug shows microSD access vulnerability