Click here to load reader
Upload
cyber-security-infotech
View
103
Download
1
Embed Size (px)
Citation preview
Researcher Hijacks Android Phone through Chrome Vulnerability
Over the past few months, Google has been busy squashing security vulnerabilities in its fashionable
humanoid mobile software system, however several stay undiscovered, and a few may be simply
exploited.
Chinese man of science Guang Gong from Qihoo 360 incontestable at MobilePwn2Own at the PacSec
conference in Tokyo however associate humanoid device running the newest version of the software
system may be hijacked by exploiting a JavaScript v8 vulnerability through the Chrome browser.
Granted, the safety flaw failed to reside within the humanoid OS itself, however devices running on the
platform square measure vulnerable.
Gong discovered a JavaScript v8 vulnerability in Chrome for humanoid that allowed him to put in
associate impulsive application on the affected device, during this case a BMX Bike game, while not
requiring any user interaction, PacSec organizer Dragos Ruiu explained in a very Google+ post. As long as
Chrome is employed to navigate to a malicious web site associate assailant established, the device may
be infected.
The exploit was incontestable on a Google Project Fi Nexus vi running the newest humanoid vi.0 candy
build and with all applications up-to-date. The man of science incontestable that the vulnerability might
offer associate assailant with complete management of the device, which palmy exploitation doesn't
need chaining multiple vulnerabilities.
This ammo exploit was discovered when three-months of labor, Ruiu said, however precise details on
the safety flaw weren't publically disclosed. in keeping with Ruiu, the exploit was tested on alternative
devices also, and it worked on all of them.
Given that the vulnerability is within the JavaScript engine in Chrome, it's believed to have an effect on
all humanoid versions with the newest version of the browser put in. Details on the vulnerability were
handed to a Chrome engineer at the conference, Ruiu proclaimed via Twitter.
Unfortunately for Gong, his presentation at the conference failed to end in an on the spot reward for his
efforts, tho' it's seemingly that Google can reward him for locating the vulnerability, because the
company incorporates a bug bounty program established for Chrome and Chrome OS.
“Since we do not have any lavish prizes for him, i am transferral him to North American nation next year
for a few skiing/snowboarding at CanSecWest,” Ruiu aforementioned, thus it appears that a prize are
returning from the PacSec organizers.
Google can presumably resolve the vulnerability presently, albeit the small print on the exploit haven’t
been created public as of currently. Security researchers have discovered a series of vital humanoid
vulnerabilities this year, as well as the fearfulness flaw that affected near a billion devices, and a
fearfulness a pair of issue suspected to have an effect on devices running all humanoid versions,
beginning with the initial unharness.
Cyber Security Infotech Pvt Ltd. Founded in 2012, the organization aims towards providing
Information Security Services and Process Improving Consulting services. Members of CSI have
attained excellence in providing end-to-end consulting services across sectors including but not
limited to Banks, Airports, Finance, IT, Retails etc. With the core team comprising of domain experts
with over a decade of experience, we at CSI help organizations to reduce risks and enhance their
competitive advantage over others. http://www.csinfotech.org/