New Android Exploit Discovered To Steal Data

mimd writes "A researcher at North Carolina State University has discovered yet another Android Browser exploit that affects the new Android 2.3 (Gingerbread) and previous versions. Slashdot recently covered a previous browser exploit that affected all versions of the Android Browser, but was patched in 2.3. Xuxian Jiang writes 'our finding here is that the patch contained in Android 2.3 is not an ultimate fix and can still be bypassed. We have a proof-of-concept exploit with a stock Nexus S phone and are able to successfully exploit the vulnerability to steal potentially personal information from the phone.' The exploit is capable of reading and writing files from an Android's sdcard or system partition as well as uploading user data over the internet."

Re:Just dont use the stock browser

Lol Steve, you're supposed to be on medical leave, not trolling slashdot.

Re:Windowsesqe

[ColdWetDog]

The idea of having a phone where you have to worry about it fucking up for no apparent reason and with no warning message is awful.

The iPhone may not be your best choice. I accidentally let my iPhone 'upgrade' from 3.2 to 4.1 (note to self - do nothing at all, except perhaps post on Slashdot when tired). After a very frustrating four hours of reinstalling itunes, waiting for Apple's 'upgrade server', googling a dozen cryptic error messages and finally reinstalling everything from scratch, I finally have a functional phone.

It's pretty amazing that Apple can manage to have so many holes and gotchas in their locked down system. Much of it seems to be just bad programming (not realizing a preference file is corrupt, having twizzlefits about exactly which USB port is OK, cruft files left over from previous installs) and sloth.

I'd recommend a DOS phone. Nice and simple. Just use a hex editor to fix things. None of this complex new stuff. Bah.