Android 'wipe' Feature Information Disclosure Vulnerability
BID:52568
Info
Android 'wipe' Feature Information Disclosure Vulnerability
| Bugtraq ID: | 52568 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 19 2012 12:00AM |
| Updated: | Mar 19 2012 12:00AM |
| Credit: | Jan of the Hatforce Team |
| Vulnerable: |
Open Handset Alliance Android 2.3.6 |
| Not Vulnerable: | |
Discussion
Android 'wipe' Feature Information Disclosure Vulnerability
Android is prone to an information-disclosure vulnerability.
This may result in a false sense of security if users wipe their phone data and expect this data to be completely erased from the device.
An attacker with physical access can exploit this issue to obtain potentially sensitive information. Information obtained may aid in further attacks.
Android is prone to an information-disclosure vulnerability.
This may result in a false sense of security if users wipe their phone data and expect this data to be completely erased from the device.
An attacker with physical access can exploit this issue to obtain potentially sensitive information. Information obtained may aid in further attacks.
Exploit / POC
Android 'wipe' Feature Information Disclosure Vulnerability
An attacker requires physical access to an affected device to exploit this issue.
An attacker requires physical access to an affected device to exploit this issue.
Solution / Fix
Android 'wipe' Feature Information Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Android 'wipe' Feature Information Disclosure Vulnerability
References:
References:
- Android Homepage (Google)
- Android wipe unreliable (Hatforce)