Attackers are Now Capable of Taking Full Control of Your Android Phone by Exploting Zero-Day Vulnerability
In recent years, Android updates have prioritized security more than anything. This is apparent in the latest updates, which focuses on improvements and developments on encryptions, permissions, and privacy-related matters.
There are also other initiatives like Project Mainline that aim to speed up security updates for Android 10 to make every Android device safe from a myriad of threats. Google also joined in on this endeavor through launching constant and active security patches.
While initiatives are continuously launched one after another, there are still limitations that can be potentially exploited in an operating system like Android.
Related Article: 7 Best Privacy Protection Apps for Android
That being said, a recent vulnerability in Android has been detected. Attackers are said to have been exploiting a zero-day vulnerability in the system. This said tactic allows an attacker to take full control of phones from Samsung, Xiaomi, Google, Huawei, and many more.
The Project Zero team from Google recently shared added information about the zero-day Android incident, revealing that it is associated with an NSO group; however, representatives from said group denied having anything to do with it.
"This exploit is a kernel privilege escalation that uses a use-after-free vulnerability, allowing the attacker to fully compromise a vulnerable device and root it. Since the exploit is also accessible from the Chrome sandbox, it can also be delivered via the web once it is paired with an exploit that targets a vulnerability in the code in Chrome that is used to render content," read the report from XDA.
This means that an attacker enables the installation of a malicious application to affected devices in order to achieve root without the phone user's knowledge. Another tactic for delivering this attack is through the web browser, Chrome. This method removes the need to physically access the targeted device.
The issue, which is now rated as "High Severity" by Android, apparently started after the vulnerability was patched back in December 2017. A fix was later on given for Linux Kernel versions 3.18, 4.4, and 4.9.
Unfortunately, this "fix" wasn't able to get through the security patch for Android, leaving some devices still vulnerable to attacks.
The devices that are potentially affected are Google Pixel, Google Pixel XL, Google Pixel 2, Google Pixel 2 XL, Huawei P20, Xiaomi Redmi 5A, Xiaomi Redmi Note 5, Xiaomi Mi A1, Oppo A3, Moto Z3, Samsung Galaxy S7, Samsung Galaxy S8, and Samsung Galaxy S9.
Nonetheless, this is just a non-exhaustive list, which means there's a possibility that other Android phones that aren't mentioned above might also be affected.
Related Article: New Malware Infects 36.5 Million Android Devices
A fix is expected to be available soon. Android is scheduled to have the vulnerability patched after the next update this October. Until then, experts warn the public to be extra careful in the apps they download.
"Users should still hold off on installing non-essential apps." said ArsTechnica. Using a non-Chrome browser until the patch is installed is also adviced.
Related Article: Android Phone 'Solarin' Offers Military-Grade Security for Just $14K
MORE IN ITECHPOST
How Does Uber's New Hourly Function Work? Will a Rider Still Pay $50 For Shorter Trips? All FAQs Answered!
Uber now lets riders pay an hourly rate for a multi-stop trip. But where did it come from and why are they doing it? So many questions we'd like to ask!
Benefits of LED Grow Lights for Your Indoor Plants
There has been a surge in the number of growers cultivating indoor crops. Some turn to indoor farming in areas like cities, where there are almost no green spaces. Growing indoors takes advantage of otherwise wasted space and makes it possible for anyone to create an indoor garden.
Darkest Dungeon Is Celebrating Its New DLC With A Free Weekend: Here Are Some Tips To Help You Out!
Red Hook Studio's Darkest Dungeon has had a new DLC released on Steam and with it a free weekend. Grab the PvP game and try it out after reading these tips on how you can play the game the best you can.
[Spoiler Alert] Jurassic World 3: Will the Original Cast Be Back?
Jurassic World III is on its way and if you're wondering if you're expecting everything to be the same, you might be surprised. A source stated that the former cast of the Jurassic Park movie trilogy would be reprising their roles in Jurassic World: Dominion.