Tuesday, September 21, 2010

Your smart phone... can beat up my smart phone...

So, fair's fair:  Know that sexy flash exploit that's hit Windows, OSX, and Linux?  Yup.  Word is that it affects Android, too though I haven't seen any claims of exploits in the wild yet.

What does this have to do with wireless?  The same trick that we can use to do horrible things to an iPhone (MSF-Airpwn or a Karma AP) could do content replacement and push a malicious flash file to the phone for any website viewed.

The Android security model is slightly different and this vulnerability doesn't appear to give any direct path to root, however since many Android phones have vulnerabilities which allow root escalation from a local user (beloved of jailbreakers everywhere, just like the bugs in iOS) it's not implausible to be concerned about the risks here.

Once the exploit is in your browser, all your cached credentials are at risk, anyhow.

Adobe has just today released a Flash update for Android which fixes this flaw, but I think we'll be seeing vulnerable versions in the wild for some time to come:  It appears anything which shipped with Flash pre-installed (such as the Droid 2) doesn't have the apk marked as a market download, which means the market app doesn't look for updates.  Only manually searching for Flash and installing it from the market will get you a non-vulnerable version.  Users where Flash was a mandatory market download (Droid 1 2.2, Nexus One) should get an update alert, fortunately.

Related, the Y5 Battery Saver App is intended to conserve battery by turning off wireless, but has interesting security implications too, especially if you are forced to use a cloaked wireless network.  Instead of probing for previously saved networks when you are nowhere near them, Y5 will use the "free" (as in "your phone is always computing it") rough geolocation derived from cell tower location to determine if wifi should be enabled or not. 

It won't save you from getting owned on an open, compromised, or duped network, but it will keep your phone from connecting to random wifi with the same name or falling victim to Karma or similar spoofing attacks when you're away from home.  And maybe it will save some battery in the long run.