Published: Mon, October 07, 2019
Electronics | By Kelly Massey

Android Auto set to bring new features to us soon

Android Auto set to bring new features to us soon

Google's Threat Analysis Group (TAG) says that a new Android zero-day is actively being exploited in the wild in attacks targeting vulnerable Google Pixel, Huawei, Xiaomi, Samsung, Oppo, and Moto smartphones. The vulnerability was found in Android's kernel code and could allow a hacker to gain root access over a phone.

First up we saw an addition into the Android Auto help page which up until now only listed Google-made devices as compatible with wireless Android Auto. In the more recent versions of Android, however, it re-emerged.

More specifically, Google explains in its Project Zero bug tracker that this flaw was patched in the 4.14 LTS kernel, AOSP android 3.18 kernel, AOSP android 4.4 kernel, and AOSP android 4.9 kernel back in December 2017. Project Zero, the Google security team behind the report, usually waits 90 days before publicizing a software vulnerability to give the software's developers time to fix it.

Google security researchers often disclose severe security issues that affect various products or operating systems.

Iowa Teacher Placed on Leave After Threatening Greta Thunberg in Facebook Comment
During her recent speech in New York, Ms Thunberg criticised world leaders for not doing enough to tackle climate change . But he added: "But when someone is using children and teenagers in personal interests, it only deserves to be condemned".

Google's Project Zero team believes that the vulnerability might have been used by Israeli NSO Group which has previously been implicated for having infiltrated phones with spyware on WhatsApp.

That doesn't include the newer Pixel 3 that Google launched past year, which has been confirmed not to be affected, and Samsung's latest Galaxy S10 flagship phone is absent from the list of exploitable devices too. An NSO spokesman denies its involvement.

According to Google, the exploit "requires little or no per-device customization", but does require the installation of "a malicious application" either "inside the Chrome sandbox" or via an untrusted app store or source. He also mentioned that Pixel 1 and 2 devices will soon get updates for this vulnerability as part of the October update. In the meantime, be careful what you install from shady corners of the internet.

Vulnerable devices are also varying in age.

Like this: