Friday, November 13, 2015

Any Android-smartphone, you can grab a hyperlink –

Breaking any of Android-smartphone

The Web Google Chrome browser contains a vulnerability that allows to hack any Android-smartphone and gain control over it. This was the event MobilePwn2Own the conference PacSec in Tokyo told the researcher Guan Gong (Guang Gong) from the company Quihoo 360.

Gong told details of Google and has already been awarded for it’s free a trip to the CanSecWest conference in 2016. It may also receive monetary compensation.

particularly vulnerable

The vulnerability is in the component JavaScript-engine V8 in Google Chrome. No other details about the vulnerability Gong did not disclose. But marked feature of his findings: to crack the Android-smartphone, we need only this single vulnerability. This is a rare case, since hackers commonly exploit several vulnerabilities accounted for one attack, the researcher stressed.

Four months to exploit

The event in Tokyo researchers have demonstrated the vulnerability of smartphone Nexus 5. This machine Google previous generation. Nexus device first to receive updates Android, including security updates. According to Gong, to develop exploit it took him four months.

«As soon as the user opens an infected website by” holes “in the V8 in Chrome browser installs arbitrary application on the smartphone, without any user action “, – told the publication Vulture South organizer PacSec Dragos Ruyu (Dragos Ruiu). He added that Gong as an arbitrary application chose an innocuous game BMX Bike.

New vulnerability affects all Android -Device

Ruyu added that the organizers of the event confirmed the operation to exploit a particular smartphone. According to him, if you want an exploit could be developed for all of Android-smartphone, since the vulnerability is contained in a component of Google Chrome.

The same vulnerabilities

The flaw in the engine V8 – last but not the only example of a vulnerability affecting the majority of users of Android-devices. At the end of July 2015 the company reported the discovery Zimperium vulnerability allows execution of arbitrary code in the 950 million Android-smartphone. Another vulnerability, discovered in 2013, concerned the 900 million active Android-devices.


No comments:

Post a Comment