Attackers are Now Capable of Taking Full Control of Your Android Phone by Exploting Zero-Day Vulnerability
In recent years, Android updates have prioritized security more than anything. This is apparent in the latest updates, which focuses on improvements and developments on encryptions, permissions, and privacy-related matters.
There are also other initiatives like Project Mainline that aim to speed up security updates for Android 10 to make every Android device safe from a myriad of threats. Google also joined in on this endeavor through launching constant and active security patches.
While initiatives are continuously launched one after another, there are still limitations that can be potentially exploited in an operating system like Android.
Related Article: 7 Best Privacy Protection Apps for Android
That being said, a recent vulnerability in Android has been detected. Attackers are said to have been exploiting a zero-day vulnerability in the system. This said tactic allows an attacker to take full control of phones from Samsung, Xiaomi, Google, Huawei, and many more.
The Project Zero team from Google recently shared added information about the zero-day Android incident, revealing that it is associated with an NSO group; however, representatives from said group denied having anything to do with it.
"This exploit is a kernel privilege escalation that uses a use-after-free vulnerability, allowing the attacker to fully compromise a vulnerable device and root it. Since the exploit is also accessible from the Chrome sandbox, it can also be delivered via the web once it is paired with an exploit that targets a vulnerability in the code in Chrome that is used to render content," read the report from XDA.
This means that an attacker enables the installation of a malicious application to affected devices in order to achieve root without the phone user's knowledge. Another tactic for delivering this attack is through the web browser, Chrome. This method removes the need to physically access the targeted device.
The issue, which is now rated as "High Severity" by Android, apparently started after the vulnerability was patched back in December 2017. A fix was later on given for Linux Kernel versions 3.18, 4.4, and 4.9.
Unfortunately, this "fix" wasn't able to get through the security patch for Android, leaving some devices still vulnerable to attacks.
The devices that are potentially affected are Google Pixel, Google Pixel XL, Google Pixel 2, Google Pixel 2 XL, Huawei P20, Xiaomi Redmi 5A, Xiaomi Redmi Note 5, Xiaomi Mi A1, Oppo A3, Moto Z3, Samsung Galaxy S7, Samsung Galaxy S8, and Samsung Galaxy S9.
Nonetheless, this is just a non-exhaustive list, which means there's a possibility that other Android phones that aren't mentioned above might also be affected.
Related Article: New Malware Infects 36.5 Million Android Devices
A fix is expected to be available soon. Android is scheduled to have the vulnerability patched after the next update this October. Until then, experts warn the public to be extra careful in the apps they download.
"Users should still hold off on installing non-essential apps." said ArsTechnica. Using a non-Chrome browser until the patch is installed is also adviced.
Related Article: Android Phone 'Solarin' Offers Military-Grade Security for Just $14K
MORE IN ITECHPOST
These Are 5 of the Most Wanted IT Jobs in 2020
These are the most wanted IT jobs in 2020, considering different factors such as: education, salary and job outlook.
How Do Personal Emergency Response Systems Work?
Personal emergency response systems, known as PERS for short, are systems that help people to raise the alarm and get immediate help when a medical or personal emergency occurs. They are ideal for older people and anyone with a mobility issue or an injury or illness that can cause falls.
Game Developers’ Different Roles in the Studio
Learn about the different professionals involved in developing video games. Becoming a game developer is one of the coolest jobs around and your 14-year-old self, perched on the edge of your bed as you play PlayStation, will thank you for making such an awesome career move.
Michael Wiener of Albuquerque New Mexico Shares Fun Facts About the History of USA License Plates
Motor vehicle license plates are physical, historical records of motor vehicle history and license plate collecting attracts fans of history, motor vehicles, and classic design. In this article, license plate expert Michael Wiener of Albuquerque New Mexico shares fun facts about license plates in the United States.