Take the pledge to vote

For a better tommorow#AajSawaroApnaKal
  • I agree to receive emails from News18

  • I promise to vote in this year's elections no matter what the odds are.
  • Please check above checkbox.

    SUBMIT

Thank you for
taking the pledge

Vote responsibly as each vote counts
and makes a diffrence

Disclaimer:

Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618
Tech
News18 » Tech
2-min read

Major Android Bug Can Give Attackers Remote Access to Samsung, Google, Xiaomi Phones

The unpatched, zero-day vulnerability has been acknowledged as of high severity by Google, and security patches are expected soon.

Shouvik Das | News18.com@distantvicinity

Updated:October 6, 2019, 8:03 AM IST
facebookTwitterskypewhatsapp
Major Android Bug Can Give Attackers Remote Access to Samsung, Google, Xiaomi Phones
Representative image.

A recently discovered, zero day vulnerability has been spotted affecting certain older kernel versions of Android, in turn affecting a wide range of popular Android smartphones such as the Google Pixel 2, Mi A1, Redmi Note 5, Samsung Galaxy S9 and more. According to a report by Google's security researcher Maddie Stone (who discovered it), the vulnerability exploits a local, in-device privilege scope to cause an attack, which then escalates the privilege of the attacker's app or service to gain root access of the concerned phone. Subsequently, the flaw is designed to take over full control of the affected devices.

The report further states that while only a local-level exploit is possible if the malware is injected through physical sources, injecting it through the internet can also give attackers full remote access to these affected devices. The vulnerability affects certain versions of the Android kernel, which have not been updated to the very latest one. It is important to note that even the most recent software patches on phones with older kernels would be rendered ineffective against this vulnerability, as Stone demonstrated by showing the flaw in action on a Google Pixel 2 smartphone running Android 10 with September 2019 security patch.

As disclosed by Stone in the Google Project Zero blog, the list of affected devices right now include Google's Pixel 1, 1XL, 2 and 2XL, Huawei P20, Xiaomi's Redmi 5A, Redmi Note 5 and Mi A1, Moto Z3, Oppo A3, all LG smartphones running on Android Oreo, and Samsung's flagships from the past three years -- Galaxy S7, Galaxy S8 and Galaxy S9. Given that a lot of the devices mentioned here were sold in healthy numbers, this makes the vulnerability even riskier, since it extends to the possibility of widespread surveillance being enforced, through Android.

In fact, the original Google post states that it is already in use by Israel's surveillance agency, the NSO Group, who might be offering its services to the government itself, or to officially backed agencies. Google has disclosed its course of action against the vulnerability, stating, "This issue is rated as High severity on Android and by itself requires installation of a malicious application for potential exploitation. Any other vectors, such as via web browser, require chaining with an additional exploit. We have notified Android partners, and the patch is available on the Android Common Kernel. Pixel 3 and 3a devices are not vulnerable while Pixel 1 and 2 devices will be receiving updates for this issue as part of the October update."

As a result, be sure to look out for the latest update on your phone(s), which should be rolling out over the next couple of weeks. The update will deliver the critical security patch, covering yet another critical zero-day bug that could still have devastating effect on those not aware of it.

Get the best of News18 delivered to your inbox - subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, Telegram, TikTok and on YouTube, and stay in the know with what's happening in the world around you – in real time.

| Edited by: ---
Read full article
Next Story
Next Story

Also Watch

facebookTwitterskypewhatsapp

Live TV

Countdown To Elections Results
To Assembly Elections 2018 Results