Android Zero Day Vulnerability Found to Impact Pixel, Galaxy and Xiaomi Phones

Oct. 5, 2019

Google’s team of security researchers responsible for reporting zero-day vulnerabilities, known as Project Zero, recently discovered an unpatched exploit in Android that’s being used in real-life attacks. This vulnerability affects smartphones from popular OEMs like Samsung, Xiaomi, and Huawei. Even Google’s older Pixel phones are impacted as well.

Smartphones running Android 8.0 or later could be affected by the exploit, which Project Zero says doesn’t require per-device customization. This means the hackers can attack a ton of different devices using the same malicious technique. They don’t require in-person access to the device andcouldgain root access simply by making users sideload a malicious app.

Here’s the complete list of devices affected by the zero-day vulnerability, which is flagged as high priority by Google –

Google’s Project Zero team may have discovered the vulnerability, but it’s the Threat Analysis Group (TAG) that confirmed its use in real-life attacks on affected devices. It believes the NSO Group, a popular Israeli-based company known to sell exploits and surveillance tools, is behind the zero-day attacks. However, NSO has denied Google’s accusations.

The Project Zero team mentions that the aforementioned isn’t an exhaustive list and a number of devices have already been exploited using this bug. Google will release the October security patch, which should arrive next week, with a fix for this vulnerability. Other OEMs listed above are expected to follow suit in the coming weeks.