ZDNet UK / Blogs / Security Bulletin

Researcher develops remote-access Android exploit

By , 22 December, 2011 16:20

Daily Newsletters

Sign up to ZDNet UK's daily newsletter.

About this blog

ZD Staff

Security Bulletin

Analysis of security, technology, and attempts to filter random noise

A security researcher has developed a proof-of-concept Android application that does not ask for user permissions during installation, but could give a hacker remote access to a device.

The app uses a known issue with Android web search to establish a two-way communication channel with a third party, ViaForensics director of research and development Thomas Cannon told ZDNet UK on Wednesday.

"On its own this attack could really only be used to read any data on the SD card, read some data shared by other apps, and read limited data about the device," Cannon told ZDNet UK in an email interview. "Combined with other vulnerabilities it can be expanded, for example it could download a root exploit at a later point in time and gain total control over the device, or it could leverage other unprotected capabilities that may exist on the device to, for example, send premium rate SMS."

When a user downloads an Android app, the user's device normally prompts the user with permissions the app is asking for — say, to give access to geolocation data, phone memory, or camera information — supposedly alerting the user to any malicious requests.

Once downloaded, Cannon's proof of concept opens a communications channel by loading the web browser, once the phone is locked, according to a video by Cannon. This establishes a shell, and allows semi-covert access, Cannon told ZDNet UK.

"The proof-of-concept is not completely covert since the web browser will need to be in the foreground during the attack," Cannon told ZDNet UK. "However, once complete, you can, to a degree, make things look normal again for the user. Technically there will still be some traces that the attack happened left behind if the user looks."

The app does not exploit a flaw in Android, more a feature, said Cannon.

"The app doesn't use a vulnerability in the browser as such, it simply calls the browser and passes it the URL of the attacker's server," said Cannon. "Except that the URL contains the data we want to send to the attacker. Similarly to receive data the browser gets redirected to a custom URL scheme the app has registered (e.g. myapp://host/some+data) which calls our app and passes it the data in the URL. That way we establish two-way communication."

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your ZDNet UK account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

Get ZDNet UK's daily newsletter

Enter your email address to sign up

ZDNet UK Live

Michelle Sexton-Chaney

Mitchy where are you from....contact your OCCUPY MOVEMENT by FB and ask!

4 hours ago by Michelle Sexton-Chaney via Facebook on Police expect Anonymous backlash to Assange verdict
Charles McColm

I've owned the Celeron 1.5GHz version of this notebook since late 2006 and continue to use it today. Right after getting it I upped the RAM to 2GB...

5 hours ago by Charles McColm via Facebook on Lenovo 3000 C100: a first look
apexwm

I'm glad that Google has brought this up. I think Google is trying to bring to light that Microsoft (Nokia, and probably others) are purchasing...

6 hours ago by apexwm on Google cries foul over Microsoft-Nokia 'patent trolls'
Jack Schofield

It would actually be simple to do away with the cabinets: WiMax could easily cover the whole area. However, UK gov isn't interested in supporting...

6 hours ago by Jack Schofield on BT kills off Chelsea fibre in clash over ugly cabinets
JosephRoach

Wow, Awesome this is perfect sutff :) [img]http://i1069.photobucket.com/albums/u476/marry38382/xray.jpg[/img]

6 hours ago by JosephRoach on Windows 8 Release Preview
JosephRoach

Wow, Awesome this is perfect sutff :)

6 hours ago by JosephRoach on Apple vs Nokia in fight to set nano-SIM standard (updated)
Jack Schofield

@privatesky Many thanks for the correction: I'll amend the copy!

6 hours ago by Jack Schofield on CertiVox launches two-factor security in the cloud
manek

I prefer the big 'un actually. It's much more robust and they can take a pounding over the years...

7 hours ago by manek on Raspberry Pi: too much interface!
David Moore

USB plugs on devices have shrunk from the old square plug, to mini, to micro (not to mention a whole host of incompatible, proprietary plugs for...

8 hours ago by David Moore via Facebook on Raspberry Pi: too much interface!
privatesky

Hi Jack, thanks for the shout out. One major correction: PrivateSky encrypts the data in your browser BEFORE it is uploaded to the portal, it's not...

8 hours ago by privatesky on CertiVox launches two-factor security in the cloud
pjc158

Is'nt this a case of the pot calling the kettler black. Motorola recently bought by Google and they are using patents that should used on a FRAND...

11 hours ago by pjc158 on Google cries foul over Microsoft-Nokia 'patent trolls'
oladapomajek

welcome back, Dragon Capsule

11 hours ago by oladapomajek on Dragon capsule splashes down after space station mission
Brian Kupris

Really want it, when is it coming to the UK?

12 hours ago by Brian Kupris via Facebook on First Take: RIM BlackBerry PlayBook Keyboard Case
ahluwalia

Just been told by OTA ICS time is here on Three UK on my galaxy Note wooppee now the wait for Android 5 begins

14 hours ago by ahluwalia on ICS reaches Samsung Galaxy Note
Shashwat Pant

Well from Hp previous announcements, the AMD powered sleekbooks will be available on or after 15th June and most of the trinity based laptops/sff...

14 hours ago by Shashwat Pant via Facebook on The mystery of the missing AMD sleekbooks
Luke Painter

To be fair, I've just seen this... http://recombu.com/digital/news/hyperoptic-offers-to-cable-up-kensington-and-chelsea_M10546.html

14 hours ago by Luke Painter via Facebook on BT kills off Chelsea fibre in clash over ugly cabinets
THELONE1

Virgin also has cabinets, I have one outside my house, and have been trying to get rid of it for the past 5 years.

15 hours ago by THELONE1 on BT kills off Chelsea fibre in clash over ugly cabinets
Darkvil

The councils are soooo out of touch and only represent a portion of their local people. What about all the gamers, people that cant get out and...

15 hours ago by Darkvil on BT kills off Chelsea fibre in clash over ugly cabinets
Jake Rayson

Very timely post, I've just created a triple boot MacBook for precisely this purpose http://ow.ly/bhYxX The people who I'm contracting for were...

16 hours ago by Jake Rayson on BYOD: How to avoid Bring Your Own Danger
dbuk44

@ lewiswalch They are the one's taking the profits for this installation for decades to come[...] Or, investing their own money, to build open an...

18 hours ago by dbuk44 on BT kills off Chelsea fibre in clash over ugly cabinets

Keep up with ZDNet UK

Twitter Follow us

Linkedin Join our network

ZDNet UK App Download now

Facebook Like us

RSS Feeds Subscribe now

Newsletters Subscribe today

Featured white papers

Comparing VMware Zimbra with Leading Email and Collaboration Platforms

VMware

Comparing VMware Zimbra with Leading Email and Collaboration Platforms

Many businesses are looking for alternatives to legacy email solutions, which lack flexibility and strain IT resources. Is there an answer for small and mid-sized... Read more

Value of a team: Five pillars to strengthen employee culture

Citrix Online

Value of a team: Five pillars to strengthen employee culture

This white paper explores how to define objectives for employees and clients and how the business can benefit from encouraging... Read more

Guide to smart working and modernising business practices

Citrix Online

Guide to smart working and modernising business practices

This handbook explores new technologies and practices that enable workers to become more flexible and work smarter, increasing productivity while keeping costs... Read more

Community highlights

Jack Schofield

Windows 8 and Ultrabooks to innovate at Computex

Blog Post Computex 2012, the world's second-biggest computer show, is expected to...

1 June, 2012 by Jack Schofield
manek

Virtual desktops are on the march

Blog Post Virtual desktops are the next mountain to climb if you're an IT or datacentre...

1 June, 2012 by manek
Jack Schofield

CertiVox launches two-factor security in the cloud

Blog Post CertiVox is claiming "a revolutionary breakthrough in information security"...

1 June, 2012 by Jack Schofield
Jake Rayson

Raspberry Pi: too much interface!

Blog Post I have enjoyed a veritable deluge of technology over the past week. My laptop...

1 June, 2012 by Jake Rayson

Inside ZDNet UK

Windows 8 Release Preview

Windows 8 Release Preview

Raspberry Pi: too much interface!

Raspberry Pi: too much interface!

Toshiba Satellite Pro C850-10N

Toshiba Satellite Pro C850-10N

How code signing works

How code signing works

Axis: Inside Yahoo's iOS-loving browser

Axis: Inside Yahoo's iOS-loving browser

BYOD: How to avoid Bring Your Own Danger

BYOD: How to avoid Bring Your Own Danger

You're being watched - by a rock

You're being watched - by a rock