The team of security researchers in Google, responsible for reporting zero-day vulnerabilities, popularly known as Project Zero, recently discovered a serious security flaw on some Android devices and oddly, the issue was supposed to be patched back in December 2017. The smartphones in questions are from popular OEMs like Samsung, Xiaomi, Huawei including Google’s older Pixel phones.

This security flaw resides in the Android kernel source and was first discovered back in 2017, which is also when it was patched. This included the 4.14 LTS kernel, as well as AOSP Android 3.18, 4.4, and 4.9 kernels, but the vulnerability again popped up in newer versions of Android.

Google discovers security flaw in Pixel

Smartphones running Android 8.0 or later could be affected by the exploit, which Project Zero says doesn’t require per-device customization. This means the hackers can attack a ton of different devices using the same malicious technique. They don’t require in-person access to the device and could gain root access simply by making users sideload a malicious app.

Here’s the complete list of devices affected by the zero-day vulnerability, which is flagged as high priority by Google –

Google’s Project Zero team may have discovered the vulnerability, but it’s the Threat Analysis Group (TAG) that confirmed its use in real-life attacks on affected devices. It believes the NSO Group, a popular Israeli-based company known to sell exploits and surveillance tools, is behind the zero-day attacks. However, NSO has denied Google’s accusations.

The Project Zero team states that the aforementioned isn’t an exhaustive list and a number of devices have already been exploited using this bug. Google will release the October security patch, which should arrive next week, with a fix for this vulnerability. Other OEMs listed above are expected to follow suit in the coming weeks.

Source

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Captcha verification failed!
CAPTCHA user score failed. Please contact us!