Gaining a Remote Shell On Android 124
SharkLaser writes "The security of Android devices has come under scrutiny in recent months. Android Market has been plagued with a number of trojaned apps, and researchers have identified various root exploits and permission leaks that can be exploited, for example, to send premium rate SMSs. Now researcher Thomas Cannon of ViaForensics is demonstrating a method for setting up remote shell on an Android device without using any exploits or vulnerabilities. The security hole is not new, and it has been pointed out for a number of years, but Google has yet to fix it. The method works on various versions of Android, up to and including the newest Ice Cream Sandwich."
_NSAShell (Score:3, Interesting)
Why do these tinfoil hat types keep bringing up the _NSAShell functionality? Enough already!
TFA is blank (Score:2, Interesting)
Re:No vulnerabilities? (Score:5, Interesting)
Re:No vulnerabilities? (Score:5, Interesting)
Interestingly enough, you get something of a kind if you install more than one browser on your phone - then, whenever a link is opened by an app, you'll get a dialog prompting you to select the browser to use for this protocol henceforth (and a checkbox to not ask again).
Unfortunately, the setting isn't per-app, so not as useful. Still, can be a handy trick for the more paranoid (but then they're probably using N900, anyway).
Re:Firewall (Score:4, Interesting)