Attackers are Now Capable of Taking Full Control of Your Android Phone by Exploting Zero-Day Vulnerability
In recent years, Android updates have prioritized security more than anything. This is apparent in the latest updates, which focuses on improvements and developments on encryptions, permissions, and privacy-related matters.
There are also other initiatives like Project Mainline that aim to speed up security updates for Android 10 to make every Android device safe from a myriad of threats. Google also joined in on this endeavor through launching constant and active security patches.
While initiatives are continuously launched one after another, there are still limitations that can be potentially exploited in an operating system like Android.
Related Article: 7 Best Privacy Protection Apps for Android
That being said, a recent vulnerability in Android has been detected. Attackers are said to have been exploiting a zero-day vulnerability in the system. This said tactic allows an attacker to take full control of phones from Samsung, Xiaomi, Google, Huawei, and many more.
The Project Zero team from Google recently shared added information about the zero-day Android incident, revealing that it is associated with an NSO group; however, representatives from said group denied having anything to do with it.
"This exploit is a kernel privilege escalation that uses a use-after-free vulnerability, allowing the attacker to fully compromise a vulnerable device and root it. Since the exploit is also accessible from the Chrome sandbox, it can also be delivered via the web once it is paired with an exploit that targets a vulnerability in the code in Chrome that is used to render content," read the report from XDA.
This means that an attacker enables the installation of a malicious application to affected devices in order to achieve root without the phone user's knowledge. Another tactic for delivering this attack is through the web browser, Chrome. This method removes the need to physically access the targeted device.
The issue, which is now rated as "High Severity" by Android, apparently started after the vulnerability was patched back in December 2017. A fix was later on given for Linux Kernel versions 3.18, 4.4, and 4.9.
Unfortunately, this "fix" wasn't able to get through the security patch for Android, leaving some devices still vulnerable to attacks.
The devices that are potentially affected are Google Pixel, Google Pixel XL, Google Pixel 2, Google Pixel 2 XL, Huawei P20, Xiaomi Redmi 5A, Xiaomi Redmi Note 5, Xiaomi Mi A1, Oppo A3, Moto Z3, Samsung Galaxy S7, Samsung Galaxy S8, and Samsung Galaxy S9.
Nonetheless, this is just a non-exhaustive list, which means there's a possibility that other Android phones that aren't mentioned above might also be affected.
Related Article: New Malware Infects 36.5 Million Android Devices
A fix is expected to be available soon. Android is scheduled to have the vulnerability patched after the next update this October. Until then, experts warn the public to be extra careful in the apps they download.
"Users should still hold off on installing non-essential apps." said ArsTechnica. Using a non-Chrome browser until the patch is installed is also adviced.
Related Article: Android Phone 'Solarin' Offers Military-Grade Security for Just $14K
MORE IN ITECHPOST
Elon Musk’s Brain Microchip Neuralink Will Allegedly Cure Depression and Addiction
Elon Musk founded Neuralink in 2016, but what is the purpose of this brain-implanted computer chip? Musk has revealed additional details that you may find interesting.
Spotted in Deep Space: Never Before Seen Four Mystery Objects
A few mysterious objects that haven't been seen until now have recently been spotted in deep space thanks to massive radio telescopes.
A Leaker May Have Confirmed The Release Date Of 'Resident Evil Village'
A leaker who has been reliable in the past regarding Resident Evil may have revealed the release date of Resident Evil Village.