Google Researchers Detected New Android Exploit Targeting Pixel, Galaxy Phones
Sundar Pichai - Oct 05, 2019
The malware targets Android’s operating system, allowing hackers to gain root access to the victim’s device if abused.
- Google Pixel 4 Vs. Samsung Galaxy Note 10: Best Killer Features
- This Google Assistant Bug Will Run Out Your Battery Quickly
- Google To Patch A Flaw That Lets iPhone Users Have Free Storage On Google Photos
Google researchers recently reported a new Android exploit that allows hackers to take control of a person’s phone. The exploit has been applied in the real world before being detected by the Project Zero team in September. For that reason, the team considered it a zero-day vulnerability.
According to researchers, the malware targets Android’s operating system, leading to hackers being able to gain root access to the victim’s device if abused. However, it will remain inoperative unless users take certain actions on their phones such as downloading infected software. Also, the vulnerability has been designed with the ability to link up with another exploit, implementing a web-based attack aimed at Google’s Chrome browser. To avoid the risk of being hacked, users should carefully examine the apps they want to download and the sites they visit.
The team has published a list of Android devices vulnerable to the exploit, including phones running on Android 8 or later. The list features three models of Chinese-based Xiaomi, three names from Samsung Galaxy, Pixel 2, Oppo A3, Moto Z3, and Oreo LG. Pixel 3 and 3a weren’t affected, and Pixel 1 and 2 will also be secured with the October Security Release. It is worth noting that the exploit keeps spreading out, with more devices being put under risk.
Google said they have been working to fix the issue. A patch has been released, helping partners to effectively protect the Android ecosystem against the malicious code. In the meantime, NSO Group, who is facing the accusation of the Project Zero team, denies the claim.
"NSO did not sell and will never sell exploits or vulnerabilities. This exploit has nothing to do with NSO. Our work is focused on the development of products designed to help licensed intelligence and law enforcement agencies save lives," said NSO's spokesperson.