Gaining a Remote Shell On Android

SharkLaser writes "The security of Android devices has come under scrutiny in recent months. Android Market has been plagued with a number of trojaned apps, and researchers have identified various root exploits and permission leaks that can be exploited, for example, to send premium rate SMSs. Now researcher Thomas Cannon of ViaForensics is demonstrating a method for setting up remote shell on an Android device without using any exploits or vulnerabilities. The security hole is not new, and it has been pointed out for a number of years, but Google has yet to fix it. The method works on various versions of Android, up to and including the newest Ice Cream Sandwich."

_NSAShell

Why do these tinfoil hat types keep bringing up the _NSAShell functionality? Enough already!

TFA is blank

[Culture20]

I'm guessing it loads all its content via javascript anf my noscript is blocking it. I'm glad I'm also using adblock so they didn't get any ad-views for not showing content.

Re:No vulnerabilities?

[Culture20]

"Allow App 'Foo' to open a browser? Yes/No/Always/Never/Maybe/Sometimes/EverythirdTuesdayoftheMonth"

Re:No vulnerabilities?

[shutdown+-p+now]

Interestingly enough, you get something of a kind if you install more than one browser on your phone - then, whenever a link is opened by an app, you'll get a dialog prompting you to select the browser to use for this protocol henceforth (and a checkbox to not ask again).

Unfortunately, the setting isn't per-app, so not as useful. Still, can be a handy trick for the more paranoid (but then they're probably using N900, anyway).

Re:Firewall

[muridae]

So you would have the firewall prevent your browser from connecting to pages that aren't in your whitelist? Because that's how the exploit works, by using the built in browser to contact a webpage and then execute local instructions.