Ben WoodsEurope Editor
Ben is a technology journalist with a specialism in mobile devices and a geeky love of mobile spectrum issues. Ben used to be a professional Ben is a technology journalist with a specialism in mobile devices and a geeky love of mobile spectrum issues. Ben used to be a professional online poker player. You can contact him via Twitter or on Google+.
It’s by no means the first time, but security researchers have demonstrated a weakness present in pretty much all versions of Google’s Android OS.
The bad news? All it takes is opening a website containing the malicious code and an attacker can have full control of your phone, and do things like download additional apps without your interaction.
The good news? It’s not out in the wild. Yet.
Detailed information about the exploit wasn’t presented, but Gong says that it took three months of work ahead of the competition.
It looks like those efforts will now pay off though, as Gong has won a trip to the CanSecWest security conference next year. A member of Google’s security team was also present and took the exploit details back to HQ, so it’s likely Gong will receive a bug bounty too.
While it’s not the first exploit that allows hackers to install apps and carry out other nefarious activities remotely, the simplicity of a single malicious link giving full control is just a little bit scary.
And don’t go thinking a brand new phone won’t be susceptible – the exploit was demonstrated on a Nexus 6.
➤Latest Android phones hijacked with tidy one-stop-Chrome-pop [The Register]
Get the TNW newsletter
Get the most important tech news in your inbox each week.