New Android Exploit Can Hack Your Phone From a Website

Here’s the good news: The exploit’s discoverer has disclosed it to Google, and he’ll likely get a good reward for his efforts.

Sourced through Scoop.it from: www.pcmag.com

Though we don’t have the exact details of how it works, a new exploit for Android devices can allegedly bypass the devices’ security systems in one shot. The attack, which uses some kind of JavaScript v8 exploit, can give said attacker complete administrative access to one’s device. And once that happens, the attacker can load any app he or she wants onto an Android phone, which could become a gateway for even more malware (or more exploits).   Quihoo 360 researcher Guang Gong showed off the attack at the Pwn2Own panel at yesterday’s PacSec conference in Tokyo. The most interesting thing about the demonstrated exploit is that an attacker doesn’t have to take advantage of any other separate exploits first. All a person has to do is use Chrome to visit a compromised website with the new exploit loaded in, and that’s it. Smartphone attacked.  The impressive thing about Guang’s exploit is that it was one shot; most people these days have to exploit several vulnerabilities to get privileged access and load software without interaction,” said PacSec organiser Dragos Ruiu, in an interview with Vulture South.  Bad news for those looking to take advantage of said exploit for their own nefarious purposes: Google representatives were alerted to the bug at the conference. Since Gong didn’t spill the details publicly about how the exploit works, he likely qualifies for some kind of cash reward via Google’s bug bounty programs. Exactly how much he might get remains a mystery at this point, as there are a number of factors that go into figuring out just how much exploit reporters receive for their efforts.  “In essence, our pledge to you is to respond promptly and fix bugs in a sensible timeframe – and in exchange, we ask for a reasonable advance notice. Reports that go against this principle will usually not qualify, but we will evaluate them on a case-by-case basis,” reads Google’s description.

See on Scoop.itInternet of Things – Technology focus

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s