Dangerous Android exploit could turn over complete control of an Android handset to a hacker

Dangerous Android exploit could turn over complete control of an Android handset to a hacker
A new exploit discovered in the latest Chrome for Android app, is a threat to all Android handsets. There is much at stake since the exploit can allow a hacker to grab total control of an Android device away from its owner. A security researcher revealed the exploit at the PacSec conference in Tokyo. A flaw in JavaScript v8 is believed to be at the center of this issue.

Unlike other exploits that require multiple vulnerabilities to execute, this new security issue can be unleashed in "one shot." In addition, all Android handsets are threatened, even those running the latest version of Google's open source OS. A hacker could, in theory, get an Android user to open a malicious website on his/her handset, which would eventually allow the hacker to control all aspects of the phone. Obviously, this would allow the hacker to learn all of the private information that the phone owner has stored on his/her device. That could include account numbers, passwords, and other financial information.

At the conference, the bug was demonstrated to those in attendance on a Nexus 6 running on Google's Project Fi hybrid MVNO service. A Google security expert was at the conference and received the exploit. Since the exploit isn't out in the public, and Google knows about it, we should see a security patch sent out via an OTA update in the not too distant future.


The bug was discovered by Quihoo 360 researcher Guang Gong, who presented it at PacSec. It took him three months to develop the exploit.

source: TheRegister via SlashGear

FEATURED VIDEO

29 Comments

1. NoToFanboys

Posts: 3231; Member since: Oct 03, 2015

iTrolls rejoice!

6. PapaSmurf

Posts: 10457; Member since: May 14, 2012

"Since the exploit isn't out in the public, and Google knows about it, we should see a security patch sent out via an OTA update in the not too distant future." Click bait article once again.

13. nepalisherpa

Posts: 338; Member since: Jul 17, 2015

You are the one who trolled first.

4. TyrionLannister unregistered

PA will help in spreading this bug, especially with the loads of auto-redirect ads they have on smartphone.

5. PapaSmurf

Posts: 10457; Member since: May 14, 2012

You sir win the internet for the day.

7. Taters

Posts: 6474; Member since: Jan 28, 2013

Wow! Is hacking where the money is at now? Google is stupid for making that program, it just hurts their image having these things reported constantly and tarnishing their image. You have to be like Apple. Don't make a team to find exploits, just don't be transparent at all and sweep things under the rug and pretend to be secure. If someone hated me this much to go to these lengths to hack and spy me, I am sure he could probably just sniper rifle me at work and it would be easier. Lol

20. An.Awesome.Guy

Posts: 636; Member since: Jan 12, 2015

I don't agree on that, even if the OS was closed then I am sure there will be hackers who would try their best to find an exploit. They did that on MAC. If someone will send a virus like that ,then the victims phone will have a message like either give $2000 to that account or your phone will be deleted or your info will be on the internet. In case there is $10000, then think about how many of them would pay.

8. Piyath_ale

Posts: 79; Member since: Nov 02, 2015

Oh what a pity..

9. roscuthiii

Posts: 2383; Member since: Jul 18, 2010

Uh, if it's a JavaScript exploit... What if you have JavaScript disabled?

17. drifter77

Posts: 401; Member since: Jun 12, 2015

It will hinder web pages running javascript and you'll get errors when browsing.

18. roscuthiii

Posts: 2383; Member since: Jul 18, 2010

I generally run with it disabled, and enable as needed per site. Haven't run into any issues really where I've actually missed it. (So far)

10. srk_s_rao unregistered

So what, is he going to take my phone..

11. HumbleJ06

Posts: 98; Member since: Aug 10, 2015

So if you uninstall Chrome there is no way for the exploit to work, correct?

16. roscuthiii

Posts: 2383; Member since: Jul 18, 2010

Typical PA article... Long on FUD, short on facts.

19. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

No one using an Android or IOS or any other mobile device has ever been hacked in the wild. The fact is this is just stupid banter.

22. Awalker

Posts: 1977; Member since: Aug 15, 2013

What some people fail to understand is that Google dishes out a lot money if someone finds a serious flaw in Android. It's in their best interest to make the OS as safe as possible and paying people to find exploits accomplishes that. A patch should come either through a Chrome update or the December security update.

24. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

Yes I agree. I'm. Otherwise saying goes they should protect their investment. I'm just saying no one in the wild has ever reported being hacked.

21. avalon2105

Posts: 352; Member since: Jul 12, 2014

Chrome uninstalled long time ago. JS disabled in AOSP browser long time ago. This exploit concerns me like last year's snow.

25. sprockkets

Posts: 1612; Member since: Jan 16, 2012

Uh, if it is a flaw with chrome then no OTA update is necessary, just an update to the app which everyone can get unless they are 4.0 or lower. Heck, Chrome doesn't have complete control of the phone anyhow. It probably has to leverage other exploits.

26. Kary1

Posts: 300; Member since: Jun 26, 2015

Too bad it took 6 hours for there to be one decent post (sprockkets' post).

27. sprockkets

Posts: 1612; Member since: Jan 16, 2012

I try but I usually avoid the melee that typically is here. Not saying the above research is wrong, just perhaps a bit off. Just like the stupid story about root malware that is impossible to remove - just reinstall a stock image.

29. oozz009

Posts: 520; Member since: Jun 22, 2015

BAD Andoid:D I think they might end up in the world guiness book for the most exploited OS in history.

32. Plutonium239

Posts: 1215; Member since: Mar 17, 2015

No, that title belongs to OS-X Yosemite. Android's vulnerabilities don't even compare.

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.