Saturday, March 6, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Google finds Android zero-day impacting Pixel, Samsung, Huawei, Xiaomi devices

October 4, 2019
in Internet Security
Google finds Android zero-day impacting Pixel, Samsung, Huawei, Xiaomi devices
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Google disclosed today that they found evidence of an Android unpatched vulnerability being used in attacks in the real world — a so-called “zero-day.”

The vulnerability resides in the Android operating system’s kernel code and can be used to help an attacker gain root access to the device.

You might also like

Zigbee inside the Mars Perseverance Mission and your smart home

FTC joins 38 states in takedown of massive charity robocall operation

Accellion zero-day claims a new victim in cybersecurity company Qualys

Ironically, the vulnerability was patched in December 2017 in Android kernel versions 3.18, 4.14, 4.4, and 4.9, but newer versions were found to be vulnerable.

Google researchers believe that the vulnerability impacts the following Android phone models, running Android 8.x and later:

  • Pixel 2 with Android 9 and Android 10 preview
  • Huawei P20
  • Xiaomi Redmi 5A
  • Xiaomi Redmi Note 5
  • Xiaomi A1
  • Oppo A3
  • Moto Z3
  • Oreo LG phones
  • Samsung S7, S8, S9

Google researchers also said that the “exploit requires little or no per-device customization,” meaning it should be able to work on a wide range of handsets, although they have not confirmed this with manual reviews, as they did for the devices listed above.

Google: Zero-day linked to NSO Group

The vulnerability was discovered by Google’s Project Zero team, and later confirmed to have been used in real-world attacks by the company’s Threat Analysis Group (TAG). These are the two teams that discovered last month a batch of 14 zero-days being used against iOS users.

However, the Android zero-day and the iOS zero-days appear to be unrelated. While the attacks on iOS users have been linked to a Chinese state-sponsored group conducting surveillance operations against their own citizens, details about the Android zero-day are currently limited.

Google’s TAG said it believes the Android zero-day is the work of NSO Group, a well-known Israeli-based company known to sell exploits and surveillance tools.

The company has been criticized for selling hacking tools to oppressive regimes, but facing rising criticism, has recently pledged to fight customers who abuse its tools to spy on innocents or political opponents. ZDNet sent a request for comment to the Israeli company, seeking confirmation that this is one of their tools, and we’ll update the article with their statement if we hear back.

Not as dangerous as it could have been

The good news is that the Android zero-day is not as dangerous as other past zero-days. For starters, it’s not an RCE ( remote code execution) that can be exploited without user interaction. There are certain conditions that need to be met before an attacker can exploit this vulnerability.

“This issue is rated as High severity on Android and by itself requires installation of a malicious application for potential exploitation,” a spokesperson for the Android Open Source Project said. “Any other vectors, such as via web browser, require chaining with an additional exploit.

“We have notified Android partners and the patch is available on the Android Common Kernel. Pixel 3 and 3a devices are not vulnerable while Pixel 1 and 2 devices will be receiving updates for this issue as part of the October update,” the Android team said.

The zero-day is now being tracked as CVE-2019-2215. This bug tracker entry from the Project Zero team holds proof-of-concept code and additional details for security researcher who want to reproduce the bug and test other devices.

Credit: Zdnet

Previous Post

New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild

Next Post

Fintech Player Zeta Uses Real-Time Analytics And Machine Learning To Lead The Digital Payments Space

Related Posts

Zigbee inside the Mars Perseverance Mission and your smart home
Internet Security

Zigbee inside the Mars Perseverance Mission and your smart home

March 6, 2021
FTC joins 38 states in takedown of massive charity robocall operation
Internet Security

FTC joins 38 states in takedown of massive charity robocall operation

March 5, 2021
Accellion zero-day claims a new victim in cybersecurity company Qualys
Internet Security

Accellion zero-day claims a new victim in cybersecurity company Qualys

March 5, 2021
GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines
Internet Security

GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines

March 5, 2021
With its acquisition of Auth0, Okta goes all in on CIAM
Internet Security

With its acquisition of Auth0, Okta goes all in on CIAM

March 5, 2021
Next Post
Fintech Player Zeta Uses Real-Time Analytics And Machine Learning To Lead The Digital Payments Space

Fintech Player Zeta Uses Real-Time Analytics And Machine Learning To Lead The Digital Payments Space

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Zigbee inside the Mars Perseverance Mission and your smart home
Internet Security

Zigbee inside the Mars Perseverance Mission and your smart home

March 6, 2021
Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!
Internet Privacy

Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked!

March 6, 2021
Autonomous Cars And Minecraft Have This In Common  
Artificial Intelligence

Autonomous Cars And Minecraft Have This In Common  

March 5, 2021
The ML Times Is Growing – A Letter from the New Editor in Chief – Machine Learning Times
Machine Learning

Explainable Machine Learning, Model Transparency, and the Right to Explanation « Machine Learning Times

March 5, 2021
FTC joins 38 states in takedown of massive charity robocall operation
Internet Security

FTC joins 38 states in takedown of massive charity robocall operation

March 5, 2021
Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount
Internet Privacy

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount

March 5, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Zigbee inside the Mars Perseverance Mission and your smart home March 6, 2021
  • Mazafaka — Elite Hacking and Cybercrime Forum — Got Hacked! March 6, 2021
  • Autonomous Cars And Minecraft Have This In Common   March 5, 2021
  • Explainable Machine Learning, Model Transparency, and the Right to Explanation « Machine Learning Times March 5, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates