Newsbytes
  • India
  • Business
  • World
  • Politics
  • Sports
  • Science
  • Entertainment
  • Auto
  • Lifestyle
  • Inspirational
  • Career
  • Bengaluru
  • Delhi
  • Mumbai
  • Videos
  • Find Cricket Statistics
Hindi
More
Newsbytes
Hindi
Newsbytes
User Placeholder

Hi,

Logout


India
Business
World
Politics
Sports
Science
Entertainment
Auto
Lifestyle
Inspirational
Career
Bengaluru
Delhi
Mumbai
Videos
Find Cricket Statistics

More Links
  • Videos

Download Android App

Follow us on
  • Facebook
  • Twitter
  • Linkedin
  • Youtube
 
Home / News / Science News / Critical Android vulnerability affects Samsung, Huawei, Xiaomi smartphones
  • Science

    Critical Android vulnerability affects Samsung, Huawei, Xiaomi smartphones

    Shubham Sharma
    Written by
    Shubham Sharma
    Twitter
    Last updated on Oct 05, 2019, 11:25 am
    Critical Android vulnerability affects Samsung, Huawei, Xiaomi smartphones
  • In a major incident, Google's security researchers have flagged critical unpatched zero-day vulnerability, in the company's own Android operating system.

    The issue, they say, plagues phones from leading smartphone companies - like Samsung, Huawei, and Xiaomi - and is being exploited in the wild by threat actors. Even select Pixels have been affected.

    Here's all you need to know about it.

  • In this article
    Zero-day flaw allowing root access A number of phones compromised by the flaw Why more handsets could be affected? Also, they say that the bug is being exploited Here's what NSO Group said on the matter So, do you need to worry? Malicious app has to be installed for exploitation
  • Vulnerability

    Zero-day flaw allowing root access

    Zero-day flaw allowing root access
  • First flagged by Google's Project Zero team, the vulnerability, titled CVE-2019-2215, exists in Android's Kernel code.

    It's been described as an issue of 'high severity', one that allows attackers to gain root access to a device.

    However, the weird part is, the researchers claim that the issue only affects phones running Android 8.x or newer as the older versions were fixed in 2017 itself.

  • Affected models

    A number of phones compromised by the flaw

    A number of phones compromised by the flaw
  • After discovering the bug, Google's team found that it affects a number of devices, including Samsung's Galaxy S7, S8, S9, Pixel 1, 2, Huawei P20, Xiaomi Redmi 5A, Note 5, A1, OPPO A3, and Moto Z3.

    And, what's even more worrying is the fact that these are just the devices that were tested with the exploit.

    The actual list could be much longer!

  • Quote

    Why more handsets could be affected?

  • The researchers have said that "exploit [of the vulnerability] requires little or no per-device customization," which means that it could be leveraged to compromise a large number of phones running Android 8.0 or newer versions.

  • Exploit

    Also, they say that the bug is being exploited

  • Adding more to the concern, Google's Threat Analysis Group (TAG) notes that this vulnerability is also being exploited in the wild.

    They have not shared exact details of the exploit but indicated it may have been used by Israel's NSO Group for real-world attacks.

    The group is known to sell exploits and surveillance tools, but in this case, it has explicitly denied any involvement

  • Quote

    Here's what NSO Group said on the matter

  • "NSO did not sell and will never sell exploits or vulnerabilities," an NSO Group spokesperson told ZDNet. "This exploit has nothing to do with NSO; our work is focused on the development of products designed to help licensed intelligence and law enforcement agencies save lives."

  • Risk

    So, do you need to worry?

    So, do you need to worry?
  • The issue makes phones with newer Android vulnerable but do note that Google has already released a patch on the Android Common Kernel and notified the affected partners to issue a fix.

    It should be available with the October security update, but until then we recommend keeping your phone to yourself as this bug can only be exploited through physical access to a phone.

  • Quote

    Malicious app has to be installed for exploitation

  • "This issue is rated as High severity on Android and by itself requires installation of a malicious application for potential exploitation," a spokesperson for the Android Open Source Project said. "Any other vectors, such as via web browser, require chaining with an additional exploit."

  • Xiaomi
  • Android
  • Security
  • Google
  • Moto Z3
  •  
Latest News
  • India vs England, D/N Test: Interesting stats from Day 1
    India vs England, D/N Test: Interesting stats from Day 1
    Sports
  • India vs England: Hosts three down; hopes pinned on Rohit
    India vs England: Hosts three down; hopes pinned on Rohit
    Sports
  • Government has 'no business' doing business: Modi on PSU privatization
    Government has 'no business' doing business: Modi on PSU privatization
    Politics
  • Apple M1 Mac users report abnormally high SSD usage
    Apple M1 Mac users report abnormally high SSD usage
    Science
  • In a first, Brazil twins undergo gender confirmation surgery together
    In a first, Brazil twins undergo gender confirmation surgery together
    World
Related Timelines
  • #BugAlert: Critical desktop hijack vulnerability detected in Slack; now fixed
    #BugAlert: Critical desktop hijack vulnerability detected in Slack; now fixed
    Science
  • Critical vulnerabilities risking private user data flagged in OkCupid
    Critical vulnerabilities risking private user data flagged in OkCupid
    Science
  • Indian techie flags vulnerability in Apple's sign-in system, wins $100,000
    Indian techie flags vulnerability in Apple's sign-in system, wins $100,000
    Science
  • Hacker flags Safari vulnerabilities, wins Rs. 57 lakh from Apple
    Hacker flags Safari vulnerabilities, wins Rs. 57 lakh from Apple
    Science
Trending Topics
Samsung Facebook OnePlus Mobiles Android TV Smart TV Latest Gadget Launch MediaTek Dimensity 1000+ COVAXIN Latest Tech News Upcoming Mobile Phones
Next News Article
Share
Cancel

Want to share it with your friends too?

Facebook Whatsapp Twitter Linkedin
Copied

Love Science news?

Subscribe to stay updated.

Science Thumbnail
India News Business News World News Politics News Sports News Science News Entertainment News Auto News Lifestyle News Inspirational News
Career News Bengaluru News Delhi News Mumbai News Bharti Airtel Mukesh Ambani Indian Premier League Samsung Virat Kohli Rohit Sharma
Cricket News Facebook YouTube Hollywood News WhatsApp Netflix Bollywood News ISRO Spotify Yoga
Honda Batman Football News BMW Vaccine Reliance Jio OPPO Food News, Healthy Recipes Royal Challengers Bangalore Toyota
Fashion Tips Ishant Sharma Farmers Protest Mercedes Isha Ambani India Vs England Cricket OnePlus Mobiles Android TV Smart TV Robert Lewandowski
Marvel Comics Avengers Neha Kakkar Mena Massoud
About Us Privacy Policy Terms & Conditions Contact Us News News Archive Topics Archive Find Cricket Statistics
Follow us on
Facebook Twitter Linkedin Youtube
All rights reserved © NewsBytes 2021