More often than not, smartphones are prone to vulnerabilities that can directly or indirectly affect users. A most recent one is an Android flaw that can do a lot to your smartphone and you should be aware of it.
“Strandhogg” Android Vulnerability
The latest Android flaw, dubbed “Strandhogg” has been discovered by security researchers at Promon. The flaw can access smartphones with any Android version (even the latest Android 10).
The unathorised access can allow hackers to click images from the device’s camera, access the microphone to listen to the users, send and read SMSs, get login credentials of the user, make phone calls and even record them. Additionally, it can access a user's location, contact list, call logs, and even private files.
The flaw can easily impact the 500 most popular apps, meaning the apps are at “high risk.” So far, around 36 malicious apps with the vulnerability have been found.
The flaw works in a simple way: the vulnerability befools the users to click on the app, which is a real one. Once the app is clicked, the malware now acts (disguising as the real one) and asks for various permissions, which users tend to provide thinking it is a legitimate app. This way hackers get access to an Android smartphone to fulfill their malign intentions.
Also Read: Man orders pizza from Zomato only to lose Rs 95,000 as part of phishing scam
One thing worth noting is that Standhogg can access a smartphone without the need to root it, making it an easy process.
The report further suggests that the flaw is being used to illicitly access Android phones and apps. While Google has removed the affected apps (36 have been identified so far), it still hasn’t been patched.
To recall, Google recently launched the App Defense Alliance to eliminate malicious Android apps. The alliance has been formed with several security firms.
Hence, we hope a solution to the Android flaw arrives soon.
One more flaw
Additionally, there is another flaw that could lead to a permanent denial-of-service attack on an Android smartphone. This attack could brick a device running Android 8, 8.1, 9, or 10. While it can be fixed with the recent December Android security update, not all Android smartphones have received the update.
For more technology news. click over here.