New Android smartphones under fire from hackers – or yours too?

At least 18 models of Android phones show a nasty vulnerability currently used by hackers. Interestingly, about this incident says a member of Google’s Project Zero, responsible for many interesting discoveries in the field of cyber security. The matter is so serious that it is worth acting above divisions and cause much faster work on patching the hole.

What is very important: there is indisputable evidence that cybercriminals are exploiting this vulnerability: they are able to gain full access to the device. This can be done in two ways: using an application from outside the Google Play store that has malicious code or using another vulnerability after injecting a dangerous payload into the victim’s browser.

The error is a local vulnerability to escalation of permissions that allows a full attack on a vulnerable device. If the exploit is provided by a website, it is sufficient to link it to the renderer exploit, because this vulnerability is accessible through the sandbox.

Which Android devices are vulnerable? Here is the list

A list of devices has been constructed that certainly show vulnerability in the context of the discovered vulnerability – it is very likely that these are not all devices:

• Pixel 1
• Pixel 1 XL
• Pixel 2
• Pixel 2 XL
• Huawei P20
• Xiaomi Redmi 5A
• Xiaomi Redmi Note 5
• Xiaomi A1
• Oppo A3
• Moto Z3
• Oreo LG phones with Android
• Samsung S7
• Samsung S8
• Samsung S9

Fortunately, Pixel 3 and 3A are not susceptible. Google phone users are definitely in the best position because these devices are the fastest to receive all patches – including those dedicated to security. And they will be patched first – in the case of third-party equipment it is not so obvious, but they should care about making the patches available very quickly.

Experts consider this vulnerability to be very serious, also because it can be exploited very simply by placing malicious code in an application from an untrusted source. Android users very often install such programs without necessarily wondering if they are becoming victims of cybercrime at any given time.

But do not panic: the risk of becoming a victim of this vulnerability is relatively small, but … it exists and it is worth keeping this in mind. Just do not install just about anything and not look anywhere. This is definitely enough to avoid falling into an unpleasant trap.