Newsbytes
  • India
  • Business
  • World
  • Politics
  • Sports
  • Technology
  • Entertainment
  • Auto
  • Lifestyle
  • Inspirational
  • Career
  • Bengaluru
  • Delhi
  • Mumbai
  • Videos
  • Visual Stories
  • Reviews
  • Phone Reviews
  • Fitness Bands Reviews
  • Speakers Reviews
  • Find Cricket Statistics
Hindi
More
In the news
Astronomy
Garena Free Fire
Newsbytes
Hindi
Newsbytes
User Placeholder

Hi,

Logout


India
Business
World
Politics
Sports
Technology
Entertainment
Auto
Lifestyle
Inspirational
Career
Bengaluru
Delhi
Mumbai
Videos
Visual Stories
Reviews
Phone Reviews
Fitness Bands Reviews
Speakers Reviews
Find Cricket Statistics

More Links
  • Videos

Download Android App

Follow us on
  • Facebook
  • Twitter
  • Linkedin
  • Youtube
 
Home / News / Technology News / Critical Android vulnerability affects Samsung, Huawei, Xiaomi smartphones
Technology

Critical Android vulnerability affects Samsung, Huawei, Xiaomi smartphones

Critical Android vulnerability affects Samsung, Huawei, Xiaomi smartphones
Written by Shubham Sharma
Oct 05, 2019, 11:25 am 3 min read
Critical Android vulnerability affects Samsung, Huawei, Xiaomi smartphones

In a major incident, Google's security researchers have flagged critical unpatched zero-day vulnerability, in the company's own Android operating system. The issue, they say, plagues phones from leading smartphone companies - like Samsung, Huawei, and Xiaomi - and is being exploited in the wild by threat actors. Even select Pixels have been affected. Here's all you need to know about it.

Vulnerability
Zero-day flaw allowing root access

First flagged by Google's Project Zero team, the vulnerability, titled CVE-2019-2215, exists in Android's Kernel code. It's been described as an issue of 'high severity', one that allows attackers to gain root access to a device. However, the weird part is, the researchers claim that the issue only affects phones running Android 8.x or newer as the older versions were fixed in 2017 itself.

Affected models
A number of phones compromised by the flaw

After discovering the bug, Google's team found that it affects a number of devices, including Samsung's Galaxy S7, S8, S9, Pixel 1, 2, Huawei P20, Xiaomi Redmi 5A, Note 5, A1, OPPO A3, and Moto Z3. And, what's even more worrying is the fact that these are just the devices that were tested with the exploit. The actual list could be much longer!

Quote
Why more handsets could be affected?

The researchers have said that "exploit [of the vulnerability] requires little or no per-device customization," which means that it could be leveraged to compromise a large number of phones running Android 8.0 or newer versions.

Exploit
Also, they say that the bug is being exploited

Adding more to the concern, Google's Threat Analysis Group (TAG) notes that this vulnerability is also being exploited in the wild. They have not shared exact details of the exploit but indicated it may have been used by Israel's NSO Group for real-world attacks. The group is known to sell exploits and surveillance tools, but in this case, it has explicitly denied any involvement

Quote
Here's what NSO Group said on the matter

"NSO did not sell and will never sell exploits or vulnerabilities," an NSO Group spokesperson told ZDNet. "This exploit has nothing to do with NSO; our work is focused on the development of products designed to help licensed intelligence and law enforcement agencies save lives."

Risk
So, do you need to worry?

The issue makes phones with newer Android vulnerable but do note that Google has already released a patch on the Android Common Kernel and notified the affected partners to issue a fix. It should be available with the October security update, but until then we recommend keeping your phone to yourself as this bug can only be exploited through physical access to a phone.

Quote
Malicious app has to be installed for exploitation

"This issue is rated as High severity on Android and by itself requires installation of a malicious application for potential exploitation," a spokesperson for the Android Open Source Project said. "Any other vectors, such as via web browser, require chaining with an additional exploit."

Share this timeline
Facebook
Whatsapp
Twitter
Linkedin
Shubham Sharma
Shubham Sharma
Twitter
Editor with over five years of experience in covering all things science, consumer tech, space tech, AI, infosec, and business. A commerce graduate from University of Lucknow. I have been handling Tech beat at NewsBytes since 2018.
Latest
Xiaomi
Android
Security
Google
Moto Z3
Latest
Hisense 120-inch 4K laser TV launched: Check price and features
Hisense 120-inch 4K laser TV launched: Check price and features Technology
Punjab CM Bhagwant Mann to marry for second time tomorrow
Punjab CM Bhagwant Mann to marry for second time tomorrow India
'Ms. Marvel': Highlights from episode 5 of Marvel show
'Ms. Marvel': Highlights from episode 5 of Marvel show Entertainment
ICC Test Batting Rankings: Virat Kohli slips to 13th spot
ICC Test Batting Rankings: Virat Kohli slips to 13th spot Sports
Allu Aravind bags Telugu rights of Aamir's 'Laal Singh Chaddha'
Allu Aravind bags Telugu rights of Aamir's 'Laal Singh Chaddha' Entertainment
Xiaomi
Samsung S22 Ultra v/s Xiaomi 12S Ultra: Which is better?
Samsung S22 Ultra v/s Xiaomi 12S Ultra: Which is better? Technology
ED raids Vivo as part of money laundering probe
ED raids Vivo as part of money laundering probe Business
Xiaomi 12S, 12S Pro, 12S Ultra launched: Check specifications, prices
Xiaomi 12S, 12S Pro, 12S Ultra launched: Check specifications, prices Technology
Lenovo Tab P11 Plus tablet to debut in India soon
Lenovo Tab P11 Plus tablet to debut in India soon Technology
Xiaomi 12S Ultra will feature 1.0-inch Sony IMX989 primary camera
Xiaomi 12S Ultra will feature 1.0-inch Sony IMX989 primary camera Technology
More News
Android
'Toll Fraud' malware detected: How are Android users getting affected
'Toll Fraud' malware detected: How are Android users getting affected Technology
WhatsApp will soon let you hide your 'Online' status
WhatsApp will soon let you hide your 'Online' status Technology
New WhatsApp feature: Avatars for video calls coming soon
New WhatsApp feature: Avatars for video calls coming soon Technology
Free Fire MAX: How to redeem codes for June 28
Free Fire MAX: How to redeem codes for June 28 Technology
How to redeem Free Fire MAX codes for June 27
How to redeem Free Fire MAX codes for June 27 Technology
More News
Security
How to secure your WhatsApp: Check latest features and settings
How to secure your WhatsApp: Check latest features and settings Technology
J&K Police shoots down Pakistani drone carrying explosives in Kathua
J&K Police shoots down Pakistani drone carrying explosives in Kathua India
Russia-Ukraine crisis: PM chairs high-level meet to review security preparedness
Russia-Ukraine crisis: PM chairs high-level meet to review security preparedness India
Man tries to break into NSA Ajit Doval's residence; detained
Man tries to break into NSA Ajit Doval's residence; detained India
Tips to safeguard your home from burglars
Tips to safeguard your home from burglars Lifestyle
More News
Google
Google Sheets: Top 5 tips and tricks you should know
Google Sheets: Top 5 tips and tricks you should know Technology
Google Drive: Top tips and tricks you must know
Google Drive: Top tips and tricks you must know Technology
Assam floods: Google introduces SOS alert system on Maps, Search
Assam floods: Google introduces SOS alert system on Maps, Search Technology
Google Hangouts will hang up its boots in November
Google Hangouts will hang up its boots in November Technology
Gmail offline introduced: How to read, send mails without internet?
Gmail offline introduced: How to read, send mails without internet? Technology
More News
Moto Z3
Moto Z4 leaked specifications suggest it'll be a powerful mid-ranger
Moto Z4 leaked specifications suggest it'll be a powerful mid-ranger Technology
Moto Z4 renders reveal design features, key specifications also leaked
Moto Z4 renders reveal design features, key specifications also leaked Technology
Android 9 Pie: Is your phone getting Google's latest dessert?
Android 9 Pie: Is your phone getting Google's latest dessert? Technology
iPhone X look-alike Moto P30 is now official
iPhone X look-alike Moto P30 is now official Technology
Moto Z3 Play might not have headphone jack, home button
Moto Z3 Play might not have headphone jack, home button Technology
More News
Next News Article
Next News Article

Love Technology news?

Subscribe to stay updated.

Science Thumbnail
India News Business News World News Politics News Sports News Technology News Entertainment News Auto News Lifestyle News Inspirational News
Career News Bengaluru News Delhi News Mumbai News Mukesh Ambani Indian Premier League (IPL) Karnataka Samsung Xiaomi West Bengal
Bihar Virat Kohli Rohit Sharma Haryana Narendra Modi Arvind Kejriwal Tamil Nadu Gujarat Yogi Adityanath YouTube
Instagram Hollywood News Uttar Pradesh Kerala Netflix Bollywood News Mamata Banerjee Maruti Suzuki Rahul Gandhi Elon Musk
Shah Rukh Khan Chelsea FC OPPO Akhilesh Yadav Indian Cricket Team Apple Manchester United Salman Khan Cryptocurrency OnePlus
Amitabh Bachchan ICC Women's World Cup Vivo India vs Sri Lanka
About Us Privacy Policy Terms & Conditions Contact Us Ethical Conduct Grievance Redressal News News Archive Topics Archive IPL 2022 Schedule IPL 2022 Points Table Find Cricket Statistics
Follow us on
Facebook Twitter Linkedin Youtube
All rights reserved © NewsBytes 2022