• Uncategorised

Android exploit leaves some Pixel, Galaxy phones vulnerable to hacks – CNET

Another bug that could potentially be abused by hackers. 

Angela Lang/CNET

Google’s security researchers found a new Android exploit that lets hackers take over a person’s phone. Luckily, users could avoid this problem by being aware of what they’re downloading on their devices. 

The Project Zero team at Google, a team dedicated to finding security bugs, discovered this vulnerability in late September and disclosed it on Thursday. The exploit is Android’s operating system kernel code, and if abused, hackers could get root access to a victim’s phone. Project Zero said they’ve already seen evidence of the exploit being used in the real world before it can be patched, making it what’s known as a zero-day vulnerability. 

The security group gave a “non-exhaustive” list of which phone models running Android 8 or later could be affected by this exploit:

This exploit is listed as “High severity” and might affect even more phones than listed. Google is working to address the problem.

“Pixel 3 and 3a devices are not vulnerable to this issue, and Pixel 1 and 2 devices will be protected with the October Security Release, which will be delivered in the coming day,” a Google spokesperson said in an email Friday. “Additionally, a patch has been made available to partners in order to ensure the Android ecosystem is protected against this issue.” 

The vulnerability, however, requires actions from the users before a hacker can takeover a phone such as downloading malicious software. It can also be combined with a second exploit that targets the Chrome browser for a web-based attack. This means phone owners should stay aware of what they’re downloading and the websites they visit. 

According to Project Zero, Israeli-based cyberintelligence firm NSO Group is already using or selling this exploit, but the firm denies that claim.

“NSO did not sell and will never sell exploits or vulnerabilities,” an NSO Group spokesperson said Friday. “This exploit has nothing to do with NSO; our work is focused on the development of products designed to help licensed intelligence and law enforcement agencies save lives.”

Android exploit leaves some Pixel, Galaxy phones vulnerable to hacks     - CNET


CNET may get a commission from retail offers.

You may also like...