Firefox Browser Exploit Allows Hackers To Hijack Your Android Phone Over Wi-Fi
According to exploit researcher Chris Moberly, the exploit he found is a way to trick Firefox on Android into running applications. The simple service discovery protocol (SSDP) engine in Firefox can be sent payloads which trick it into running Android intent URIs. Android intent URIs are “messages which request actions from another app component,” according to the developer site for Android. Intents can be used to download files, send messages, or take pictures.
Found a neat little Firefox for Android bug. Current version is not vulnerable, please make sure you are up to date. :) https://t.co/p31XPGBsze pic.twitter.com/coG3tcMiAI
— initstring (@init_string) September 15, 2020
Thankfully, Moberly is a white hat kind of guy, and he worked with Mozilla on the issue. The vulnerability was found when a mass update was rolling out, so he was able to step in and help get it fixed before full launch. As he states, “I reported the issue directly to Mozilla, just to be safe. They responded right away and were quite pleasant to work with, providing some good info on where exactly this bug came from.”
Although this could be a dangerous exploit, his idea of fun is interesting, as he writes that “As a final thought, this most definitely could have been an epic rick roll, where everyone in the room running Firefox tried to figure out what the heck was going on.” The exploit has since been squashed for new versions of Firefox, so make sure you have the latest update and be careful of what open Wi-Fi networks that you frequent. You do not know if an attacker is “never gonna give you up.”