Android Critical Vulnerability Lets attack Samsung, Huawei, Moto, Xiaomi and Pixel phones
Researchers at the Google Zero project have identified a critical zero-day vulnerability that affects at least 18 Android smartphone smartphones. The study shows that it is already in full use, gaining remote access to information on the phones of victims around the world.
An open exploit was attributed to the Israeli NSO group, but their representative later denied that they were involved in the software, developed or sold it. They stated:
“The identified exploit has nothing to do with us. Our job is to create a protective product for governments and private investigators that save lives. ”
The vulnerability has already been fixed in Android kernel versions 3.18, 4.14, 4.4, and 4.9 without CVE, but the latest OS versions are still not protected. Now, the following phone models remain vulnerable:
Pixel 1 XL
Pixel 2 XL
Xiaomi Redmi 5A
Xiaomi Redmi Note 5
Oreo LG phones
Google found out that the attack can pass in two ways: either Chrome sandbox will be used, or hackers will try to persuade the user to install a fake application. A critical bug, if successfully used, can give a hacker full access to all the phone’s functions.