Researcher finds browser-operates with root access on Nexus 4 and Galaxy S4




On the Pwn2Own security competition during PacSec security researchers have found a large hole in the software of the Nexus 4 from LG and Samsung Galaxy S4. Therefore they had root access and they could steal information eg.

Samsung logo (45 pix) Security Researcher ‘Pinkie Pie’ managed to abuse from the Chrome browser on the Nexus 4 and Galaxy S4. two security issues Through an integer overflow and a problem that made it possible to bypass sandbox security researcher managed to gain root access. Both devices to Pinkie Pie won with his exploits during the Pwn2Own competition at the security conference PacSec the amount of $ 50,000.

Other researchers, who won 40,000 euros for their discovery, made for the same Galaxy S4 also an exploit that works from the browser. By means of a drive-by download, for example, to install via a malicious website or an infected ad, the attacker could exploit the abuse. That writes HP, the Pwn2Own competition sponsors.

Both exploits the sandbox Android, which separates applications in silos so they can not influence to circumvent each other. Was This made it possible for example to install applications and steal the phone from a victim. Data The precise details of the exploits are not released, and are confidential handed over to Samsung. It is not clear whether other Android versions are affected: Android phones, especially those from Samsung, contain a lot of software that has been added, making it possible that this problem is only on the phone, as tested by the manufacturer.

During the same category security conference also discovered a dent in the security of iOS 6 and 7, writes The Register. This security issue is less exciting:. Although it is also exploited from the browser, the Chinese researchers discovered that the problem is not to bypass sandbox security knew Therefore the impact was relatively limited: under iOS 7 would be possible to steal, ‘login’ Facebook while under iOS 6 photos can be captured. If the sandbox restrictions were circumvented, had met many other access device to the researchers.



In: Technology & Gadgets Asked By: [15464 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »