Android Phone Hack Uses Chrome To Hijack OS In One Shot

Hackers have discovered a new exploit for the latest Android phones that works on every version of the OS running on the latest version of Chrome, according to Engadget.

While the specifics of the exploit are still unclear, Quihoo 360 researcher Guang Gong claims that it uses JavaScript v8 in order to obtain full administrative rights on the user's phone. In addition to Gong, a second hacking team from Germany also claims to have exploited the new Samsung phone, The Register reported.

"The impressive thing about Guang's exploit is that it was one shot; most people these days have to exploit several vulnerabilities to get privileged access and load software without interaction," said Dragos Ruiu, organizer of PacSec, the conference where Gong showcased the exploit. "As soon as the phone accessed the website the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application (in this case a BMX Bike game) without any user interaction to demonstrate complete control of the phone."

During the demonstration, Gong showed the audience how he could utilize the JavaScript v8 vulnerability to install an external app onto the phone without the authority of the user, according to Softpedia.

Google is likely going to pay Gong a bounty for the details of the exploit, which as of yet have not been revealed, The Register noted. The highest price for the bounty is $30,000.

Tags
Android, Phone, Hack, Hijack, Chrome, Google Chrome, Google, Os, Operating system, Hacker, Researcher, Germany, Samsung, Conference, Bounty, App, Application, Mobile, Mobile phone, Mobile phones
Real Time Analytics