Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Chinese Expert Hijack Android Smartphone using Google Chrome!

MobilePwn2Own is a hacking contest, in which hackers take challenges to exploit the mobile phones and other devices using previously unknown vulnerabilities. In the contest of this year a Chinese expert shows the audience how to hijack an Android Smartphone by exploiting a zero-day bug in Google Chrome.

“Guang Gong” is working as a security researcher in famous anti-threat security company “Qihoo 360”. At PacSec conference in Tokyo, he shows how to hijack the Android smartphone. The device which he hijacked was using latest version of Android OS. There was a JavaScript v8 flaw in Google Chrome Browser. By exploiting that flaw he did this. The device was “Fi Nexus 6” which is a project of Google. This device was using Android 6.0 Marshmallow.

By exploiting this flaws Gong install an arbitrary app on the targeted device. When he installs it, there was no need of user interaction. He just tricked the victim to visit a bogus website set up by him to install that application.

This vulnerability affects the mobile devices running on the Android 6.0 Marshmallow. Another researcher Ruiu told that this vulnerability also works in other mobile devices which are using Latest version of Google Chrome. It is the vulnerability in the JavaScript engine of the Google Chrome.

The information of this flaw has been given to Google Security team already, but Gong has not disclosed the technical reasons behind this flaw. Google will reward him too. Android users can use other alternative browsers because Google has to fix this flaw yet.

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.