Android phone users in India, CERT-In has a ‘spy warning’ for you – Latest News


The Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology has issued an advisory for Android users with ‘High’ severity rating. As per the advisory, those who are using smartphones that do not run the latest Android 10 operating system are at a risk of snooping and attackers can exploit a newly-found vulnerability to spy on the user through “the phone’s microphone and camera and also track GPS location details on an affected device.”

Explaining the vulnerability, CERT-In said, “An Elevation of Privilege vulnerability named “StrandHogg 2.0” has been reported in the Google Android due to confused deputy flaw in the “startActivities()” of “ActivityStartController.java” which allow the attacker to hijack any app on an infected device. A local attacker could exploit this vulnerability by installing a malicious app on a device which can hide behind legitimate apps.” This vulnerability is present in Android operating systems versions prior to Android 10.0.

Exploiting this vulnerability, attackers can gain access to victim’s login credentials, SMS messages, photos, phone conversations, spy on the user through the phone’s microphone and camera and also track GPS location details on an affected device, it added.

CERT-In is advising to not download and install applications from untrusted sources like unknown websites or links sent over messages or emails. Also, turn off the install application from “Unknown Source” option in the Security Settings page.

“Install applications downloaded from reputed application markets only. Do not visit untrusted websites or follow links provided by unknown or untrusted sources. Install updates and patches as and when available from device vendors/service providers,” as per the advisory.





Source link

Leave a Reply