It is a succession of worrying announcements for Android smartphone users. The latest vulnerability was revealed by Maddie Stone, Project Zero researcher, a Google team involved in hunting down the loopholes not yet known to developers (called zero day). The warning covers many models of mobile phones equipped with the Big G. operating system. The security of hundreds of millions of Android smartphones is at stake since this vulnerability can allow cyber criminals to gain full control of the device.

The vulnerability can be exploited in two ways: either by installing an untrusted application or, if the attack occurs online, by combining with another vulnerability. A Google spokesman said that Pixel 1 and 2 will be protected with the October security update that will be available in the coming days, while a patch has also been shared with partners “to ensure that the Android ecosystem is protected by this problem”. So install the security update as soon as it is available and download only apps that are on the Google Play Store, and that have been developed by recognized technology companies.

Extremely popular smartphones like Pixels 1 and 2, Huawei P20, Xiaomi Redmi 5A, Xiaomi Redmi Note 5, Xiaomi A1, Moto Z3, Oreo LG, Samsung S7, S8, and S9 are at risk. According to the researcher, the flaw would have been used or sold by NSO Group, an Israeli cybersecurity firm not new to this kind of business. In fact it is the same company that in 2016 and 2017 developed Pegasus: a spyware for iOS and Android smartphones. Once installed on a device, the software would be able to activate the camera or microphone and collect a wide variety of sensitive information. Researchers at the Citizen Lab, a laboratory at the University of Toronto, found out that this malware was used against a political dissident in the United Arab Emirates. Besides, NSO is also considered the main suspect behind a WhatsApp flaw found last May which allowed to install a spyware on the phones through voice calls, even without the answer, and without leaving any trace in the chronology.

The discovery of vulnerabilities that are used to compromise devices now seems to be the order of the day and does not concern Android devices only. Just a few weeks ago it made a lot of noise the revelation of a flaw that allowed to exploit the iPhone. The attack, according to what was later confirmed by Apple itself, had a precise target: to infect the devices of the predominantly Muslim Uighur ethnic minority that populates the autonomous region of Xinjiang, in northwestern China.

This increased rate of found vulnerabilities is mainly due to two concurrent factors. The first one is that, as never before, technology companies are emerging that have leading researchers and important resources to seek and find and take advantage of zero day in an industrialized and systematic way. The second factor is that smartphone producers hurry to design and release new models in an ever shorter time and they focus on maximum usability and comfort, often neglecting the security aspects.

Press release source: Virtual Grub.