Researcher Hijacks Android Phone through Chrome Vulnerability

Over the past few months, Google has been busy squashing security vulnerabilities in its fashionable

humanoid mobile software system, however several stay undiscovered, and a few may be simply

exploited.

Chinese man of science Guang Gong from Qihoo 360 incontestable at MobilePwn2Own at the PacSec

conference in Tokyo however associate humanoid device running the newest version of the software

system may be hijacked by exploiting a JavaScript v8 vulnerability through the Chrome browser.

Granted, the safety flaw failed to reside within the humanoid OS itself, however devices running on the

platform square measure vulnerable.

Gong discovered a JavaScript v8 vulnerability in Chrome for humanoid that allowed him to put in

associate impulsive application on the affected device, during this case a BMX Bike game, while not

requiring any user interaction, PacSec organizer Dragos Ruiu explained in a very Google+ post. As long as

Chrome is employed to navigate to a malicious web site associate assailant established, the device may

be infected.

The exploit was incontestable on a Google Project Fi Nexus vi running the newest humanoid vi.0 candy

build and with all applications up-to-date. The man of science incontestable that the vulnerability might

offer associate assailant with complete management of the device, which palmy exploitation doesn't

need chaining multiple vulnerabilities.

This ammo exploit was discovered when three-months of labor, Ruiu said, however precise details on

the safety flaw weren't publically disclosed. in keeping with Ruiu, the exploit was tested on alternative

devices also, and it worked on all of them.

Given that the vulnerability is within the JavaScript engine in Chrome, it's believed to have an effect on

all humanoid versions with the newest version of the browser put in. Details on the vulnerability were

handed to a Chrome engineer at the conference, Ruiu proclaimed via Twitter.

Unfortunately for Gong, his presentation at the conference failed to end in an on the spot reward for his

efforts, tho' it's seemingly that Google can reward him for locating the vulnerability, because the

company incorporates a bug bounty program established for Chrome and Chrome OS.

“Since we do not have any lavish prizes for him, i am transferral him to North American nation next year

for a few skiing/snowboarding at CanSecWest,” Ruiu aforementioned, thus it appears that a prize are

returning from the PacSec organizers.

Google can presumably resolve the vulnerability presently, albeit the small print on the exploit haven’t

been created public as of currently. Security researchers have discovered a series of vital humanoid

vulnerabilities this year, as well as the fearfulness flaw that affected near a billion devices, and a

fearfulness a pair of issue suspected to have an effect on devices running all humanoid versions,

beginning with the initial unharness.

Cyber Security Infotech Pvt Ltd. Founded in 2012, the organization aims towards providing

Information Security Services and Process Improving Consulting services. Members of CSI have

attained excellence in providing end-to-end consulting services across sectors including but not

limited to Banks, Airports, Finance, IT, Retails etc. With the core team comprising of domain experts

with over a decade of experience, we at CSI help organizations to reduce risks and enhance their

competitive advantage over others. http://www.csinfotech.org/