Dangerous/Severe security hole in Android browser

android-browser-problemReadWriteWeb’s writer Sarah Peretz writes about a serious security vulnerability iscovered in Android OS, more specifically in Android browser. This vulnerability was presented by security researcher Charlie Miller

This vulnerability will allow allows potential hackers to remotely take control of the phone’s web browser and related processes forked off the browser. The results of breach are very serious – once the phone becomes compromised, the hackers could gain access to the saved credentials stored in the browser and browser history. Also they could see past secure transactions, even if encrypted.

This security flaw originated in the code written by software company PacketVideo, which contributed an open version of their Core multimedia application framework to Android, where it became the multimedia subsystem for the Android web browser.

It seems like a fix for this vulnerability is available and actually has been available for quite some time -  since February 7th. However, Google has not yet pushed it out to Android phones. Instead, the patch sits here in Google’s source code repository which, says Miller, is “irrelevant” as “what matters is what Joe Consumer is carrying in his pocket.”

So what are measures to take? Experts suggest not to use the web browser at all until the fix (update) is pushed to you – “avoid using the browser until a patch is released.  If this is not possible, only visit trusted sites and only over the T-Mobile network (avoid Wi-Fi).” However if you really want to use the browser, just try to follow the above suggestions.

Android’s security model is pretty strong one in general, but while being strong in general, it has its downsides. Once the permissions are breached, a potential y skilled hacker could gain access to virtually everything.

We found the following response from Google via ZdNet:

Charlie Miller, a security researcher at Independent Security Evaluators, contacted security@android.com on January 21st regarding a bug in PacketVideo’s OpenCore media library that he intended to disclose on Feburary 7.

Media libraries are extremely complex and can lead to bugs, so we designed our mediaserver, which uses OpenCore, to work within its own application sandbox so that security issues in the mediaserver would not affect other applications on the phone such as email, the browser, SMS, and the dialer. If the bug Charlie reported to us on January 21st is exploited, it would be limited to the mediaserver and could only exploit actions the mediaserver performs, such as listen to and alter some audio and visual media.

We thank our partners PacketVideo, oCERT, and T-Mobile for their engagement and attention to this issue.

If you’re interested in the background of the story, here is more information:

The Android Security Team responded by contacting PacketVideo, T-Mobile, and oCERT, a public Computer Emergency Response Team. PacketVideo developed a fix on February 5th, and they patched Open Source Android two days later. oCERT assisted PacketVideo with coordinating the fix, and they published an advisory detailing this issue. We offered the patch to T-Mobile when it became available, and G1 users will be updated at T-Mobile’s discretion.

This is not the first vulnerability discovered by Dr. Charles Miller. Earlier he and his team have discovered a serious vulnerability in the iPhone. Our guess is that while Android being a pretty secured system – many more security flwas will be reported in the near future. And the implications? We’ll have to wait and see about that.