Saturday, 6 June 2020

New Android vulnerability warning issued by CERT-In

Android mobile users in India, you have a new security warning. This has been issued by the Indian Computer Emergency Response Team (CERT-IN) few days back. The agency warns about security issues with phones running Android version below 10.


“An Elevation of Privilege vulnerability named “StrandHogg 2.0” had been reported in the Google’s Android. Due to confused deputy flaw in the “start activities()” in the “ActivityStartController.java” which allow the attacker to hijack any app on an infected device,” CERT-In highlighted in its statement.


The biggest problem with the vulnerability is apps can be infected with malware and installed on your device. The apps will ring no alarm bells because users won’t be able to detect any issues. And if you start using the app, attackers can gain access to data on your phone. Which allows them to read messages, access photos, and all the apps on the phone.


“Successful exploitation of this vulnerability could allow the attacker to gain access to a victim’s login credentials, SMS messages, photos, phone conversations, spy on the user through the phone’s microphone and camera and also track GPS location details on an affected device,” the advisory read.


Android issue affecting millions


The StrandHogg 2.0 affects phones that are running on versions between Android 3 and 9. This means, it’s paramount that device manufacturers upgrade phones with these versions to Android 10 right away. With more than 95 percent users in India on Android phones, attackers or more less going to find them easy targets.


Watch Video: Top 5 apps providing free services during coronavirus pandemic


Android has been repeatedly scrutinised for lack of security measures, which was improved with version 10. But what about those with phones running older versions, how do they protect themselves? CERT-IN says users should avoid downloading apps from third-party app store. They should also avoid downloading from unknown websites or any link that it shared with them. We’re hoping that mobile manufacturers offer security fix for this vulnerability to Android users in the country.