I tested this exploit on my own phone running 2.3 and found that it was still effective, but only after making sure my phone was set up precisely the right way. I needed to have a specific IP address, for example, and the vuln required a rather complicated means of designating an address; hexadecimal and then placed in reverse byte order. It also required having netcat listening on a specific port, not to mention the android user must also be hooked to the attackers webpage, either through port redirecting or social engineering. And after it was all said and done, you had to know what you were looking for on the sd card (being the attacker) since you were operating pretty much blind. All in all, id say there are bigger, easier ways to exploit someone's device we need to worry about before this method.
Ian -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
