"Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to be decoded before the message is opened by the user"
Haven't we learned our lesson on this? Don't read and act on my sms messages without me asking you to!
Or my favorite, I marked an extremely suspicious message with what was almost certainly a malicious attachment as junk in a certain BigTech webmail client (the only other option was phishing which it most certainly was not) and it "helpfully" opened the unsubscribe link in my local browser without first asking me for permission. It's difficult to imagine the level of incompetence and dysfunction required to not only write but review, approve, and deploy such a feature in a security and privacy sensitive context.
Literally the only thing even remotely pressuring these firms to implement better security is bad PR (and it barely does that), so by not being explicit you are bypassing this
What is the purported lesson we should have learned? Users choose phones with rich messaging features. This was a major selling point for iPhone, first, with iMessage, and later with Android until iOS caught up with RCS.
It seems like the lesson is that you shouldn't be processing data sent to the device by random strangers without the user explicitly choosing to open the file or follow the link.
[1]: https://www.trendmicro.com/en_us/research/17/i/cve-2017-0780...
Not to automatically execute things within data that we have been sent.
There's a plethora of 3rd party messaging apps, namely WhatsApp or WeChat -- I haven't felt that messaging has sucked since then BBM days.
We all need a new phone OS and hardware level. Urgently.
This does not make much sense at all and is also not in line with empirics. It does not make much sense, because if flagship Android's security reputation worsens, more high-value customers (which are interesting to ad publishers) will go to iPhone. I think this is already an issue for Google because the most popular iPhones are all flagship models, whereas the most popular Android models are low- to mid-range Samsung A series:
https://counterpointresearch.com/en/insights/global-smartpho...
This reduces the opportunity for Google to extract money from their ecosystem (Ads, Google One, etc.) and gives it to Apple.
Second, it does not line up with empirics, because after Apple, Google has been the manufacturers most aggressively pushing hardware security. E.g. Pixels have had a Titan M secure enclave for a long time now (most Android manufacturers do not have any and rely on TrustZone), Google Pixel was one of the first devices to adopt memory tagging (MTE), etc. They do a lot of work to try to reduce the blast radius of 0-days, there is a reason why e.g. GrapheneOS has so far only supported Google Pixel devices.
The problem is more the lack of privacy.
"Google does not care about zero-day vulnerabilities" is an absolutely ludicrous claim.
Unfortunately, since we don't live in that world, we need to not open links, emails, text messages, etc, if they are sketchy.
A better solution may someday exist, but as of yet has not been found.
Including saying "If a threat actor updates your internal documentation, they can use that to influence the AI".
If a THREAT ACTOR IS UPDATING DOCUMENTATION, YOU'RE COMPROMISE!
We're not talking about "Wikipedia Vandals" here
I think it's reasonable for a security conference to talk about how if you put the internal documentation in the LLM context, that means you're elevating the permissions of anyone who can edit the documentation by transitively giving them the ability to instruct the LLM in its "actions" (outputs).
While it should be obvious that's what you're doing, I would say most people I talk to about LLMs do not understand that all parts of the context window together shape LLM output, and there is no such thing as "only obey instructions from the system prompt".
My second thought was “perhaps they’re just very forward-thinking”, and now I’m sad about the future again.
Somewhere there's an NSA agent reading this and laughing like a gin addict on payday.
Being an accidental or curious tap away from an RCE isn't actually much better. The fix is using sanitizing and safe parsers.
another fun parallel: "run this [...] and make no mistake ".
human context is just as bad as llms, i swear
Doesn't that just turn a 0-click exploit into a 1-click exploit? It's unlikely the user can make an informed decision to not process a potentially malicious message, without clicking on the message.
A 0-click exploit is horrendously worse than even a 1-click one. I often don't even open messages from numbers I don't recognize
I like seeing thumbnail previews of images in messages
They put a lot of deliberate work to enable this feature in a way that is hard to exploit
And it really sounds like Google is not mentioning that stance
This makes me feel better about Google, but also makes me kind of frightened of the rest of Android. I wonder what Apple's response time is?
https://docs.qualcomm.com/securitybulletin/may-2026-bulletin...
Since a lot of vendors are months or even years behind, their phones are full of known holes.
When it comes to security, basically: GrapheneOS > iOS > PixelOS >> Samsung OneUI >>>>>>>> everybody else.
Sadly, Samsung lets anyone who pays enough push bloatware and analytics on their phones. E.g. AppCloud from an Isreali company, Meta services that stay even when you remove Meta apps (only removable with ADB/UAD), etc. So there are only three somewhat serious options (and for two of them, you still give a lot of analytics to Apple or Google).
I've heard they cleaned up their program recently to respond much quicker nowadays
[1] https://gs.statcounter.com/android-version-market-share [2] https://www.cybersecurity-insiders.com/survey-reveals-over-1...
Search "android phone" on aliexpress and there's top selling phones on the first page running android 8, android 10, etc. They're not getting security updates of any sort, let alone driver updates.
Smaller brands often ship budget android devices and never update them.
Feels like there’s something new every other day - linux, windows, mobile, various commonplace tools used by everybody, the list goes on
https://projectzero.google/2026/01/pixel-0-click-part-1.html
So AI usage increases bugs and humans have to weed them out!
Going backwards from 2023, the doubling interval for published CVEs was approximately 4 to 4 1/2 years. Since then it’s approximately two years.
There has definitely been a rapid uptick.
There probably is more vulnerabilities found, but the amount of CVEs is not a good metric.
This article doesn't mention AI helping find this bug. Seems like humans can still do that on their own.
I've seen quite a few saying that they were inspired by the previous report that is presented as "the model pointed us to it" and you get FOMO about missing out if you don't snatch bugs now as well
```
does this look right to you? don't do any searches or check memory, just think through first principles
static int vpu_mmap(struct file fp, struct vm_area_struct vm) { unsigned long pfn; struct vpu_core core = container_of(fp->f_inode->i_cdev, struct vpu_core, cdev); vm_flags_set(vm, VM_IO | VM_DONTEXPAND | VM_DONTDUMP); / This is a CSRs mapping, use pgprot_device */ vm->vm_page_prot = pgprot_device(vm->vm_page_prot); pfn = core->paddr >> PAGE_SHIFT; return remap_pfn_range(vm, vm->vm_start, pfn, vm->vm_end-vm->vm_start, vm->vm_page_prot) ? -EAGAIN : 0; }
```
And it correctly identified the issue at hand, without web searches. I'd love to try something more comprehensive, e.g. shoving whole chunks of the codebase into the prompt instead of just the specific function, but it seems the latent ability to catch security exploits is there.
So then.... I wonder how this got out in the first place. I know I'm using a toy example but would love to learn more!
> Observations & Potential Issues A few things worth flagging: 1. No bounds checking on the mapping size. Userspace controls vm_end - vm_start and vm->vm_pgoff. Here vm_pgoff is ignored entirely and the size is trusted blindly. If the VPU's register block is, say, 64KB but userspace requests a 1MB mapping, the driver will happily map 1MB of physical address space starting at core->paddr — potentially exposing whatever hardware happens to live at adjacent physical addresses. A defensive check would be:
---
70 day release cycles are very quickly not going to be fast enough to stop widespread use of exploits when you have bots able to scan every PR on every open source project as it comes out.
To me, asking if a function has something wrong with it is just a very basic code review - something that should happen with every function. A competent, security conscious engineer would respond the same way as the model, unsurprisingly, since the model is... modelling competence.
This is quite impressive considering I’m just a dumbass with a Claude subscription.
It does make me scared for what other dangers lurk since this was a really bad one and it was so little work to find.
Also of note: so many security issues lately have been done using AI. This report makes me think two things:
1. Expertise is still immensely valuable, the more niche, the more valuable.
2. There are lots of niches still where AI doesn't dominate...
If this is the case it's good news for everyone else besides NSO and Co
Also, in contrast to iPhones, Android traditionally relies a lot more on safe languages like Java and Kotlin (and now Rust). Of course, iOS is improving there as well with Swift.
The issue is that all other Android vendors outside Google Pixel and to some extend Samsung are just terrible when it comes to device security.
Finally, it should be said that iOS was also compromised relatively quickly according to leaked Cellebrite presentations. The only system they could not compromise at the time was GrapheneOS, because they fully use Pixel hardware security features and do a lot of additional mitigations (including many that iOS doesn't use).
Also, any discussion of iOS should come with a fat disclaimer that by default iOS devices have a huge hole: most people use iCloud Backups (and are nudged towards it) without ADP, so their iCloud backups are not end-to-end encrypted and their chats, etc. can be requested by law enforcement. That you yourself use ADP does not really matter if the people you are communicating with don't. Also, Apple manages the key dictionary for iMessage, etc. so they could insert themselves. I would not be surprised if default non-E2E backups are a compromise in the extension of the NSA PRISM program that Apple already participated in before the Snowden leaks.
Of course, Google isn't any better, but just to say that Apple's security/privacy story is selective. Yes, they help protecting against some malicious groups and non-allied states, but they also make sure that US law enforcement (and probably some allied powers) can access most data.
So something like the old iphone jailbreaking scene is just impossible now.
Now imagine the dark horrors hiding in the BSPs of other Android devices... or embedded devices in general.
Frankly, it should be a requirement of Google's certification process that everything regarding drivers gets upstreamed into the Linux kernel. Yes, even if this adds quite a time delay to the usual hardware development process.
By definition in Rust it's incorrect to overflow the non-overflowing integer types, and so if you intend say wrapping you should use the explicit wrapping operations such as wrapping_add or the Wrapping<T> types in which the default operators do wrap - but if you turn off checks then it's still safe to be wrong, just as if you'd call the wrapping operations by hand instead of using the non-wrapping operations.
That Dolby overflow code looks awkward enough that I can't imagine writing it in Rust even if the checking was off - but I wasn't there. However the reason it's on Project Zero is that it resulted in a bounds miss, and that Rust would have prevented anyway.
I think Zig has the most interesting approach here with 3 different "+" operators (+ aborts on overflow, +& wraps, and +| saturates) along with addWithOverflow builtin. It'd probably be a challenge for Rust to adopt that at this point, but it'd be a great improvement
That is not a solution because it means the code can behave differently, and expose vulnerability if wrong compilation settings are chosen.
The functions like "wrapping_add" have such a long names so that nobody wants to use them and they make the code ugly. Instead, "+" should be used for addition with exceptions, and something like "wrap+" or "<+>" or "[+]" used for wrapping addition.
That's how people work, they will choose the laziest path (the simplest function name) and this is why you should use "+" for safer, non-wrapping addition and make the symbol for wrapping addition long and unattractive. Make writing unsafe code harder. This is just basic psychology.
C has the same problem, they have functions checking for overflow, but they also have long and ugly names that discourage their use.
> modern hardware will just wrap if you don't check and that's cheaper
So you suggest that because x86 is a poorly designed architecture, we should adapt programing languages to its poor design? x86 will be gone sooner or later anyway.
Also, there are languages like JS, Python, Swift which chose the right path, it is only C and Rust developers who seem to be backwards.
That said you can enable overflow checks in Rust's release mode. It's literally two lines:
[profile.release]
overflow-checks = true
MIPS does (did?). And VAX, IBM/360, ....
We've moved slightly closer to this, but in a world where we're still arguing over memory safety being necessary we've probably still got a ways to go before we notice that addition silently overflowing is a top-10 security issue. It's the silent top-10 security issue, I guess.
(Cangjie seems like a pretty nice language in other ways as well. Similar to Kotlin with some improvements and no Java. Bootstrapping the toolchain from source seems difficult though.)
[1] https://docs.cangjie-lang.cn/en/docs/0.53.13/white_paper/sou...
[2] https://docs.cangjie-lang.cn/en/docs/0.53.13/spec/source_en/...
OpenBSD fixed this back in 2017.
https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux....
Here's a cool project that inventories all your KASLR info leaks: https://github.com/bcoles/kasld
This published exploit sounds to be highly specialized to the specific build options.
People love new technologies and features that make their lives easier, but so far only a small subset of these people have made a conscious decision to limit their exposure to risk by depriving themselves of benefits provided by some of these features.
It sure is wonderful to have your whole life digitized on a single computer. You can analyze, share, organize, gamify, record and so on every aspect of your life instantly and effortlessly. It's incredible, really. Technology is amazing. Expect for the pesky bad actors that can do the digital equivalent to most physical crime from the other side of the world anonymously without you noticing.
It's like germs - if you don't wash your hands after touching something questionable and you don't experience any negative consequences, you'll learn not to wash them most of the time. It's just a waste of time. Maybe if you've touched something really gross, you'd wash them, but that would be the exception. Security is the same. If you've been using computers the same way for years, you'll learn nothing bad happens so why bother having a hygiene, why bother making any tradeoffs?
Yes, you've heard the news of someone's nudes posted online, of someone's bank account drained or of some company's files ransomed, but you've also heard of something dying from a brain parasite after touching a muddy puddle and rubbing their eyes afterwards. That happens rarely, we shouldn't worry about it. A car can hit you when you cross the street, a lightning can strike you when you're just walking about, an aneurysm can end you at anytime. No one is washing their hands all the time or constantly trying to minimize the streets they cross or anything like that. That would be foolish and impractical, and I agree.
That mindset is carried over to digital security, sadly. The risks are higher, the effort to keep a good hygiene is lower, the ability for bad actors to completely fuck you is much greater than in meat space. The rewards are seemingly greater, too, until we realize that what we get from technology is just marginally better than what we get without it. Tech is amazing, but it doesn't make us transcend time and space. It let's us organize our schedule, tag people and places in photos and summarize chats. All of that is born out of meat space. Without tech we'd still have conversation, we'd still see new places, we'd still have calendars and todo lists. We get maybe 1% more than we would have if we didn't have any tech but we let all our information and property sit unsecured for that 1% gain. That's fucked up, because the risks are big and will get bigger. And the tradeoffs we have to make to secure our digital lives may seem annoying, but are actually quite trivial. Less unnecessary sharing, more isolation and compartmentalization, different computers for different tasks, less proprietary hardware and software, etc.. We could get 90% of that 1% benefit from tech if we spend just a bit of time and energy of securing out digital lives. But fuck it. Let's but the latest flagship, let's use it for ID, banking, communication, file storage, camera, health tracking, everything. Because it's a tiny bit more inconvenient to get multiple computers for different purposes, to not get the latest and newest, to not install a bunch of unnecessary shit, to be careful about the digital realm at all.
Not really on topic, but a rant. I'm tired of people (friends and friends of friends) complaining to me that they got majorly fucked one way or another and acting like the universe owes them not to get fucked while they buy a computer that exposes their asshole to the world.
TLDR: People are lazy about digital security, get badly burned, then act surprised. Don't be that person.