New Android exploit can hack any handset in one shot
Hackers have discovered a critical exploit in Chrome for Android reportedly capable of compromising virtually every version of Android running the latest Chrome. Quihoo 360 researcher Guang Gong demonstrated the vulnerability to the PSN2OWN panel at the PacSec conference in Tokyo yesterday. While the inner workings of the exploit are still largely under wraps, we do know that it leverages JavaScript v8 to gain full administrative access to the victim's phone.
"The impressive thing about Guang's exploit is that it was one shot; most people these days have to exploit several vulnerabilities to get privileged access and load software without interaction," PacSec organiser Dragos Ruiu told Vulture South. "As soon as the phone accessed the website the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application (in this case a BMX Bike game) without any user interaction to demonstrate complete control of the phone." Unfortunately, real-world applications would be far less benign. Google has already been alerted to the bug and is expected to pay out a sizeable bounty for the heads up.
[Image Credit: Bloomberg via Getty Images]
- Key Specs
- Prices
hoff1313
Everybody so worried about the title of the article, nobody even read the thing. It is PWN2OWN not PSN2OWN. They can't even get the competition name right. How hard is it to copy an article from another website?
HummingBeard
How ironic, right? Originally PWN is a typo of OWN and they managed to make a typo in a typo.
barry99705
I wonder if this could be used to root the At&t and Verizon Note 5?
mingkee
Basically, you can use this exploit to root almost all Android devices EXCEPT Chrome isn't installed on /system folder.
phillip_drummond
Wow. If Android is much more secure than iOS, then iOS must be hosed.
barry99705
You do know the stuff used to jailbreak an iPhone is an exploit of the os right?
illregal
and you could jailbreak, by simply visiting a website....
JamesO
And people ask me why I don't use Android.
SeaAlex
They do ? Really ?
JamesO
You're on Engadget forums. Every other post is "This phone is better than iPhone" or "this tablet is better than iPad"
And IRL too. I have a minor issue with iOS like some music not syncing and I get "well you should have got an Android..."
Honestly mate, it's all the time. Android fans have turned into exactly the thing they hated about Apple users in the first place. It's actually been quite amusing to watch the transformation happen over the years.
swissdude
how right you are 
brncrsh
The problem here is users that don't see past their own worship thinking / pretending it is flawless compared to others.
Well, all OS have their own flaws, it is a matter of discovering them. All the software is written by humans and humans have flaws, no matter for which company they are writing it for. Ok, some may have more and some less, but still.
Well, all OS have their own flaws, it is a matter of discovering them. All the software is written by humans and humans have flaws, no matter for which company they are writing it for. Ok, some may have more and some less, but still.
SeaAlex
See the problem is if you're a fanboy you see everything in that context . But not everything is , I was just having a bit fun with his "And people ask me why I don't use Android. " I just couldn't really imagine lots of people asking him why he doesn't use Android ....
SeaAlex
Actually I'm not ..... But it's fun to see you run with this . Did you get it all out of your system ?
I was literally just wondering ( and mocking you ) if people really ask for your opinion on this, because I had a feeling a rant like that was just waiting to come out .
brncrsh
I'm guessing you don't use iOS either...
http://www.engadget.com/2015/04/21/1-500-ios-apps-are-vulnerable-to-an-https-crippling-bug/
http://www.engadget.com/2015/04/22/ios-ssl-flaw-skycure/
http://www.engadget.com/2015/04/21/1-500-ios-apps-are-vulnerable-to-an-https-crippling-bug/
http://www.engadget.com/2015/04/22/ios-ssl-flaw-skycure/
Salamihawk-
Unfortunately many Android users are simply unable to get patches for their devices, allowing flaws to fester out in the wild.
schnapster
Do you also bust into a room and yell "JamesO is here!"? Honestly we could care less about which phone you use, unless of course you build and design phones. Do you build and design phones?
41 comments