Millions Of Android Phones Are Vulnerable To Israeli Surveillance Dealer Attack, Google Warns

Forums Security News (Security) Millions Of Android Phones Are Vulnerable To Israeli Surveillance Dealer Attack, Google Warns

Tagged: 

  • This topic has 1 voice and 0 replies.
Viewing 0 reply threads
  • Author
    Posts
    • October 8, 2019 at 9:51 am #36977
      Telegram SmartBoT
      Moderator
      • Topic 5959
      • Replies 0
      • posts 5959
        @tgsmartbot

        #News(Security) [ via IoTGroup ]

        Headings…
        Millions Of Android Phones Are Vulnerable To Israeli Surveillance Dealer At

        Auto extracted Text……

        Google issued an alert overnight about a fresh vulnerability affecting hundreds of millions of Android phones, including its own Pixel 1 and 2 devices.
        According to Google security researcher Maddie Stone, the weakness is actively being used against targets of the Israeli spyware dealer NSO Group.
        If you own any of the following phones, your device likely remains vulnerable today as patches are not yet available: the Google Pixel 1 and 2, Huawei P20.
        (A source told Forbes after publication that the number of affected devices is likely much higher, as those were the only ones that Google had been able to test).
        Stone said the underlying issue was fixed in Android back in December 2017, but “the Pixel 2 with most recent security bulletin is still vulnerable based on source code review.” The same is true for all those other Android phones, though Google didn’t explain why the patches didn’t prevent the latest exploits from working.
        Google also didn’t note why it had attributed the hacks to NSO Group.
        A spokesperson for NSO, however, said: ‘NSO did not sell and will never sell exploits or vulnerabilities.
        The problem was defined by Stone as a kernel privilege escalation bug, which means it provided a way for a hacker who’d already found a way onto the device to get deeper access, right into the heart of the Android operating system.
        Whoever was exploiting the vulnerability would have likely used other bugs, combining them in what’s known as an “exploit chain” to completely own an Android device remotely.
        “The bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device.
        If the exploit is delivered via the web, it only needs to be paired with a renderer exploit, as this vulnerability is accessible through the sandbox,” Stone wrote in a post on Thursday

        Read More..
        AutoTextExtraction by Working BoT using SmartNews 1.0299999999 Build 26 Aug 2019

    • Author
      Posts
    Viewing 0 reply threads
    • You must be logged in to reply to this topic.