A security expert working at Alert Logic has published a demonstration back door exploit for smartphones running Android. Criminals could use the principles of this exploit to gain control of a phone and install trojans. A potential victim need only call a malicious web site for infection to occur.
The example exploit will open the back door for demonstration purposes only on the fixed IP address 10.0.2.2 on port 2222. Although as it stands, the demo exploit is harmless, for an experienced cracker it would be relatively easy to customise the shellcode to create a malicious version. In a test conducted by The H's associates at heise Security with an HTC Wildfire (Android 2.1), the exploit only caused a browser crash. Officially, the exploit only is only effective on Motorola's Droid 2.0.1, 2.1, and the test was successful on an emulation of 2.0 - 1.2.

The link for this article located at H Security is no longer available.