Security researchers have discovered a critical vulnerability in Google’s Android 2.3 Gingerbread operating system.
Researchers at North Carolina State University revealed that a similar vulnerability was found in Android 2.2 but it was reportedly fixed by Google in 2.3 Gingerbread. The researchers claimed that Google failed to permanently fix the bug and it could still be exploited.
The hole in the system could allow hackers to access the data stored on a device’s memory card.
Xuxian Jiang, an assistant professor at NC State's Department of Computer Science, said that the vulnerability could allow a hacker to obtain a full list of applications installed on the device, upload the applications to a remote server and even read and download the files stored on a user’s memory card.
“Unfortunately, our finding here is that the patch contained in Android 2.3 is not an ultimate fix and can still be bypassed. We have a proof-of-concept exploit with a stock Nexus S phone and are able to successfully exploit the vulnerability to steal potentially personal information from the phone,” he said in his report.