Bad surprise for users Android: the cybersecurity team of Google added a note to inform that four of the flaws originally reported “could be subject to targeted and limited exploitation”. It turns out that some hackers have already used them to steal sensitive data from an unspecified number of victims. As researcher Maddie Stone wrote on Twitter, two of the bugs in question – CVE-2021-1905 and CVE-2021-1906 – relate to products that mount Qualcomm’s Snapdragon Graphics Processing Unit (GPU); the others – CVE-2021-1905 and CVE-2021-1906 – instead have to do with drivers that operate with Gpu targate ARM Mali. To find out if your mobile devices are among those potentially affected by the problem, you need to consult their technical specifications.
“No data would be safe”
Looking at the glass half full, it’s about vulnerability difficult to exploit. The problem is that they are also particularly severe. CVE-2021-1905, for example, allows you to execute malicious code that can enable hackers to carry out any type of operation on the affected device, including malware installation. For this reason, according to what was declared to ArsTechnica by the vice president of the security company Zimperium Asaf Peleg, on the one hand, the violations recorded were probably the work of highly organized cybercriminal groups, which is not excluded may even be linked to government agencies or national espionage services; on the other hand, whoever succeeded in the operation was able to hire “Full control of the user’s mobile endpoint”. Clear that in such an eventuality “No data would be safe”.
The situation also complicates the fact that only the owners of Pixel, Google smartphones, will receive a resolutive patch in the next few hours. The others will instead have to wait for specific updates from the various manufacturers, which they usually require not less than three to four weeks to be released. Certainly not the best, in the presence of flaws already in a safe course of exploitation. In fact, therefore, even those who have updated their devices to the latest version of Android have no way at the moment neither to defend themselves nor to notice any violations, considering that attacks can be carried out in a non-manifest manner. Once the emergency has returned, it will then be the task of Big G assist the authorities in finding those responsible. But most of all prevent the repetition of situations of this gravity.
June 3, 2021 (change June 3, 2021 | 17:25)
© REPRODUCTION RESERVED