According to security researchers, the vulnerabilities in Android browsers namely Dolphin and Mercury could open doors for hackers to execute codes remotely. Dolphin and Mercury are both available on Android devices reaching more than 100 million downloads. According to a security researcher called Rotlogix, the execution of remote code on Dolphin browser allows the attacker to change the browser’s theme to an infected one. Hence, the attacker who has the ability to control the flow of data can change the download functionality and apply new themes to the browser. Rotologix added that the attacker can perform file write which can result in an execution code within the user’s browser and device.
The other browser, Mercury, contains an insecure intent URI scheme implementation and a vulnerability within the web server that supports the WiFi Transfer feature. Linking all these vulnerabilities can allow an attacker with remote access to read and write files within Mercury’s data directory.
The chief technical officer of cyber security at QinetiQ, Bryan Lillie, said that the safest way is to use a software that is widely recognized and used. He added that those products that are widely used apply good security practices and are regularly patched. On the other hand, those unknown products don’t have a clear security and patching infrastructure, so it is advised to avoid using them, especially in large corporations. Bryan continued by saying that Security policies within the organization are an important factor in restricting what people can do with their personal devices when connecting to the network, and to have a clear idea about where your data is stored and who can access it.
Another expert in security, Nick Walker, the head of mobile practice at MWR Info Security, stated that code execution vulnerabilities found in applications are of high risk, the exploitation of such bugs allow an attacker to do anything with the application such as recording the microphone input and accessing the user’s media like photos and downloads.
Following and applying tight security measures is essential nowadays to keep yourself and your company safe from various threats. Here at Sahara Net, we always advise our clients to follow best security practices, so if you are facing similar threats, don’t hesitate to contact us.