Zero Day Exploit Hits Android Phones
By: Jim Stickley and Tina Davis
October 4, 2019
It’s Day 0 for a new exploit. That sounds somewhat exciting, but really it is a bummer for Android users. This zero-day exploit affects at least 18 different Google android phones, including Pixel phones. If someone takes advantage of this, he or she could gain complete control over the phone. Unfortunately, according to Google’s Project Zero research group, there is some evidence that this is actually being actively exploited. That's bad news, for sure!
A partial list of vulnerable devices includes:
- Pixel 1, 1 XL, 2, 2XL
- Huawei P20
- Xiamoi Redmi 5A, Redmi Note 5, A1
- Oppo A3
- Moto Z3
- Oreo LG
- Samsung S7, S8, S9
Though these are listed out specifically, others are affected and everyone using an Android phone should be aware of how this works.
One way is to install an untrusted app on the phone. So, be sure when you are adding apps to do research on them and make sure they are safe. Always get them from the Google Play Store rather than sideloading them, which means to get them from anywhere else other than the official store. Read the reviews. They are a great way to find out quickly if something is amiss about the apps.
The second way is by exploiting a vulnerability in the Chrome browser. Always be careful when browsing and be sure to check those web addresses before pushing the “return” button on the keyboard. Also be conservative about what add-ons or browser extensions you use with any browser. Often, those are used to take advantage of users and get malware onto their devices.
This vulnerability is rated as high severity and remember that “zero day” means there is no fix for it currently and it is actively being exploited. So keep those peepers open for questionable apps and websites until one is released. Google has stated it will release something for the Pixel in the October Android security update. That is reportedly coming out by the second week of October.