A single malicious Chrome link is enough to give attackers control of your Android phone

A single malicious Chrome link is enough to give attackers control of your Android phone
Credit: Alexander Supertramp / Shutterstock.com

It’s by no means the first time, but security researchers have demonstrated a weakness present in pretty much all versions of Google’s Android OS.

The bad news? All it takes is opening a website containing the malicious code and an attacker can have full control of your phone, and do things like download additional apps without your interaction.

Ever been to a tech festival?

TNW Conference won best European Event 2016 for our festival vibe. See what's in store for 2017.

The good news? It’s not out in the wild. Yet.

According to The Register, the vulnerability was discovered by Guang Gong from security software vendor Qihoo360 at the MobilePwn2Own at the PacSec conference in Tokyo, and involves manipulation of the V8 JavaScript engine.

Detailed information about the exploit wasn’t presented, but Gong says that it took three months of work ahead of the competition.

It looks like those efforts will now pay off though, as Gong has won a trip to the CanSecWest security conference next year. A member of Google’s security team was also present and took the exploit details back to HQ, so it’s likely Gong will receive a bug bounty too.

While it’s not the first exploit that allows hackers to install apps and carry out other nefarious activities remotely, the simplicity of a single malicious link giving full control is just a little bit scary.

And don’t go thinking a brand new phone won’t be susceptible – the exploit was demonstrated on a Nexus 6.

Latest Android phones hijacked with tidy one-stop-Chrome-pop [The Register]

Read next: Watch yet another Star Wars: The Force Awakens trailer, if you like that sort of thing

Here's some more distraction

Comments