https://kaios.dev/tags/kaios-3.1/Recent content in KaiOS 3.1 on KaiOS.devHugoen-usCopyright © 2023-2025. Last Byte LLCWed, 24 Jun 2026 02:30:00 -0500https://kaios.dev/2026/06/jscalated-from-the-browser-to-adb-on-kaios-3.1/Sat, 20 Jun 2026 10:00:00 +1000https://kaios.dev/2026/06/jscalated-from-the-browser-to-adb-on-kaios-3.1/<p>JScalated exploits a Mozilla web development feature left enabled by the authors of KaiOS. It allows custom JavaScript execution in the context of any currently displayed webpage. For most operating systems, this would not give the user a significant amount of extra control over their device, but KaiOS features a well-known <a href="https://wiki.bananahackers.net/en/development/device-api/EngmodeExtension" referrerpolicy="strict-origin-when-cross-origin" target="_blank">Engmode API</a>.</p> <p>The Engmode API allows apps to talk to the underlying Android operating system. It has become more and more hardened throughout the history of KaiOS. However, a few vulnerabilities have been found in the KaiOS 3.1 Engmode manager making injection trivial. JScalated uses the improperly handled <code>setPropertyLE</code> command shown below:</p>