This Android Bug Exposes Samsung, Google, Xiaomi Phones to Attackers

Recently, a zero day vulnerability bug has been spotted which is infecting old but famous mobile devices including the Google Pixel 2, Mi A1, Redmi Note 5, Samsung Galaxy S9 and more. 

Google’s security researcher, Maddie Stone has discovered the vulnerability. According to his report, the threat enables hackers to gain remote access to the devices. Thus, the flaw gives the full control of the affected devices.

Mainly, the bug is present in certain older versions of the Android kernel, which have not been updated to the very latest one. 

Stone demonstrated the vulnerability showing the flaw in action on a Google Pixel 2 smartphone which was running the latest Android 10 with September 2019 security patch. Therefore, even the most recent software security patches on phones with older kernels have become malfunctioned against this vulnerability. 

Popular Phones Affected

According to the disclosed list by Stone in the Google Project Zero blog, the list of affected devices currently includes Google’s Pixel 1, 1XL, 2 and 2XL, Xiaomi’s Redmi 5A, Redmi Note 5 and Mi A1, Huawei P20, Moto Z3, Oppo A3, all LG smartphones running on Android Oreo, and Samsung’s popular flagships Galaxy S7, Galaxy S8 and Galaxy S9. 

Most of the above mentioned devices had been sold worldwide, which makes the vulnerability more severe as it increases the possibility of widespread surveillance through Android.

Additionally, the original Google post revealed that it is already in use by the NSO Group, Israel’s surveillance agency, which might be offering its services to the government itself, or to officially backed agencies. 

Google has released its course of action against the vulnerability, stating, “This issue is rated as High severity on Android and by itself requires installation of a malicious application for potential exploitation. Any other vectors, such as via web browser, require chaining with an additional exploit. We have notified Android partners, and the patch is available on the Android Common Kernel. Pixel 3 and 3a devices are not vulnerable while Pixel 1 and 2 devices will be receiving updates for this issue as part of the October update.”

Users Should Not Miss the Upcoming Security Update

Thus, users need to look out for the latest update on their smartphone(s), which may bring the critical security patch, covering the another critical zero-day bug that could still have devastating effect on those not aware of it.

Leave a Reply

Your email address will not be published. Required fields are marked *