Incoming SMS and RCS audio attachments received by Google Messages are now automatically decoded with no user interaction. As a result, audio decoders are now in the 0-click attack surface of most Android phones.
Today, Project Zero released a 0-click exploit chain for the Pixel 9. While it targets the Pixel, the 0-click bug and exploit techniques we used apply to most other Android devices.
@nCrazed@fd00.space potentially, but only partially. Clicking on a malicious image can still trigger the underlying vuln, which exists within the OS rather than any particular app.
I - wait, what's the maximum audio size per attachment, and max attachments per message? Could you plausibly send enough data to fuck with someone's battery life?
@kevinrns@mstdn.social has been silenced by enby.life staffmstdn.social has been silenced by enby.life staff
Google, attempting to speed up fancy features in their Messages app, allowed the app to automatically read messages and analyze media attachments before the user ever actually opens them. This allows hackers to exploit software vulnerabilities silently instead of needing to trick a user into viewing a malicious message. In effect, they chose to reduce the phone's security in order to make the assistant features run faster.
@2something@transfem.social the attacks work against any app, but it's much harder to exploit with a different messaging app.
Specifically, it requires up to 256 messages to be opened and the attachments viewed - and you're likely to just block the attacker after one or two. But with google messages, the app will quietly open the messages for you in the background - making it way easier to pull off.
@2something@transfem.social yeah - RCS isn't required for the vulnerability described, or for attacking other zero-click vulns that may exist in the media code. The issue seems to be the messages app itself rather than any particular protocol.
