Google Researchers Detected New Android Exploit Targeting Pixel, Galaxy Phones

Google researchers recently reported a new Android exploit that allows hackers to take control of a person’s phone. The exploit has been applied in the real world before being detected by the Project Zero team in September. For that reason, the team considered it a zero-day vulnerability. 

According to researchers, the malware targets Android’s operating system, leading to hackers being able to gain root access to the victim’s device if abused. However, it will remain inoperative unless users take certain actions on their phones such as downloading infected software. Also, the vulnerability has been designed with the ability to link up with another exploit, implementing a web-based attack aimed at Google’s Chrome browser. To avoid the risk of being hacked, users should carefully examine the apps they want to download and the sites they visit. 

The team has published a list of Android devices vulnerable to the exploit, including phones running on Android 8 or later. The list features three models of Chinese-based Xiaomi, three names from Samsung Galaxy, Pixel 2, Oppo A3, Moto Z3, and Oreo LG. Pixel 3 and 3a weren’t affected, and Pixel 1 and 2 will also be secured with the October Security Release. It is worth noting that the exploit keeps spreading out, with more devices being put under risk. 

Google said they have been working to fix the issue. A patch has been released, helping partners to effectively protect the Android ecosystem against the malicious code. In the meantime, NSO Group, who is facing the accusation of the Project Zero team, denies the claim.