Researcher finds an Android bug that lets hackers attack your phone using just a link

Another day, another Android vulnerability.

A security researcher, Guang Gong, discovered a major exploit in Android phones that lets hackers gain access of someone’s phone by simply making the user click on a link to a website riddled with malicious code, The Register reports. Once the attacker has gained access to a users phone, they can download apps to the infected device without the user’s knowledge.

According to Business Insider [via The Register]:

“Gong discovered the vulnerability involved the manipulation of the V8 JavaScript engine and showed the weakness was present in essentially all versions of Google’s Android OS. He even demonstrated that the vulnerability affected new products, such as the Nexus 6.”

Gong discovered this exploit during a hacking contest during the 2015 PacSec conference in Tokyo. Google has been made aware of the hack and may possibly be receiving a huge chunk of cash from them for brining it to their attention.

“The impressive thing about Guang’s exploit is that it was one shot; most people these days have to exploit several vulnerabilities to get privileged access and load software without interaction,” PacSec organizer, Dragos Ruiu, told The Register’s Vulture South . “As soon as the phone accessed the website the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application (in this case a BMX Bike game) without any user interaction to demonstrate complete control of the phone.”

[H/T Business Insider]

Kevin Raposo

Kevin is KnowTechie's founder and executive editor. With over 15 years of blogging experience in the tech industry, Kevin has transformed what was once a passion project into a full-blown tech news publication. Shoot him an email at kevin@knowtechie.com or find him on Mastodon or Post.