Android 4.0.4 Multiple Zero-Day Vulnerabilities
Android 4.0.4 Multiple Zero-Day Vulnerabilities
Using a pair of zero day vulnerabilities, a team of security researchers from U.K.-based MWR Labs hacked into a Samsung Galaxy S3 phone running Android 4.0.4 by beaming an exploit via NFC (Near Field Communications).
The Samsung Galaxy S3 can be hacked via NFC, allowing attackers
to download all data from the Android smartphone, security researchers
demonstrated during the Mobile Pwn2Own contest in Amsterdam.
Using a pair of zero day vulnerabilities, a team of security researchers from U.K.-based MWR Labs hacked into a Samsung Galaxy S3 phone running Android 4.0.4 by beaming an exploit via NFC (Near Field Communications).
NFC is a technology that allows data to be sent over very short
distances. For mobile devices, the protocol allows digital wallet applications
to transfer money to pay at the register. While the technology has been slow to
take off, despite the adoption by Google for its Wallet payment application, a
number of recent high-profile announcements have boosted its adoption.
"Through NFC it was possible to upload a malicious file
to the device, which allowed us to gain code execution on the device and
subsequently get full control over the device using a second vulnerability for
privilege escalation," MWR InfoSecurity said in a statement. "The same vulnerability could also be
exploited through other attack vectors, such as malicious websites or e-mail
attachments." The attacker, for instance, gets access to all SMS messages,
pictures, emails, contact information and much more. The payload is very
advanced, so attackers can "basically do anything on that phone," the
researchers said.
Comments