+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Attackers can hijack an Android phone just by convincing you to click on a link to an infected website

Nov 13, 2015, 21:36 IST

Flickr/etnyk

Advertisement

Another day, another hole in smartphone security.

Security researcher Guang Gong recently discovered an exploit in Android phones that allows for an attacker to gain control of a person's phone if they click on a link to a website containing malicious code, The Register reports. The attacker then has the ability to download additional apps to the infected device without the user's interaction.

This latest exploit, which thankfully has yet to appear in the wild, was highlighted by Gong during his participation in hacking contest MobilePwn2Own during the 2015 PacSec conference in Tokyo. As part of his prize, he won a trip to the 2016 CanSecWest security conference, and could also end up receiving a bug bounty from Google, who was made aware of the exploit.

Gong discovered the vulnerability involved the manipulation of the V8 JavaScript engine and showed the weakness was present in essentially all versions of Google's Android OS. He even demonstrated that the vulnerability affected new products, such as the Nexus 6.

Advertisement

While details were sparse, Gong said it took him three months of work prior to the competition to find the hole.

"The impressive thing about Guang's exploit is that it was one shot; most people these days have to exploit several vulnerabilities to get privileged access and load software without interaction," PacSec organizer, Dragos Ruiu, told The Register's Vulture South . "As soon as the phone accessed the website the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application (in this case a BMX Bike game) without any user interaction to demonstrate complete control of the phone."

NOW WATCH: APPLE BREACH: Apps infected with malicious code found in the App Store

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article