Another day, another hole in smartphone security.
Security researcher Guang Gong recently discovered an exploit in Android phones that allows for an attacker to gain control of a person’s phone if they click on a link to a website containing malicious code, The Register reports. The attacker then has the ability to download additional apps to the infected device without the user’s interaction.
This latest exploit, which thankfully has yet to appear in the wild, was highlighted by Gong during his participation in hacking contest MobilePwn2Own during the2015 PacSec conferencein Tokyo. As part of his prize, he won a trip to the 2016 CanSecWest security conference, and could also end up receiving a bug bounty from Google, who was made aware of the exploit.
While details were sparse, Gong said it took him three months of work prior to the competition to find the hole.