Android Critical Vulnerability Lets attack Samsung, Huawei, Moto, Xiaomi and Pixel phones
Researchers at the Google Zero project have identified a critical zero-day vulnerability that affects at least 18 Android smartphone smartphones. The study shows that it is already in full use, gaining remote access to information on the phones of victims around the world.
An open exploit was attributed to the Israeli NSO group, but their representative later denied that they were involved in the software, developed or sold it. They stated:
“The identified exploit has nothing to do with us. Our job is to create a protective product for governments and private investigators that save lives. ”
The vulnerability has already been fixed in Android kernel versions 3.18, 4.14, 4.4, and 4.9 without CVE, but the latest OS versions are still not protected. Now, the following phone models remain vulnerable:
Pixel 1
Pixel 1 XL
Pixel 2
Pixel 2 XL
Huawei P20
Xiaomi Redmi 5A
Xiaomi Redmi Note 5
Xiaomi A1
Oppo a3
Moto Z3
Oreo LG phones
Samsung S7
Samsung s8
Samsung S9
Google found out that the attack can pass in two ways: either Chrome sandbox will be used, or hackers will try to persuade the user to install a fake application. A critical bug, if successfully used, can give a hacker full access to all the phone’s functions.
