Attackers can hijack an Android phone just by convincing you to click on a link to an infected website
Another day, another hole in smartphone security.
Security researcher Guang Gong recently discovered an exploit in Android phones that allows for an attacker to gain control of a person's phone if they click on a link to a website containing malicious code, The Register reports. The attacker then has the ability to download additional apps to the infected device without the user's interaction.
This latest exploit, which thankfully has yet to appear in the wild, was highlighted by Gong during his participation in hacking contest MobilePwn2Own during the 2015 PacSec conference in Tokyo. As part of his prize, he won a trip to the 2016 CanSecWest security conference, and could also end up receiving a bug bounty from Google, who was made aware of the exploit.
Gong discovered the vulnerability involved the manipulation of the V8 JavaScript engine and showed the weakness was present in essentially all versions of Google's Android OS. He even demonstrated that the vulnerability affected new products, such as the Nexus 6.
While details were sparse, Gong said it took him three months of work prior to the competition to find the hole.
"The impressive thing about Guang's exploit is that it was one shot; most people these days have to exploit several vulnerabilities to get privileged access and load software without interaction," PacSec organizer, Dragos Ruiu, told The Register's Vulture South . "As soon as the phone accessed the website the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application (in this case a BMX Bike game) without any user interaction to demonstrate complete control of the phone."
- I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
- Colon cancer rates are rising in young people. If you have two symptoms you should get a colonoscopy, a GI oncologist says.
- Saudi Arabia wants China to help fund its struggling $500 billion Neom megaproject. Investors may not be too excited.
- Catan adds climate change to the latest edition of the world-famous board game
- Tired of blatant misinformation in the media? This video game can help you and your family fight fake news!
- Tired of blatant misinformation in the media? This video game can help you and your family fight fake news!
- JNK India IPO allotment – How to check allotment, GMP, listing date and more
- Indian Army unveils selfie point at Hombotingla Pass ahead of 25th anniversary of Kargil Vijay Diwas