A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?

While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our experience finding, reporting and exploiting these vulnerabilities highlighted some broader issues in the Android ecosystem. This post describes the problems we encountered and recommendations for improvement. Audio Attack Surface The Dolby UDC is part of the 0-click attack surface of most Android devices because of audio transcription in the Google Messages application. Incoming audio messages are transcribed before a user interacts with the message. On Pixel 9, a second process com.google.android.tts also decodes incoming audio. Its purpose is not completely clear, but it seems to be related to making incoming messages searchable.

The article describes a 0-click exploit chain on Pixel 9 that abuses vulnerabilities in the Dolby UDC audio codec, which is exposed because Google Messages performs automatic AI-powered transcription and searchability on incoming audio messages before user interaction.[4][1] This design makes audio decoders part of the 0-click attack surface across many Android devices, and the authors also highlight slow patch timelines and ecosystem-wide process gaps.[4][1] From a CyberSE.AI perspective, this is an example of AI-enhanced messaging and transcription features expanding remote attack surface and privilege boundaries in a SaaS-like communication stack, without sufficient threat modeling and hardening of the underlying media/ML pipelines. Organizations deploying similar on-device or cloud-based transcription/search services should perform structured AI Security Readiness Assessments to map new AI-driven data flows, minimize pre-interaction processing, harden codec and model runtimes, and establish faster coordinated patch and rollout processes for AI-exposed components.