this post was submitted on 26 Jun 2023
131 points (100.0% liked)

Technology

37735 readers
55 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

A dev recently discovered a browser built into the settings (for any google app that lets you edit settings). From there you can bypass parental controls or enterprise restrictions.

This is a pretty exciting "extra feature", Google!

top 21 comments
sorted by: hot top controversial new old
[–] sibloure 78 points 1 year ago (3 children)

This is kinda funny. During a family vacation as a kid, I went down to the hotel business center to use a computer kiosk but it required payment. I was bored so I was clicking around on the locked screen's hotel logo and got to their company about page, and a bit more link clicking eventually got me out of the company's website and to a google search page. I browsed for free for what seemed like an hour and did it again the next day before we went home.

[–] variants_of_concern@lemmy.one 23 points 1 year ago (3 children)

boredom has made me the man I am today, its tough now a days to get bored and not pull out your phone and browse lemmy instead of doing your hobbies

load more comments (3 replies)
[–] troyunrau@lemmy.ca 11 points 1 year ago (2 children)

I have a memory of something similar at a travel tourism kiosk. Kiosk was locked to their webpage. Right clicked an image, chose "save as", navigated to something with a folder, right clicked and chose "Open in New Window" (might be misrembering -- older version of windows) to pop up Windows Explorer. Windows Explorer, at the time, embedded Internet Explorer 4 if you typed a URL in the address bar, so off the races I was.

Life before smartphones, man.

[–] spunker88@kbin.social 7 points 1 year ago (1 children)

The older versions of IE back in the Windows 9X era would essentially turn into Windows Explorer if you put a local file path into them. I remember using this exploit back in the day on our school computers that ran a locked down version of Windows where you couldn't browse anything in Windows Explorer beyond your personal network folder. I found that by typing C:/ into the IE address bar it would turn IE into Windows Explorer mode and from there I had full access to the C drive and could even open up the folder tree sidebar thing and browse the local network, finding all sorts of folders that I wasn't supposed to be able to access.

[–] troyunrau@lemmy.ca 1 points 1 year ago (1 children)

Right! Just typing C:\Windows\command.com in the address bar was usually enough to completely control a system :)

[–] sibloure 1 points 1 year ago

That is evil genius and I love it.

[–] sibloure 2 points 1 year ago

Haha, yes! Sounds about right. Someone could create a puzzle game where you trying to escape a vendor kiosk and it gets progressively more complex as you go on.

[–] lemann@lemmy.one 3 points 1 year ago

I took every chance at exploiting internet browsing kiosks for free access before the age of smartphones 😅

[–] TWeaK@lemm.ee 31 points 1 year ago (3 children)

This isn't a secret browser, it's Android System Webview - the system browser apps use when they aren't a browser.

What they've found here is a route to google.com from a webview page accessed from within the settings.

[–] wet_lettuce 6 points 1 year ago (1 children)

100% but I believe these are typically locked down to one domain, and in this case its not.

At least thats how I understand it. So I guess the article is a little misleading in that sense, but the net effect is the same. You have carte blanche access to the web, via android system webview, thats acting as a de-facto out-of-band browser. So its misconfigured or not locked down, which means you can use it effectively as a "hidden" browser.

[–] TWeaK@lemm.ee 6 points 1 year ago

ASW isn't locked down to any domains though, it's just a basic browser, one that typically doesn't let you type in a url to go to any other domains. It's not locked down, you're just limited in how you can navigate.

What happened here is someone managed to navigate from one page to another page and then another, in order to ultimately get to google.com and search for whatever page they wanted. The initial web pages presented linked outside of what it maybe should have.

Whether ASW should be under parental controls is another matter. Apparently it isn't (at least not parental controls that affect only installed browser apps) but that could have valid functional reasons behind it.

It's even listed in the apps section in the settings app.

[–] sznio 1 points 1 year ago* (last edited 1 year ago)

I think the mm object is the most worrying thing about this, not the fact that it's a standard WebView.

[–] MyMulligan@lemmy.one 12 points 1 year ago (3 children)

Curious if someone in an abusive relationship could use this trick if their phone was being monitored. If the abuser was just monitoring them with the phone's parental controls this would work but if there was an app probably not?

[–] Moonrise2473@feddit.it 3 points 1 year ago (1 children)

the was a news here on lemmy where someone got in prison because the local county has put some malware in the phone. It logged a single request to Pornhub, so the guy bail was revoked

[–] conciselyverbose@kbin.social 4 points 1 year ago (1 children)

Not his phone. There are circumstances where that would be defensible.

They put their malware on his wife and kids' phones.

[–] ImHereForVorePorn@yiffit.net 1 points 1 year ago

Extremely fucked up.

[–] troyunrau@lemmy.ca 2 points 1 year ago

Unfortunately, it's hard to discover this trick on its own, unless you're already clever enough to find other ways around it.

load more comments (1 replies)
[–] CanadaPlus@lemmy.sdf.org 6 points 1 year ago

Lol, sort of confession time. I was writing an essay for a major exam once, and I tried using Word's built-in search function just to see if it would work. It did, and nobody was the wiser.

I didn't actually cheat; I didn't need to. But, I felt proud for figuring out a way I could have, haha.

[–] grey@discuss.tchncs.de 4 points 1 year ago

That's still pretty bad. I'm surprised google didn't think so.

load more comments
view more: next ›