Fortunately, Google is already aware of the exploit, but it’s another sign of how essential regular security updates have become.
A security researcher revealed a new exploit that could allow someone to take control over someone else’s Android phone remotely with just one Chrome link.
Researcher Guang Gong showcased this nefarious plan at MobilePwn2Own, part of Tokyo’s PacSec conference. The full details weren’t revealed, in order to deter anyone with malicious intent from putting it into action.
Gong was able to take control of a Project Fi Nexus 6 by attacking a JavaScript vulnerability in Chrome. Through the exploit, he installed an application granting total access to the phone without any user notification.
Luckily, a member of Google’s security team was at the event, so Google will soon be at work on a patch (along with offering a hefty reward bounty for Gong). As long as you avoid sketchy websites and stick to the Play Store for downloads, you should be fine, but it’s always to good to keep an eye on the security landscape.
Why this matters: The Stagefright vulnerability raised the issue of Android security to a higher level because of how easily someone could unknowingly infect their devices from an MMS message. In response, Google now sends out a monthly patch to Nexus devices, while other hardware makers have said they’re going to also step up their security game. It’s badly needed, as Android’s large marketshare demands a robust security structure and update system.
For comprehensive coverage of the Android ecosystem, visit Greenbot.com.
Source: www.pcworld.com