Pakistani helps Google prevent security disaster

| | No Comments



STAFF REPORT ISB: A Pakistani security researcher, Rafay Baloch, has helped Google in preventing a privacy disaster. In a blog post published a month ago, Rafay detailed how the Same Origin Policy (SOP) protection used by modern browsers on Android could be bypassed.

According to details, the bug identified by Rafay potentially affected anyone who wasnt running the latest Android KitKat 4.4, which means that more than 75 per cent of Android devices and millions of users were vulnerable.

Simply put, if you used the Android browser which is default choice on all Android versions except KitKat 4.4, any malicious website could access data from other webpages.

As Baloch found out, a particularly constructed script could ignore the SOP entirely and allow attackers to pull site login info, cookies and data from other websites to use as they liked.

According to Baloch, he tried to contact Google with the details of the exploit in mid-August but he was met with the response that it couldnt be replicated. It was only after a blog post about the SOP bypass on Balochs blog that Google took notice and said that the exploit could, in fact, be replicated.

Google has refused any further communication on the matter.

Rafay Baloch has been previously acknowledged by PayPal, Microsoft, ESET and eBay for reporting bugs and flaws in their systems.


--

Published in: Volume 05 Issue 38

Short Link: http://www.technologytimes.pk/?p=12096