Approaches to crash Android browser with Google's map and cache


ByAllaboutgeorge

According to the Internet fraud report in February 2013 announced by SOFTBANK Group's BB software service, an unusual approach has emerged as "detecting the way to exploit Google Maps on Android devices".

Internet fraud report (February 2013) | BB Soft Service Co., Ltd.
http://www.bbss.co.jp/company/news/2013/news_20130305.html


As a signature of the fraudulent site found this time, it says "I detected the way of browser crusher using Google's cache with an Android device", and browser crusher by mailto storm as a method. By activating many windows of e-mail software, it increases the load on the OS and causes the system to crash.

The method found this time is progressing this bracket method one more step, it is characterized by using Google map to disguise the URL as safe.

First of all, when you access the URL of "maps.google.com/ (directory) /", Google Maps will appear on the browser, but due to Google's specification, the URL after "/ (directory) /" With the parameter of, there is a specification that you can skip to other sites freely even in the maps.google.com domain.


Next, this specification is exploited, a malicious website is displayed in the browser, and the mail software is started by the script charged in the site.


As a result, as long as you continue to display this page, e-mail software is launched indefinitely and the system crashes. Especially because the URL is going to be safe to see at once, it is also characterized as being almost indeterminable by visual inspection.

Although the target URL is originally targeted at a personal computer, it has been found that the Android device and iPhone with iOS can be operated with the same mechanism, "even if it is an old method, for smartphones It is considered that there is a danger of being reused. "

in Mobile, Posted by darkhorse