Cybercrimes are no longer surprises these days. Android devices are more vulnerable as hackers can steal your complete personal information from your one device and cause you lifetime damage. When we talk about the regular security update of Android, it can be a serious concern for thousands of Android users. The main concern in maintaining Android security is that most users are not aware of security updates and not every handset is getting security patch by manufacturer timely. This can be a good example of why Android / Google ecosystems urge to purchase Pixel.
How to check vulnerability on android?
There is a number of latest Android devices including Samsung Galaxy Note 10+ 5G are missing security updates for December 2019. According to a recent statement by Samsung:
“While we are doing our best to deliver the security patches as soon as possible to all applicable models, the delivery time of security patches may vary depending on the regions and models”
This statement is worrisome for Android users with previous versions as their phones are lacking the latest security updates and hackers are more advanced than your previous security locks.
CVE-2019-2232- The most dangerous vulnerability
A wide variety of Android devices are missing the December update. We are emphasizing on December update again and again because of CVE-2019-2232. As reported by NIST (National Vulnerability database) a malicious message can cause a denial of service attack and cause permanent damage and would likely brick your Android device running with Android 8, 8.1,9,10 versions.
Security update for December includes a patch for CVE-2019-2232 and if your phone receives any notification for installing this update install this immediately. But the critical part is there are very few Android devices having this update and December is already gone. The update was launched on 2nd December, and Google said that:
“In general, it takes about one and a half calendar weeks for the OTA to reach every Google device.”
(it is just for pixel handset)
StrandHogg- threatening vulnerability
Putting 500 Android apps at a security risk
Apple Company manufactures both hardware and software for its devices, unlikely there are hundreds of Android manufacturers. If you have missed security notification, you can check it by going into
Settings > about phone > Android version
Security issues for Android devices are rising continuously. There is a Google camera app using which hackers or intruders can shoot pictures or videos from your Android device without your knowledge. This vulnerability is affecting thousands of Android users.
A vulnerability is discovered in next-generation Android messaging, RCS (Rich Communication Service). By this attack, the user’s credentials for banks or other important assets can be stolen by phishing or by spoofing caller ID.
Lastly, information about StrandHogg is published by security software developer Promon. This malware is attacking almost 500 Android apps and making them vulnerable to hacking and spoofing.
“Promon partner Lookout discovered 36 malicious apps that actually carried the vulnerability, and allowed bad actors (without root access) to listen in on Android users through a phone’s microphone, take control of the camera and remotely snap pictures, read and send SMS messages from a handset, make and record phone calls, learn a user’s location through GPS access, see photos and files on an Android handset, view contacts, phone logs and more.”
If you are having StrandHogg, you click on certain applications, then instead of opening that legit app it will ask you for certain permissions and once permissions are granted, hackers are free to intrude into your Android device. This vulnerability can lead to a phishing attack and hackers can steal your personal data.
Google is pairing up with security organizations to fight back these vulnerabilities and malware. It is hoped that the App Defense Alliance can get one step ahead of these hackers. The security organizations establish contact with Google with their explorations and close down such vulnerabilities. Therefore it is observed that Google did not take StrandHogg, Promon seriously until it caused huge damage to users and it is apparently not fixed yet. Many of the dropper apps that are responsible for spreading StrandHogg are still on Android devices and they need to be removed from the play store as soon as possible. For instance, PDF scanner app CamScanner has millions of downloads while it is highly vulnerable.