Android 2.3 Bug Allows Hacker to View microSD Card Contents, Google Working on Fix


A researcher from North Carolina State University has uncovered a bug that we thought would be squashed by now: users are still allowed to access the contents of a user’s microSD card simply by having them visit a malicious webpage with Javascript enabled.

It’s the same bug that Google was said to have fixed a while ago, but the researcher states that their work around is just as vulnerable as the initial vulnerability. Thankfully, Google’s working on an update and worries should be quelled once they begin distributing it. Let’s hope that the “fix” actually fixes things this time around. [via Engadget]

Quentyn Kennemer
The "Google Phone" sounded too awesome to pass up, so I bought a G1. The rest is history. And yes, I know my name isn't Wilson.

LG Optimus 3D Pictured Live For First Time [EXCLUSIVE]

Previous article

Motorola DROID Bionic Makes Early Appearance at Amazon for $149

Next article

You may also like


  1. Thats one way to keep SD open…

  2. who can believe that company like google can also do this silly mistakes

  3. Aint the nexus s the only one with official gingerbread right now? If so then google doesnt have to worry about it soon hehe

  4. How could Google do this silly mistakes? Because a company like Apple or RIM or Microsoft would never let anything like this slip through would they?


  5. How many updates will this bring the nexus s to?

  6. Good thing I disabled javascript to make browsing in any way bearable on 2.3. Still, pretty scary.

  7. Large companies like google do have bugs..

    Twitter used to allow javascript in tweets and hackers would do some crazy things until they fixed it.

  8. WOW Randy A

    Way to defend.

    Google screw up and you have a go at Apple and MS, nice.

  9. Well as a now very bitter and jaded Evo user, who freaking hates the phone my thoughts are this.”Well it doesn’t surprise me, as these things seem to come with the Android territory”.
    I mean come on first the sms debacle and now this, among a host of other issues? I am seriously starting to rue and lament the purchase of the Evo. This is coming from a former Moto Droid and former intercept user, so I am not new to the rodeo on this platform.

  10. Will G2 get update 2.3 gingerbread soon? Thx

  11. Well I guess it’s a good thing I don’t keep anything of value on my SD Card because you know, you could always lose the phone at any time.


  13. Don’t be a Richard……………

  14. Yey! Another bug delaying Gingerbread getting to my Nexus One!

  15. Dude Richard, did you even read what Randy said? I am guessing no.

  16. Ha! If they try to hack my phone this way the joke’s on them. My SD card gets corrupted even when I try to access it normally!

  17. This could be part of the reason there has been no OTA update to the Nexus One yet. Seems like Gingerbread needs/needed some extra time in the oven and was rushed out to meet holiday demand.

  18. Roy, you’re in the wrong place to ask that question.
    Read the freaking title. If you don’t understand, go grab an iphone.

  19. It’s only on gingerbread, and only if you’re using the default browser. So most of us need not to worry.

Leave a reply

Your email address will not be published. Required fields are marked *

More in Misc