Introduction
Google Project Zero has uncovered a critical 0-click exploit chain specifically targeting the Google Pixel 9. Unlike traditional phishing or click-bait attacks, this vector exploits the automated processing of incoming media files. Specifically, the attack surface is expanded by the audio transcription features in Google Messages and the associated background decoding processes.
For defenders, this represents a shift in the mobile threat landscape. We are no longer just defending against malicious links or applications; we must secure the passive processing of untrusted data. The Dolby UDC (Universal Decoder Component) and the com.google.android.tts (Text-to-Speech) service have been identified as key components that parse potentially malicious audio data before user interaction occurs. Immediate auditing of these components is essential to maintain the integrity of your mobile fleet.
Technical Analysis
Affected Products and Platforms:
- Device: Google Pixel 9 (and potentially other Android devices utilizing similar audio transcription stacks).
- Application: Google Messages (specifically the audio transcription feature).
- Components:
com.google.android.tts, Dolby UDC (Universal Decoder Component).
Vulnerability Mechanics: The vulnerability arises from the expansion of the "audio attack surface." In the Pixel 9 environment, incoming audio messages are automatically transcribed to provide users with text previews. This process involves:
- Interception: The Google Messages app receives an incoming audio file (MMS/RCS).
- Automated Processing: Before the user opens or interacts with the message, the audio file is passed to decoding libraries.
- Dolby UDC Involvement: The Dolby UDC, a ubiquitous component in the Android audio stack, processes the audio data.
- TTS Activation: A secondary process,
com.google.android.tts, also initiates decoding on incoming audio. The Project Zero analysis suggests this is related to search functionality or message indexing.
The Attack Chain: An attacker can send a specially crafted audio file designed to trigger a buffer overflow or logic error in either the Dolby UDC or the Google TTS engine. Because the decoding happens automatically (0-click), the exploit executes immediately upon receipt, potentially leading to Remote Code Execution (RCE) with the privileges of the respective service (often high-privilege system context).
Exploitation Status: While detailed CVE identifiers were not explicitly listed in the summary, the research confirms the existence of a functional 0-click chain. This is not theoretical; it is a proven capability highlighted by elite security researchers. It highlights a systemic failure in how untrusted media is handled in the Android audio subsystem.
Detection & Response
Detecting 0-click exploits on mobile endpoints requires visibility into process lineage and file access patterns that deviate from the baseline. Since these attacks trigger upon receipt, we must monitor the interaction between the messaging app and the audio decoding services.
SIGMA Rules
---
title: Pixel 9 - Suspicious Google Messages TTS Interaction
id: a4b2c8d1-3e4f-5a6b-7c8d-9e0f1a2b3c4d
status: experimental
description: Detects the Google Messages app spawning the Text-to-Speech (TTS) service to process incoming audio, a behavior leveraged in 0-click chains on Pixel 9.
references:
- https://projectzero.google/2026/01/pixel-0-click-part-3.html
author: Security Arsenal
date: 2026/01/20
tags:
- attack.initial_access
- attack.t1190
- android
logsource:
product: android
category: process_creation
detection:
selection:
ParentProcess|contains: 'com.google.android.apps.messaging'
Image|contains: 'com.google.android.tts'
condition: selection
falsepositives:
- Legitimate user manually requesting transcription of an audio message.
level: high
---
title: Pixel 9 - Dolby UDC Processing Untrusted Audio
id: b5c3d9e2-4f5a-6b7c-8d9e-0f1a2b3c4d5e
status: experimental
description: Detects the Dolby UDC component decoding audio files initiated by messaging apps. This 0-click vector processes audio before user interaction.
references:
- https://projectzero.google/2026/01/pixel-0-click-part-3.html
author: Security Arsenal
date: 2026/01/20
tags:
- attack.exploitation_for_client_execution
- attack.t1203
- android
logsource:
product: android
category: file_access
detection:
selection:
Image|contains: 'com.dolby.daxappui' # or generic Dolby UDC process path depending on OEM
TargetFilename|contains:
- '.amr'
- '.aac'
- '.wav'
InitiatingProcess|contains: 'com.google.android.apps.messaging'
condition: selection
falsepositives:
- Standard playback of audio messages by the user.
level: medium
KQL (Microsoft Sentinel / Defender)
The following queries hunt for the automated processing of audio files by the Google Messages app and the TTS/Dolby components within Microsoft Defender for Endpoint (Android).
// Hunt for Google Messages initiating TTS or Dolby processes
DeviceProcessEvents
| where Timestamp > ago(7d)
| where DeviceType == "Android"
| where InitiatingProcessFileName has "com.google.android.apps.messaging"
| where FileName in ("com.google.android.tts", "com.dolby.daxappui", "mediaserver")
| project Timestamp, DeviceName, AccountName, InitiatingProcessFileName, FileName, ProcessCommandLine
| order by Timestamp desc
// Correlate File Access with Messaging App
DeviceFileEvents
| where Timestamp > ago(7d)
| where DeviceType == "Android"
| where InitiatingProcessFileName has "com.google.android.apps.messaging"
| where ActionType == "FileCreated" or ActionType == "FileAccessed"
| where TargetFileName has_any (".amr", ".aac", ".m4a", ".wav")
| project Timestamp, DeviceName, InitiatingProcessFileName, TargetFileName, FolderPath, SHA256
| order by Timestamp desc
Velociraptor VQL
This artifact hunts for process execution and file handles related to the audio transcription components on Android endpoints.
-- Hunt for suspicious audio processing chains
SELECT
Pid,
Name,
Exe,
Parent.Name AS ParentName,
Username,
Ctime AS ProcessCreateTime
FROM pslist()
WHERE Name =~ 'com.google.android.tts'
OR Name =~ 'dolby'
OR Parent.Name =~ 'com.google.android.apps.messaging'
Remediation Script (Bash)
This script is intended for Android Enterprise environments where administrative shell access is available (via ADB or MDM pushed scripts) to verify patch levels and enforce configuration hardening by restricting the transcription feature until patched.
#!/system/bin/sh
# Hardening Script for Pixel 9 Audio Transcription Vector
# Checks for Android Security Patch Level and attempts to disable transcription capabilities.
echo "[+] Starting Android Audio Vector Hardening Check..."
# Check Android Security Patch Level
PATCH_DATE=$(getprop ro.build.version.security_patch)
echo "[+] Current Security Patch: $PATCH_DATE"
# Define a critical date threshold (Update this as patches are released)
# Example: Check if device is patched before the disclosure date (Jan 2026 context)
CRITICAL_DATE="2026-01-01"
if [ "$PATCH_DATE" \< "$CRITICAL_DATE" ]; then
echo "[!] WARNING: Device security patch level is outdated. Vulnerable to 0-click audio exploits."
else
echo "[+] Device appears to be patched against the initial findings."
fi
# Attempt to revoke permissions for Google Messages to access the microphone/Transcription service
# Note: This requires adb root or Magisk privileges. On standard enterprise profiles, use MDM to restrict.
PKG_NAME="com.google.android.apps.messaging"
# Disable 'Transcription' feature via App Ops (if root)
if [ $(id -u) = "0" ]; then
echo "[+] Root access detected. Attempting to restrict transcription permissions..."
# App Ops code 63 is OP_AUDIO_CAPTURE, check specific transcription op if available
# This is a hardening step; strictly disabling Mic access breaks audio calls, so we target specific transcription flags if accessible.
# Alternatively, force stop the TTS service to prevent background processing.
am force-stop com.google.android.tts
echo "[+] com.google.android.tts force-stopped to mitigate 0-click processing."
else
echo "[!] No root access. Please enforce restrictions via your EMM/MDM console."
echo "[!] Recommendation: Disable 'Google Messages Transcription' via MDM Managed Configurations."
fi
echo "[+] Hardening check complete."
Remediation
1. Patch Management (Priority 1): Monitor the Google Pixel bulletin and Android Security Bulletins closely. Apply the January 2026 (or subsequent relevant) security patch immediately to all Pixel 9 devices in the fleet.
2. Configure Mobile Device Management (MDM) Policies: Until patches are verified, use your EMM (Enterprise Mobility Management) solution to disable the "Audio Transcription" feature in Google Messages.
- Action: Push the managed configuration for
com.google.android.apps.messagingsettingenable_transcriptiontofalse(if supported by the schema version).
3. Application Hardening: Review the permissions granted to Google Messages. If automatic transcription is not a business requirement, consider restricting the application's ability to run in the background or interact with accessibility services.
4. Network Hygiene: Ensure MMS/RCS traffic is inspected by secure web gateways where possible, although this is limited by end-to-end encryption (E2EE) standards in RCS. Focus on device-based detection.
Vendor Advisory: Refer to the official Google Project Zero Blog Post for technical deep dives and the Android Security Bulletins for patch releases.
Related Resources
Security Arsenal Penetration Testing Services AlertMonitor Platform Book a SOC Assessment vulnerability-management Intel Hub
Is your security operations ready?
Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.