It’s been the month of the autoroot exploits in the Android security world, folks. After last week’s autoroot virus scares, this week we have a Chrome exploit that can allegedly grant root access on “virtually any Android device”.

The vulnerability was demonstrated at the MobilePwn2Own conference that just took place in Tokyo. The guy who demonstrated the exploit believes that the vulnerability affects all version of Android that can run the latest version of Google Chrome.

The exploit was performed by Qihoo 360 researcher Guang Gong. Keep reading to discover how it works.

How Does the New Auto Root Exploit for Chrome Work?

Step 1) Users need to be tricked into visiting a malicious website in the latest version of Google Chrome

Step 2) The vulnerability can be found in JavaScript v8, which is Google’s open source JavaScript engine. After visiting the website, the site runs a small script.

Step 3) That script installs an arbitrary application that is then able to grant itself full privileges on the device.

The attack is known as a “one shot exploit”, which means that just one vulnerability is enough to perform the attack. Today, most exploits rely on multiple vulnerabilities in order to gain privileged access and load software.

After demonstrating the attack on one device, Gong went on to demonstrate the attack on several others.

The game that was used in the demonstration? “BMX Bike”. There was no user interaction required to gain complete control of the phone: all that needed to happen was one visit to a malicious website.

Why This is So Dangerous

The exploit is dangerous because all it takes is one misplaced click online, or one visit to a malicious website. Once you’ve done that, it’s game over: that site can install a script and gain full root access.

In an interview, PacSec organizer Dragos Ruiu said:

“The impressive thing about Guang’s exploit is that it was one shot. Most people these days have to exploit several vulnerabilities to get privileged access and load software without interaction.”

Fortunately, Google has been made aware of the vulnerability. You can expect a Chrome fix to be released very shortly.

Photo courtesy of RedmondPie.com

Leave a Reply

Your email address will not be published.Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>