The Android Same Origin Policy (SOP) vulnerability (CVE-2014-6041) was first disclosed right at the beginning of September 2014 by an independent security researcher Rafay Baloch. He found that the AOSP (Android Open Source Platform) browser installed on Android 4.2.1 is vulnerable to Same Origin Policy (SOP) bypass bug that allows one website to steal data from another.
Security researchers at Trend micro in collaboration with Facebook have discovered many cases of Facebook users being targeted by cyber attacks that actively attempt to exploit this particular flaw in the web browser because the Metasploit exploit code is publicly available, which made the exploitation of the vulnerability much easier.
The Same Origin Policy is one of the guiding principles that seek to protect users’ browsing experience. The SOP is actually designed to prevent pages from loading code that is not part of their own resource, ensuring that no third-party can inject code without the authorization of the owner of the website.
In this particular attack, a link will be served using a particular Facebook page that could lead Facebook users to a malicious website.
- Adding Friends
- Like and Follow any Facebook page
- Modify Subscriptions
- Authorize Facebook apps to access the user’s public profile, friends list, birthday information, likes.
- To steal the victim’s access tokens and upload them to their server.
- Collect analytics data (such as victims’ location, HTTP referrer, etc.) using the legitimate service.
Security researchers have observed that the cyber crooks behind this campaign rely on an official BlackBerry app maintained by BlackBerry in order to steal the access tokens and thus hacking Facebook accounts. Using the name of a trusted developer like BlackBerry, the attacker want the campaign to remain undetected. Trend Micro reported BlackBerry about their findings.
"The mobile malware using the Android SOP Exploit (Android Same Origin Policy Bypass Exploit) is designed to target Facebook users regardless of their mobile device platform," Blackberry told Trend Micro in a statement. "However, it attempts to take advantage of the trusted BlackBerry brand name by using our Facebook web app. BlackBerry is continuously working with Trend Micro and Facebook to detect and mitigate this attack. Note that the issue is not a result of an exploit to Blackberry’s hardware, software, or network."
Trend Micro is working together with Facebook and BlackBerry in an attempt to detect the attack and prevent the attack from being carried out against new Android users.
All Android devices upto Android 4.4 KitKat are vulnerable to this SOP vulnerability. However, a patch was offered by Google back in September, but millions of Android smartphones users are still vulnerable to the attack because the manufacturer of the smartphone no longer pushes the update to its customers or the device itself does not support a newer edition of the operating system.
The SOP vulnerability resides in the browser of the Android devices, which can't be uninstalled because it's usually part of the operating system in-build feature. So, in order to protect yourself, just Disable the BROWSER from your Android devices by going to Settings > Apps > All and looking for its icon. By opening it, you’ll find a DISABLE button, Select it and disable the Browser.