Over the past few months, various vulnerabilities have been identified in the mobile ecosystem, all of which are quite worrying, to say the least. The latest discovery makes every Android device vulnerable to hijacking, assuming they are running the Google Chrome browser. In most cases, consumers will have this browser installed, simply because it is better compared to the standard browser. Phone hijacking a serious threat, especially for Bitcoin users.
Also read: Microsoft Dives In On The Blockchain
Mobile Google Chrome Vulnerable To Hijacking
The exploit in question, which has been demonstrated at MobilePwn2Own at the PacSec conference, focuses its attention on the JavaScript V8 engine. What is of particular worry, is how any mobile device running Google Chrome is vulnerable, including devices with an older version of the Android operating system.
Unlike most exploits targeting mobile devices, this Google Chrome exploit does not require multiple chained vulnerabilities to work its magic. In fact, this is one of the very few single clean exploits security researchers have seen in years. For Android users, this is not good news at all, as their devices could get hijacked without them even noticing it, simply because there is very little effort involved by hackers to pull it off.
All it takes is the user accessing a website running the JavaScript V8 vulnerability running the Google Chrome browser, which will install an arbitrary application without requiring user interaction. Once this application has been installed, an attacker will gain complete control of the mobile device.
Patching such a vulnerability is not an easy task, and Google will – most likely – pay a security bug bounty for the vulnerability, as there was no disclosure of exploit details during the conference. Once details of such an exploit are made public, it is only a matter of time until all hell breaks loose. However, fixing the problem is not possible until Google gets their hands on more details.
Potential Threat for Bitcoin Users on Android
Having a mobile device hijacked means that an attacker can do just about anything with any of the applications running on the machine. In the case of Bitcoin users, this also means an attacker could empty a client’s wallet, assuming they would get a hold of the pin code associated with the software. However, installing keyloggers without the user noticing it would be one of the possibilities to tackle that issue.
People can only hope Google addresses this issue sooner rather than later before anything major happens because of it. Bitcoin users on Android are advised not to visit any odd-looking websites on their mobile devices using the Google Chrome browser. Even though they should never engage in this type of behavior, now is certainly not the time to start doing so.
What are your thoughts on this vulnerability? Will it have an effect on Bitcoin users? Let us know in the comments below!
Source: The Register