Attackers are Now Capable of Taking Full Control of Your Android Phone by Exploting Zero-Day Vulnerability
In recent years, Android updates have prioritized security more than anything. This is apparent in the latest updates, which focuses on improvements and developments on encryptions, permissions, and privacy-related matters.
There are also other initiatives like Project Mainline that aim to speed up security updates for Android 10 to make every Android device safe from a myriad of threats. Google also joined in on this endeavor through launching constant and active security patches.
While initiatives are continuously launched one after another, there are still limitations that can be potentially exploited in an operating system like Android.
Related Article: 7 Best Privacy Protection Apps for Android
That being said, a recent vulnerability in Android has been detected. Attackers are said to have been exploiting a zero-day vulnerability in the system. This said tactic allows an attacker to take full control of phones from Samsung, Xiaomi, Google, Huawei, and many more.
The Project Zero team from Google recently shared added information about the zero-day Android incident, revealing that it is associated with an NSO group; however, representatives from said group denied having anything to do with it.
"This exploit is a kernel privilege escalation that uses a use-after-free vulnerability, allowing the attacker to fully compromise a vulnerable device and root it. Since the exploit is also accessible from the Chrome sandbox, it can also be delivered via the web once it is paired with an exploit that targets a vulnerability in the code in Chrome that is used to render content," read the report from XDA.
This means that an attacker enables the installation of a malicious application to affected devices in order to achieve root without the phone user's knowledge. Another tactic for delivering this attack is through the web browser, Chrome. This method removes the need to physically access the targeted device.
The issue, which is now rated as "High Severity" by Android, apparently started after the vulnerability was patched back in December 2017. A fix was later on given for Linux Kernel versions 3.18, 4.4, and 4.9.
Unfortunately, this "fix" wasn't able to get through the security patch for Android, leaving some devices still vulnerable to attacks.
The devices that are potentially affected are Google Pixel, Google Pixel XL, Google Pixel 2, Google Pixel 2 XL, Huawei P20, Xiaomi Redmi 5A, Xiaomi Redmi Note 5, Xiaomi Mi A1, Oppo A3, Moto Z3, Samsung Galaxy S7, Samsung Galaxy S8, and Samsung Galaxy S9.
Nonetheless, this is just a non-exhaustive list, which means there's a possibility that other Android phones that aren't mentioned above might also be affected.
Related Article: New Malware Infects 36.5 Million Android Devices
A fix is expected to be available soon. Android is scheduled to have the vulnerability patched after the next update this October. Until then, experts warn the public to be extra careful in the apps they download.
"Users should still hold off on installing non-essential apps." said ArsTechnica. Using a non-Chrome browser until the patch is installed is also adviced.
Related Article: Android Phone 'Solarin' Offers Military-Grade Security for Just $14K
MORE IN ITECHPOST
How Scars are Formed and How to Remove It
Scar formation is a result of a biological process in skin after an injury or trauma. It is formed when the dermis layer of the skin is damaged. It is our body's way to repair tissues and organs and is a natural part of the healing process. A scar tissue is composed of the same type of collagen it is replacing with. Scars lacks elasticity compared to normal tissue. There are different degrees of scarring depending on the injury the tissue is subjected to.
Reasons to Use Magento for your Ecommerce Store
There are so many eCommerce platforms out there ready to help you build your storefront it can be difficult to choose the right one. More and more companies, from Liverpool Football Club to Coca Cola, are using Magento hosting for their online storefronts, and for good reason.
NASA Unveils New High-Tech Spacesuit for Artemis Mission
NASA is spending people on the moon again for the Artemis mission, and they have unveiled new spacesuits for it.
Fortnite Chapter 2 is Finally Here; Massive Changes Take Game to an Entirely New Level
Fortnite Chapter 2 competes with Call of Duty Mobile and the updated PUBG Mobile with some massive changes that take the Fortnite gaming experience to the next level.
4 In-Demand Professions That Pay Well In Canada
Canada is turning out to be an emerging place for fresh graduates and skilled people looking for jobs. Every year the ratio of unemployed people for every job keeps decreasing. This decline in the ratio is accredited to a lot of skilled professionals recently moving to Canada, more job vacancies and more opportunities.