J
Jeff Causey
Guest
In Tokyo, Japan, at the PacSec conference, security researcher Guang Gong revealed an exploit he developed over the past three months that enables a hacker to take control of an Android phone with no user interaction outside of clinking on a link in the Chrome browser. The exploit targets the JavaScript v8 engine in order to open the device up to delivery and installation of malicious code.
To demonstrate the exploit, Guang Gong used a Project Fi Nexus 6 and showed how he was able to install a BMX Bike game. Once he had access to the device, he succeeded in installing the app without requiring the end user to take any further action.
The exploit is also notable in the simplicity of the attack. Most hacking attempts designed to take control of a device and be able to load an app with no additional interaction require several vulnerabilities to be successfully installed. Gong’s hack only requires the user to visit the single malicious link.
If there is any good news related to this discovery it is that Gong is on the side of the good guys, trying to find exploits in an effort to make things better. The code he developed has been provided to Google so their researchers can verify the severity and develop a patch to secure Android smartphones.
source: The Register
via: 9to5Google
Come comment on this article: Vulnerability in Chrome could allow attackers to take control of Android devices
Visit TalkAndroid for Android news, Android guides, and much more!
News via TalkAndroid