Linux ProjectX

Android Data Stealing with Metasploit

This vulnerability was found by Thomas Cannon back in 2010, I think.  I just thought this is interesting to share to Android users :). I tried this exploit on Marvell tablets with Android versions 1.6 – 2.2. The big one is using 1.6 and small is using 2.2. For some reason this tablet has been customize by a private company which is used for a project. 🙂

Android

Firing up metasploit then using android_htmlfileprovider

android_htmlfileprovider

 

Android tablet

When the user accesses the malicious url that we have setup, consequences are the attacker will able to get any data including any sensitive data from/proc, browser files such as history,bookmarks and maybe even sessions. Also you can grab data from sdcards, As explained by Thomas Cannon in his blog:

  • The Android browser doesn’t prompt the user when downloading a file, for example"payload.html", it automatically downloads to /sdcard/download/payload.html
  • It is possible, using JavaScript, to get this payload to automatically open, causing the browser to render the local file.
  • When opening an HTML file within this local context, the Android browser will run JavaScript without prompting the user.
  • While in this local context, the JavaScript is able to read the contents of files (and other data).
information gathering
Majority are now using Android Phones and Tablets especially here in PHL. Google should not be the only one who needs to fix this but also other companies producing or manufacturing  Android Phones and Tablets with same version but most companies that  I know just dont give a damn about fixing and updating, etc.
PS: I also tried it on android 2.3 Archos and the exploit doesnt work 🙂
Take care guys and be aware

Leave a Reply