Breaking any of Android-smartphone
The Web Google Chrome browser contains a vulnerability that allows to hack any Android-smartphone and gain control over it. This was the event MobilePwn2Own the conference PacSec in Tokyo told the researcher Guan Gong (Guang Gong) from the company Quihoo 360.
Gong told details of Google and has already been awarded for it’s free a trip to the CanSecWest conference in 2016. It may also receive monetary compensation.
Four months to exploit
The event in Tokyo researchers have demonstrated the vulnerability of smartphone Nexus 5. This machine Google previous generation. Nexus device first to receive updates Android, including security updates. According to Gong, to develop exploit it took him four months.
«As soon as the user opens an infected website by” holes “in the V8 in Chrome browser installs arbitrary application on the smartphone, without any user action “, – told the publication Vulture South organizer PacSec Dragos Ruyu (Dragos Ruiu). He added that Gong as an arbitrary application chose an innocuous game BMX Bike.
New vulnerability affects all Android -Device
Ruyu added that the organizers of the event confirmed the operation to exploit a particular smartphone. According to him, if you want an exploit could be developed for all of Android-smartphone, since the vulnerability is contained in a component of Google Chrome.
The same vulnerabilities
The flaw in the engine V8 – last but not the only example of a vulnerability affecting the majority of users of Android-devices. At the end of July 2015 the company reported the discovery Zimperium vulnerability allows execution of arbitrary code in the 950 million Android-smartphone. Another vulnerability, discovered in 2013, concerned the 900 million active Android-devices.