An important update for Android smartphone owners


A research group from Google's Project Zero team discovered so-called "zero-day gap" in Android. It is a vulnerability that potentially exposes users of many smartphone models to the fact that properly determined criminals are able to remotely take complete control over a mobile device.

The detected vulnerability is dangerous because it allows taking control of a mobile device at the root level with virtually no need to personalize the attack using the discovered vulnerability of the Android system. according to with the entry Maddie Stone from Project Zero, this vulnerability could have been exploited by the Israeli NSO Group specializing in cybersecurity. An attack using an discovered vulnerability in Android can be carried out in two ways: the first requires that the user of a vulnerable smartphone install the application from an untrusted source, the second method is a combined attack using an additional vulnerability in the Google Chrome mobile browser code.

Xiaomi Redmi Note 5
Xiaomi Redmi Note 5 is one of the most popular smartphones in Poland, susceptible to the described attack (photo Xiaomi)

The vulnerability allows unauthorized increase of local privileges on the victim's device system, which means virtually full access to the device on which the attack will be successful. The solution to the problem is to install the update as soon as possible. Update packages will be sent from today, i.e. Tuesday, October 8. A fairly large group of users of popular smartphones is exposed to the detected vulnerability. Below is a list of models that will be vulnerable to an attack using the detected Android bug by the time of upgrade:

  • Pixel 1
  • Pixel 1 XL
  • Pixel 2
  • Pixel 2 XL
  • Huawei P20
  • Xiaomi Redmi 5A
  • Xiaomi Redmi Note 5
  • Xiaomi A1
  • Oppo A3
  • Moto Z3
  • LG smartphones with Android version Oreo (Android 8.x)
  • Samsung S7
  • Samsung S8
  • Samsung S9

While Google Pixel smartphones are not particularly popular with us, the remaining ones from the above list are oats (e.g. Xiaomi smartphones). At the same time, it is worth not to panic, because although using the vulnerability allows you to completely take control of the attacked device, the same attack is not a trivial task. The chances that an ordinary user will fall victim to an attack using this vulnerability are rated as low. However, in order not to facilitate the task of cyber criminals, it is worth being alert to notifications from the update system and updating the smartphone software. Until the update package is delivered, it is sufficient not to install the application from unauthorized sources and not to use the mobile version of the Chrome browser. |