Latest Android phones hijacked with tidy one-stop-Chrome-pop

Source: National Cyber Security – Produced By Gregory Evans

Latest Android phones hijacked with tidy one-stop-Chrome-pop

PacSec Google’s Chrome for Android has been popped in a single exploit that could lead to the compromise of any handset. The exploit, showcased at MobilePwn2Own at the PacSec conference in Tokyo yesterday but not disclosed in full detail, targets the JavaScript v8 engine. It can probably hose all modern and updated Android phones if users visit a malicious website. It is also notable in that it is a single clean exploit that does not require multiple chained vulnerabilities to work, the researchers say. Quihoo 360 researcher Guang Gong showcased the exploit which he developed over three months. PacSec organiser Dragos Ruiu told Vulture South the exploit was demonstrated on a new Google Project Fi Nexus 6. “The impressive thing about Guang’s exploit is that it was one shot; most people these days have to exploit several vulnerabilities to get privileged access and load software without interaction, ” Ruiu says. “As soon as the phone accessed the website the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application (in this case a BMX Bike game) without any user interaction to demonstrate complete control of the phone.” “The vuln being in recent version of Chrome should work on […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Latest Android phones hijacked with tidy one-stop-Chrome-pop appeared first on National Cyber Security.

View full post on National Cyber Security