The security expert Thomas Cannon has a vulnerability in the Android browser discovered that allows attackers to local files from the user's smart phone to read when it visits a malicious web site. Apparently affects the vulnerability Android all versions, including the current version 2.2. Security was able to do this on a Google and Samsung Nexus One Galaxy Tab Android 2.2, each with a trace. Cannon has reportedly with a HTC Desire (2.2) and the Android emulator (1.5, 1.6 and 2.2) from Google's own SDK verified.

Since the browser runs in a sandbox, the attacker can access in this way only to user data and not on system directories. In addition, the attacker must know the location of his potential stolen property. A good target would be camera photos are saved with a serial number or always the same hot end application files. It may also include confidential data is, about the online banking app.

To demonstrate Cannon ct.txt the contents of the file from the root directory of our memory card to its server - we have just clicked on the link provided in the default browser on Android. The server of the attacker sends a larded with JavaScript HTML file to the browser, it downloads without asking and then running through a redirect on the downloaded file with local rights. This makes the script has access to the file system and can then transfer the files to the server of the attacker.

During transfer of the manipulated file flashes briefly on an information window that provides information on the automatic download - it can not prevent. One can protect themselves by turning off JavaScript in your browser settings or uses a browser like Opera Mobile, which asks for permission before downloads at least. However, the HTML file can be manipulated in other ways such as a mail attachment, go to the device.