Discovery critical security flaw on Android: involved smartphone Pixel, Samsung, Huawei and Xiaomi
Google’s Project Zero team has discovered a critical security flaw on Android. The patch is already available and has been notified to business partners.
Project Zero security researchers (Google) have discovered a vulnerability on Android that already appears to be exploited publicly. To report the news was ZDNet, which indicated some of the smartphones that present the bug: among these names like Galaxy S7, S8, S9, and also Huawei P20 or the different Google Pixels and Google Pixel 2.
An Android team spokesman confirmed that if you install a malicious app on the target device or match the attack on a second exploit with a program like a web browser, you can compromise the target device completely.
Google has already verified that the exploit has already been used and exploited through its Threat Analysis Group, and there appear to be traces from the NSO Group, which may have used or sold the tool.
NSO is an Israeli spyware provider that in the past few months has even managed to penetrate WhatsApp by inoculating one of its spyware with calls managed by the service.
NSO Group has recently denied being behind the new attack discovered by Project Zero, declaring to the international press that ” it does not sell, nor will it ever sell exploits or vulnerabilities “. NSO also specified that his work focuses on ” developing products designed to help law enforcement authorities save lives “.
Since the bug has already been used and exploited by third parties, Project Zero gave the Android team seven days before publicly disclosing the news. It is curious to note, that the flaw was found on 27 September 2019, the same flaw had been reported years ago and corrected to December 2017. It seems, in short, that the vulnerability has been re-emerged in a later version of the SO, and now has been corrected again.
Below is the list of devices that are believed vulnerable to the new bug disclosed the same Project Zero warns that it may not be complete:
- Pixel
- Pixel XL
- Pixel 2
- Pixel 2 XL
- Huawei P20
- Xiaomi Redmi 5A
- Xiaomi Redmi Note 5
- Xiaomi A1
- Oppo A3
- Moto Z3
- LG smartphone with Android Oreo
- Samsung Galaxy S7
- Samsung Galaxy S8
- Samsung Galaxy S9
The Android team has already announced that the bug was really present, and it was a problem of ” high gravity “. The patch is already available on Android Common Kernel, and the business partners have been informed: ” Pixel and Pixel 2 will receive updates related to this issue as part of the October security patch “, the company spokesmen said. Pixel 3 and Pixel 3A are not vulnerable.