While the attack takes the form of a browser window on the target device launching without the users’ permission, it can also be used for other malicious activities, such as auto-playing video that were not initiated by the owner of the mobile device.
Originally discovered by security researcher Chris Moberly, the vulnerability resides in the Simple Service Discovery Protocol (SSDP) engine of Firefox for Android browser which can be exploited by hackers to target smartphones connected on the same Wi-Fi network as the attacker, with the Firefox browser app installed.
How Attackers can Hijack Firefox for Android via Wi-Fi Network
SSDP is a UDP based protocol which is a part of UPnP, used for finding other devices on a network. And Firefox browser on Android periodically sends out SSDP discovery messages to devices connected to the same network, seeking for second-screen devices to cast.
Devices on the local network can respond to the broadcasts, and provide location information, after which, Firefox attempts to access the location to find an XML file conforming to the UPnP specifications. Now, the SSDP engine of a victim's Firefox browser can be tricked into triggering an Android intent by simply replacing the location of the XML file in the response packet with a maliciously crafted message pointing to an Android intent URI.
Thus, any attacker connected to the same Wi-Fi network can run a malicious SSDP server on device and trigger intent-based commands on nearby Android devices via Firefox browser, without requiring any form of interaction from the victims.
How to Mitigate against the Firefox for Android bug
Mozilla has issued a patch for the Firefox for Android bug, with the release of Firefox for Android 79, and the direct successor to version 68.11.0. Therefore, it is recommended that all Firefox for Android users should update their browser to the latest browser version 79, or even better, version 80, immediately.
And you can verify if your Firefox for Android browser is up-to-date by navigating to “Settings -> About Firefox” and looking for the version number.
No comments