A serious security vulnerability affects the default web browser of the Android OS lower than 4.4, according the data provided by Google official dashboard nearly the 66% of Android devices is impacted. The security flaw allows an attacker to bypass the Same Origin Policy (SOP).
The Android Same Origin Policy (SOP) vulnerability (CVE-2014-6041) was first disclosed in September 2014 by the security expert Rafay Baloch, which noticed that the AOSP (Android Open Source Platform) browser installed on Android 4.2.1 was vulnerable to Same Origin Policy (SOP) vulnerability that allows one website to steal data from another.
According to security experts at Trend Micro and Facebook, many users of the popular social network have been targeted by cyber attacks that attempt to exploit the Same Origin Policy (SOP) vulnerability. The attackers used a Metasploit exploit code publicly available to run the attack in an easy and automated way.
“A few months back, we discussed the Android Same Origin Policy (SOP) vulnerability, which we later found to have a wider reach than first thought. Now, under the collaboration of Trend Micro and Facebook, attacks are found which actively attempt to exploit this particular vulnerability, whose code we believe was based in publicly available Metasploit code.” states a blog post published by TrendMicro.
Due to the huge impact of the Same Origin Policy (SOP) vulnerability, the expert Tod Beardsley has dubbed it “privacy disaster”. Beardsley is one of the developers for the Metasploit team and provided a POC-video to demonstrate that the flaw is “sufficiently shocking.”
The Same Origin Policy is a fundamental in the web application security model implemented to protect users’ browsing experience.
” The policy permits scripts running on pages originating from the same site – a combination of scheme, hostname, and port number – to access each other’s DOM with no specific restrictions, but prevents access to DOM on different sites.” reads Wikipedia.
According Trend Micro the attackers served a link through a particular Facebook page that redirect Facebook users to a malicious website.
The experts noticed that criminals behind these attacks rely on an official BlackBerry app maintained by BlackBerry in order to steal the access tokens used to hack the Facebook accounts.
“The mobile malware using the Android SOP Exploit (Android Same Origin Policy Bypass Exploit) is designed to target Facebook users regardless of their mobile device platform,” Blackberry told Trend Micro in a statement. “However, it attempts to take advantage of the trusted BlackBerry brand name by using our Facebook web app. BlackBerry is continuously working with Trend Micro and Facebook to detect and mitigate this attack. Note that the issue is not a result of an exploit to Blackberry’s hardware, software, or network.”
To fix the Same Origin Policy Vulnerability it is necessary to apply a patch already available and issued by Google in September. Unfortunately, millions of Android devices are still vulnerable because the manufacturers no longer push the update to its customers. In order to protect yourself, Disable the BROWSER from your Android devices by going to Settings > Apps > All and looking for its icon.
(Security Affairs – Same Origin Policy Vulnerability, Android)