Android phone users in India, CERT-In has a ‘spy warning’ for you
The Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology has issued an advisory for Android users with ‘High’ severity rating. As per the advisory, those who are using smartphones that do not run the latest Android 10 operating system are at a risk of snooping and attackers can exploit a newly-found vulnerability to spy on the user through “the phone's microphone and camera and also track GPS location details on an affected device.”
Explaining the vulnerability, CERT-In said, “An Elevation of Privilege vulnerability named "StrandHogg 2.0" has been reported in the Google Android due to confused deputy flaw in the "startActivities()" of "ActivityStartController.java" which allow the attacker to hijack any app on an infected device. A local attacker could exploit this vulnerability by installing a malicious app on a device which can hide behind legitimate apps.” This vulnerability is present in Android operating systems versions prior to Android 10.0.
Exploiting this vulnerability, attackers can gain access to victim's login credentials, SMS messages, photos, phone conversations, spy on the user through the phone's microphone and camera and also track GPS location details on an affected device, it added.
CERT-In is advising to not download and install applications from untrusted sources like unknown websites or links sent over messages or emails. Also, turn off the install application from "Unknown Source" option in the Security Settings page.
“Install applications downloaded from reputed application markets only. Do not visit untrusted websites or follow links provided by unknown or untrusted sources. Install updates and patches as and when available from device vendors/service providers,” as per the advisory.
Explaining the vulnerability, CERT-In said, “An Elevation of Privilege vulnerability named "StrandHogg 2.0" has been reported in the Google Android due to confused deputy flaw in the "startActivities()" of "ActivityStartController.java" which allow the attacker to hijack any app on an infected device. A local attacker could exploit this vulnerability by installing a malicious app on a device which can hide behind legitimate apps.” This vulnerability is present in Android operating systems versions prior to Android 10.0.
Exploiting this vulnerability, attackers can gain access to victim's login credentials, SMS messages, photos, phone conversations, spy on the user through the phone's microphone and camera and also track GPS location details on an affected device, it added.
CERT-In is advising to not download and install applications from untrusted sources like unknown websites or links sent over messages or emails. Also, turn off the install application from "Unknown Source" option in the Security Settings page.
“Install applications downloaded from reputed application markets only. Do not visit untrusted websites or follow links provided by unknown or untrusted sources. Install updates and patches as and when available from device vendors/service providers,” as per the advisory.
Trending
Essential productivity resources for students- Samsung Galaxy M31 is all the Mega you need in life: Rocks a massive 6000mAh Battery, 64MP Quad-Camera, sAMOLED Screen
- Desi TikTok-rival app Mitron has a 'Pakistan connection'
- McLaren puts the brake on partnership with OnePlus
- Uber launches hourly ride booking option in some US cities
All Comments (0)+^ Back to Top
Refrain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks, name calling or inciting hatred against any community. Help us delete comments that do not follow these guidelines by marking them offensive. Let's work together to keep the conversation civil.
HIDE