Any Android Devices are at Risk to Chrome Exploits

Android-chrome-exploitA critical vulnerability in Chrome for Android has been reported that makes it possible for attackers to take over a device without notice. The vulnerability was demonstrated and tackled  at the MobilePwn2Own, PacSec conference in Tokyo where the researcher believes that the vulnerability affects no exceptions, all versions of Android capable of running the latest version of Chrome.

The Qihoo 360 researcher Guang Gong the one who showcased the exploit. The vulnerability is said to reside in JavaScript v8, which is the Google’s open source JavaScript engine and for the vulnerability to be exploited, users needs to be wisely  tricked to visit a malicious website using Chrome Web browser, sometimes it redirect the user.

Once the user goes to that page on the browser, the attacker  then be able to install an arbitrary application and gain the full privileges of the device. The researcher noted that the attack was “one shot exploit,” which essentially means that it takes just one vulnerability and is enough to perform the attack. The exploit worked on many other Android devices as well

What’s impressive thing about Guang’s exploit is that it was just one shot; most people these days have to do exploit several vulnerabilities before it gets the privileged access and load software without interaction.
android-vulnerability
Once the phone accessed the malicious website, the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application (in this case a BMX Bike game) without any user interaction to demonstrate complete control of the phone, without prior notice and consumer’s knowledge.

Working details of the vulnerability haven’t been disclosed yet and it is said that Google had been made aware of the vulnerability and started something to counterpart the issue.

At the same event at the demo, the two security researchers managed to trick the non-rooted  Samsung Galaxy S6, Galaxy S6 Edge, and the Galaxy Note 4 to connect to a compromised malicious base station and had the calls and messages go through it and as a result of which, a victim’s calls and messages could be intercepted.

As for the rooted Android devices, vulnerabilities come  just easily and without interaction. With rooted devices, viruses, malware, adware and other vulnerabilities are so much welcome, thus putting your Android device and your self at greater risk of insecurity and dangers.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s