Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Android

New Android Phones Hijackable With Chrome Exploit (theregister.co.uk) 45

mask.of.sanity writes: Google's Chrome for Android has been popped with a single exploit that could lead to the compromise of any handset. The exploit, showcased at MobilePwn2Own at the PacSec conference, targets the JavaScript v8 engine and compromises phones when users visit a malicious website. It is also notable in that it is a single clean exploit that does not require chained vulnerabilities to work.
This discussion has been archived. No new comments can be posted.

New Android Phones Hijackable With Chrome Exploit

Comments Filter:
  • Not yet disclosed (Score:5, Interesting)

    by unencode200x ( 914144 ) on Thursday November 12, 2015 @04:26PM (#50917109)
    From TFA "acSec Google's Chrome for Android has been popped in a single exploit that could lead to the compromise of any handset.

    The exploit, showcased at MobilePwn2Own at the PacSec conference in Tokyo yesterday but not disclosed in full detail, targets the JavaScript v8 engine. It can probably hose all modern and updated Android phones if users visit a malicious website"
    • Actually, my bad, TFA says there was someone from Google there who got a copy of it. Interesting though. They say all that needed to be done is to go to this website and with only one vul you own the phone w/o user interaction.
    • by sad_ ( 7868 )

      Not disclosed, but that doesn't mean it is unknown. Some other, blackhat hacker may be aware of and using it already, perhaps even months/years before it's recent public discovery.

  • by Karlt1 ( 231423 ) on Thursday November 12, 2015 @04:29PM (#50917135)

    Since Google can update Chrome for Android without requiring the OEM's and the carriers, it's not as bad as most Android security vulnerabilities.

    • Can someone please explain to me why LD_LIBRARY_PATH does not point first to a /data/lib directory, where an app-store had a chance of patching a flaw in /system?

      I am updating vlcplayer at least once every three months - why did Google decide to carve the stagefright libraries into /system stone with no hope of updating?

      At least this bug does not impact me - I rooted and torched stock because of the SOP bug, and Chrome just on principle.

    • by Sark666 ( 756464 )

      yeah not as bad... you mean on the flipside when it's an OS issue and you're fucked?

  • Really curious how effective all of Blackberry's hardening techniques really ended up being.
  • by Greger47 ( 516305 ) on Thursday November 12, 2015 @05:36PM (#50917541)

    It is also notable in that it is a single clean exploit that does not require multiple chained vulnerabilities to work, the researchers say.

    I have a hard time believing that. On Android V8 and the rest of the layout engine run in a restricted sandbox service that has no permissions to install apps.

    In addition to exploiting V8 they must be using a separate privilege escalation in the Android userspace or Linux kernel to install the APK, especially if there is no interaction needed like accepting the standard install dialog.

    I'm sure curious to hear the real story when Google releases a fix.

    /greger

  • by cfalcon ( 779563 ) on Thursday November 12, 2015 @07:07PM (#50918225)

    Man, I'm so surprised that the problem happened with javascript. It's just so unprecedented that javascript would have a vulnerability. It has such a good history, you know, of safety.

    Not that I'm speaking in favor of Chrome here either- the rumored ios exploit used the ios version of chrome, and it's not been the most secure browser or anything on Windows.

    But I just don't understand why every browser jumps through every hoop possible to fully support even the stupidest javascript everything. On a PC you need a bunch of special addons to limit the damage, and generally your options are "block all scripts" or "allow all scripts", with no ability to say "allow scripts that don't X, Y, or Z". Browsers should absolutely allow more restrictive profiles here, and probably the default should not fully implement javascript, which maintains its record of pile of shit virus vector for twenty years straight.

    • ...javascript, which maintains its record of pile of shit virus vector for twenty years straight.

      "Objection! The record clearly shows that my clients trash programs holds this title outright!" -- Adobe Space Chicken lawyer.

Somebody ought to cross ball point pens with coat hangers so that the pens will multiply instead of disappear.

Working...