Attackers exploit 0day vulnerability that gives full control of Android phones

guest · Oct 4, 2019

Attackers exploit 0day vulnerability that gives full control of Android phones
Vulnerable phones include 4 Pixel models, devices from Samsung, Motorola, and others
October 4, 2019
https://arstechnica.com/information...ty-that-gives-full-control-of-android-phones/

Attackers are exploiting a zeroday vulnerability in Google’s Android mobile operating system that can give them full control of at least 18 different phone models, including four different Pixel models, a member of Google’s Project Zero research group said on Thursday night.

There’s evidence the vulnerability is being actively exploited, either by exploit developer NSO Group or one of its customers, Project Zero member Maddie Stone said in a post. Exploits require little or no customization to fully root vulnerable phones. The vulnerability can be exploited two ways: (1) when a target installs an untrusted app or (2) for online attacks, by combining the exploit with a second exploit targeting a vulnerability in code the Chrome browser uses to render content.

“The bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device,” Stone wrote. “If the exploit is delivered via the Web, it only needs to be paired with a renderer exploit, as this vulnerability is accessible through the sandbox.”
Click to expand...

While the vulnerability reported on Thursday is serious, vulnerable Android users shouldn’t panic. The chances of being exploited by attacks as expensive and targeted as the one described by Project Zero are extremely slim.
A “non-exhaustive list” of vulnerable phones include:
Click to expand...

Pixel 1

Pixel 1 XL

Pixel 2

Pixel 2 XL

Huawei P20

Xiaomi Redmi 5A

Xiaomi Redmi Note 5

Xiaomi A1

Oppo A3

Moto Z3

Oreo LG phones

Samsung S7

Samsung S8

Samsung S9

guest · Oct 16, 2019

Security researcher publishes proof-of-concept code for recent Android zero-day
Qu1ckR00t app can root an Android device using the CVE-2019-2215 zero-day
October 16, 2019
https://www.zdnet.com/article/secur...-of-concept-code-for-recent-android-zero-day/

A US security researcher has published proof-of-concept code on GitHub for a recently disclosed Android zero-day.

The zero-day was discovered at the start of this month by Google Project Zero security researchers. At the time, Google said the zero-day was being actively exploited in the wild.
To weaponize her PoC, an attacker would still need to find a way to bypass the many other security protections available at the Android kernel level.
But in a blog post published yesterday, Grant Hernandez, a PhD candidate at the Florida Institute of Cyber Security at the University of Florida, published a PoC that does just this.

The end result is a more intrusive PoC that can be used to root an Android device, giving a user/attacker full control of the device.
Click to expand...

Tailoring CVE-2019-2215 to Achieve Root

guest · Nov 24, 2019

Bad Binder: Android In-The-Wild Exploit
November 21, 2019
https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html

On October 3, 2019, we disclosed issue 1942 (CVE-2019-2215), which is a use-after-free in Binder in the Android kernel. The bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device. If chained with a browser renderer exploit, this bug could fully compromise a device through a malicious website.

We reported this bug under a 7-day disclosure deadline rather than the normal 90-day disclosure deadline. We made this decision based on credible evidence that an exploit for this vulnerability exists in the wild and that it's highly likely that the exploit was being actively used against users.
This blog post will explain the bug and the methodology for finding it, how the proof-of-concept exploit we released works, and the evidence and commentary on the use of this bug for in-the-wild exploitation.
Click to expand...

guest · Jan 6, 2020

Researchers unearth malicious Google Play apps linked to active exploit hackers
Apps used a variety of tricks to covertly install well-written espionage software
January 6, 2020
https://arstechnica.com/information...e-play-apps-linked-to-active-exploit-hackers/

Researchers have found more malicious Google Play apps, one of which exploits a serious Android rooting vulnerability so the app can take screenshots and collect other types of sensitive user information.

Camero exploits CVE-2019-2215, a potent vulnerability discovered in October by Google’s Project Zero vulnerability research group, researchers from Trend Micro reported on Monday. The use-after-free flaw makes it easy for attackers to gain full root privileges on Pixel 1 and Pixel 2 phones and a host of other Android models.
The app then downloaded attack code that exploits CVE-2019-2215 or a separate exploit in the MediaTek-SU driver that installs an espionage app called callCam. callCam collected a variety of sensitive user data including: [...]

To escape detection, callCam hid its icon after installation. It also used a complex cryptographic routine to encrypt stolen data before it was sent to attacker-controlled servers. callCam was also available as a standalone Google Play offering that advertised itself as a call and camera app. A third app, called FileCrypt Manager, meanwhile, installed callCam by abusing Android accessibility permissions to display screen overlays.
Click to expand...

Trend Micro: First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group

Log in or Sign up

Attackers exploit 0day vulnerability that gives full control of Android phones

guest Guest

guest Guest

guest Guest

guest Guest

Log in or Sign up

Attackers exploit 0day vulnerability that gives full control of Android phones

guest Guest

guest Guest

guest Guest

guest Guest

Useful Searches