From few days the mobile security vulnerabilities are revealing one by one, latest news regarding Android Firefox application, the Firefox for Android browser puts data that has been stored on an android device as well as that within the browser at risk.The vulnerability of Firefox for Android is triggered when a user navigates to a website that has a malicious JavaScript code.
This will then allow hackers to access the private information stored in the browser (cookies, login credentials, bookmarks) as well as the content of the device SD card.
As we all know users store most of their data on the SD card. This may include photos, documents, and videos among others. All of these can be easily accessible by a hacker.
For the exploit to take effect, users must either install an app or open a locally stored HTML file containing a malicious snippet of JavaScript. Files are accessed through the standard "file://" URI syntax. Since the data within internal storage has also been encrypted by Firefox, a second exploit is leveraged to install a third-party app which acquires the salted and hashed encryption key stored on the device.
Developer Sebastian Guerrero Selma of via Forensics posted a video showing how hackers will be able to access data on the device.
No comments:
Post a Comment