The exploit targets the JavaScript v8 engine and researchers say that the exploit does not require multiple chained vulnerabilities
A new exploit in Chrome for Android can comprise virtually any handset running the latest version of the OS. The exploit was showcased by a researcher from Quihoo 360, a Chinese internet security company. The researcher, Guang Gong, demonstrated the exploit at MobilePwn2Own during the PacSec conference in Tokyo. The exploit was developed over three months and targets the JavaScript v8 engine. Researchers say that the exploit does not require multiple chained vulnerabilities and works in one shot.
PacSec organiser, Dragos Ruiu told Vulture South that the exploit was demonstrated on a new Google Project Fi Nexus 6. He said, “The impressive thing about Guang's exploit is that it was one shot; most people these days have to exploit several vulnerabilities to get privileged access and load software without interaction.” He said that as soon as the phone accessed a specific website, the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application without any user interaction. He added, “The vuln being in recent version of Chrome should work on all Android phones; we were checking his exploit specifically but you could recode it for any Android target since he was hitting the JavaScript engine.” A Google security engineer was on site and Ruiu said that the company will probably pay Gong a security bug bounty as details of the exploit were not disclosed.
In August, it was reported that two security researchers at the Black Hat conference revealed that the fingerprint scanner on Android devices is vulnerable to being hacked. Tao Wei and Yulong Zhong of Fire Inc. showed that hackers can remotely lift fingerprints from Android devices. They talked about how design flaws in TrustZone, the ARM technology that comes embedded in modern day smartphones, allows a ‘sensor spying attack’ collect a user’s fingerprint data. Phones like the HTC One Max and Samsung Galaxy S5 were shown to be vulnerable to spy attacks as the device makers haven’t locked down the sensor completely. The researchers revealed that once a hack is placed on a phone, it can continue to collect fingerprint data of anyone who uses the sensor.
Earlier this month, Zerodium’s $1 million bounty for hacking iOS 9 was apparently claimed. The company had given hackers till October 31 to come up with a zero-day exploit of the iOS 9 OS. The company posted a tweet on its Twitter account which said, “Our iOS #0day bounty has expired & we have one winning team who made a remote browser-based iOS 9.1/9.2b #jailbreak (untethered). Congrats!”
Source: The Register
Follow Us
Shrey Pacheco
Writer, gamer, and hater of public transport. View Full Profile
