Information security expert Thomas Cannon has discovered a security vulnerability in the Android browser. This vulnerubility can be exploited by attackers to access to the the local files when a smartphone user visits a crafted web page.
- The Android browser doesn’t prompt the user when downloading a file, for example
"payload.html", it automatically downloads to
One limiting factor of this exploit is that you have to know the name and path of the file you want to steal. However, a number of applications store data with consistent names on the SD card, and pictures taken on the camera are stored with a consistent naming convention too. It is also not a root exploit, meaning it runs within the Android sandbox and cannot grab all files on the system, only those on the SD card and a limited number of others.
The vulnerability appears to affect all versions of Android, including the current version 2.2. The Android security team has been informed about this vulnerability on November 20, 2010 with reference to Cannon’s blog.