a gaping flaw in Firefox allowed to hack any Android smartphone


Security researcher Chris Moberly has just revealed a particularly huge flaw that exists in the Firefox browser for Android. It allowed a hacker to take control of the smartphone automatically and remotely, without any interaction with the user. You just had to be on the same local network.

The root of this problem was in the way Firefox tries to connect to third-party displays using UPnP. To find these devices, the browser regularly sends discovery messages such as SSDP (Simple Service Discovery Protocol). The terminal responds by indicating the path to the XML file that describes its UPnP service.

But thanks to this flaw, it was possible to insert an “Android Intent” type address, which allows applications to be automatically launched. So it was enough to place a malicious SSDP server on a network, and all smartphones obeyed their finger and eye. This flaw has been fixed with the version Firefox for Android 79.

Source: Chris Moberly

Source link


Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button