Critical Bypass Flaw “Same Origin Policy” Is Found On Samsung Android Browser

0
3227
same origin policy

The browser application has detected a critical security hole which is Same Origin Policy (SOP) installed on hundreds of millions of Samsung Android devices that would allow an attacker to steal data from browser tabs when a user visits an attacker’s website.

Identified as CVE-2017-17692, this gap exists in the Bypass Same Origin Policy (SOP) included in version 5.4.02.3 of the browser Samsung Internet Explorer and earlier versions.

The same identity principle or SOP (Same Origin Policy) is a security feature used in modern browsers to interact with websites from the same website, preventing mutual interference of unrelated websites.

Also Read: Nissan Canada Finance Suffered A Data Breach Of 1.13 Million Customers

In other words, the SPO guarantees that the JavaScript code of the source cannot access the properties of the website of another origin.

SOP(Same Origin Policy) may bypass the vulnerability of the Samsung Internet browser discovered by Dhiraj Mishra, which may allow a malicious website to steal data, such as passwords or cookies from pages opened by the victim on different cards.

“If the Samsung web browser opens a new tab in a specific domain (e.g., Google.com) using a JavaScript action, JavaScript can after the approval and rewrite the contents of this page as needed.” According to scientists from the security company Rapid7.

Also Read: Top Android Remote Administration Tool (RAT) Of 2017

“This is not not in the browser design, because it means that JavaScript may violate the same rules of origin and control the JavaScript activity of the page (which is controlled by the attacker) to another in the context of What else, an attacker can enter a custom JavaScript code into each domain, provided that the victim visits a website controlled by the attacker for the first time. ”

Attackers can even track a copy of the cookie session or hack into your session and read and write Internet mail on your behalf.

Mishra reported a security hole in Samsung, and the company replied that “the patch is already installed in our next Galaxy Note 8, and the application will be updated in October by updating the app store.”

In the meantime, with the help of Tod Beardsley and Jeffrey Martin of Rapid7, Mishra released the feat for the Metasploit Framework.

Also Read: When Will Be Super Bowl 2018? Date, Location, And Odds

Researchers from Rapid7 also published video demonstrating the attack.

Because the exploit code for Metasploit for the Same Origin Policy (SOP) gap bypasses the vulnerability in the Samsung browser, it is now publicly available, anyone with less technical knowledge can exploit this vulnerability on a large number of Samsung devices, most of which are still in use. Use Android Stock Browser.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.