Bad news if you have an Android phone, particularly a Pixel phone. A company named iVerify has discovered an extremely serious vulnerability in those versions:
The vulnerability makes the operating system accessible to cybercriminals to perpetrate man-in-the-middle attacks, malware injections, and spyware installations. The potential impact of this Android security vulnerability is unknown and could result in millions of dollars in data loss and breaches.
iVerify, in concert with the information security team at Palantir Technologies, initially identified and investigated a vulnerability in an Android app package called Showcase.apk. The application runs at the system level and can fundamentally change the phone’s operating system. Since the application package is installed over unsecured HTTP protocols, this opens a backdoor, making it easy for cybercriminals to compromise the device. iVerify notified Google of the vulnerability and submitted a detailed report after discovering it on customer devices that did not pass iVerify’s behavior-based detections. It’s unclear if Google will issue a patch or remove the software from the phones to mitigate the potential risks.
Furthermore, users cannot remove this app because it is part of the firmware image, and Google does not allow end-users to alter the firmware image for security reasons.
This is bad as at present, users of Android phones cannot mitigate this vulnerability on their own. They have to wait for Google to do it for them. Which Google has said that they will do. At least with Pixel phones that aren’t the Pixel 9 as that doesn’t have the .apk file in question. Google has said that it will notify other OEMs about this vulnerability. That means that it will potentially take longer for this issue to be addressed on non Pixel phones.
Related
This entry was posted on August 19, 2024 at 11:44 am and is filed under Commentary with tags Android. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Android Phones Vulnerable To Remote Access Vulnerability
Bad news if you have an Android phone, particularly a Pixel phone. A company named iVerify has discovered an extremely serious vulnerability in those versions:
The vulnerability makes the operating system accessible to cybercriminals to perpetrate man-in-the-middle attacks, malware injections, and spyware installations. The potential impact of this Android security vulnerability is unknown and could result in millions of dollars in data loss and breaches.
iVerify, in concert with the information security team at Palantir Technologies, initially identified and investigated a vulnerability in an Android app package called Showcase.apk. The application runs at the system level and can fundamentally change the phone’s operating system. Since the application package is installed over unsecured HTTP protocols, this opens a backdoor, making it easy for cybercriminals to compromise the device. iVerify notified Google of the vulnerability and submitted a detailed report after discovering it on customer devices that did not pass iVerify’s behavior-based detections. It’s unclear if Google will issue a patch or remove the software from the phones to mitigate the potential risks.
Furthermore, users cannot remove this app because it is part of the firmware image, and Google does not allow end-users to alter the firmware image for security reasons.
This is bad as at present, users of Android phones cannot mitigate this vulnerability on their own. They have to wait for Google to do it for them. Which Google has said that they will do. At least with Pixel phones that aren’t the Pixel 9 as that doesn’t have the .apk file in question. Google has said that it will notify other OEMs about this vulnerability. That means that it will potentially take longer for this issue to be addressed on non Pixel phones.
Share this:
Like this:
Related
This entry was posted on August 19, 2024 at 11:44 am and is filed under Commentary with tags Android. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.