Firefox Browser Exploit Permits Hackers To Hijack Your Android Cellphone Over Wi-Fi

Advertisement
hero attack

hero attack
If any of you on the market are operating the Firefox browser app for Android, please replace instantly. Variations under Firefox model 79 on cellular are weak to exploitation of Android intent URIs. This assault makes use of SSDP payloads to set off actions with out person interplay.

In line with exploit researcher Chris Moberly, the exploit he discovered is a approach to trick Firefox on Android into operating purposes. The easy service discovery protocol (SSDP) engine in Firefox could be despatched payloads which trick it into operating Android intent URIs. Android intent URIs are “messages which request actions from one other app element,” in line with the developer website for Android. Intents can be utilized to obtain information, ship messages, or take photos.
The exploit Moberly discovered doesn’t require something from the sufferer except for them simply being on the identical Wi-Fi community because the attacker. Technically talking, weak variations of Firefox ship out SSDP discovery messages to which an attacker can reply. The reply can come within the type of a SSDP server that sends an Android Intent URI which Firefox would then run. These intents are restricted to “predefined software intents,” nonetheless it may be used to escalate to different apps and enhance attacker privileges.

Fortunately, Moberly is a white hat form of man, and he labored with Mozilla on the problem. The vulnerability was discovered when a mass replace was rolling out, so he was in a position to step in and assist get it mounted earlier than full launch. As he states, “I reported the problem on to Mozilla, simply to be protected. They responded straight away and have been fairly nice to work with, offering some good data on the place precisely this bug got here from.”

Though this may very well be a harmful exploit, his thought of enjoyable is attention-grabbing, as he writes that “As a ultimate thought, this most positively might have been an epic rick roll, the place everybody within the room operating Firefox tried to determine what the heck was occurring.” The exploit has since been squashed for brand spanking new variations of Firefox, so ensure you have the newest replace and watch out of what open Wi-Fi networks that you simply frequent. You have no idea if an attacker is “by no means gonna provide you with up.”

Supply from hothardware.com

You may also like