Hackfest Attendee Busts Open Android via Chrome Exploit

By Gary Cutlack on at

A man having the time of his life at the PacSec MobilePwn2Own event has shown off an exciting new way to take control of Android phones, using an exploit accessed through Chrome to launch apps -- and therefore unlock the phones to potentially malicious happenings. 

Developer Guang Gong is the creator-finder of the exploit, which he demonstrated on a Nexus 6 by running an app simply after visiting a web site he'd constructed to trigger the exploit. The vulnerability is still being kept semi-secret as the discoverer probably has his eyes on some of Google's bug-finding bounty, but what we know about it so far is that is uses Chrome to trigger a hole in JavaScript v8.

PacSec organiser Dragos Ruiu gave a little more detail on its operation to The Register, explaining: "As soon as the phone accessed the website the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application without any user interaction to demonstrate complete control of the phone. The vuln being in recent version of Chrome should work on all Android phones; we were checking his exploit specifically but you could recode it for any Android target since he was hitting the JavaScript engine." [The Register]