Android flaw allows you to steal data from your phone: models at risk

Google has discovered a vulnerability that endangers the security of at least 18 Android smartphones: here's what they are

Bad news for owners of at least 18 models of Android smartphones manufactured by Huawei, Xiaomi, Oppo, Motorola, LG, Samsung and even Google: the Linux kernel of the mobile operating system, in all versions up to 3.18 (excluded), suffer from a very serious vulnerability that could allow a hacker to take full control of the device.

Project Zero, Google's in-house cybersecurity team, discovered this. This vulnerability can be exploited in at least two ways and has most likely already been used by NSO Group, an Israel-based company that deals with cyber intelligence on behalf of foreign governments and large companies. The code assigned by Project Zero to this vulnerability is CVE-2019-2215 and the patch to fix it will arrive by the end of October but, as usual, only Google Pixel smartphone owners will be able to install it right away while others will have to wait.

How the CVE-2019-2215 vulnerability works

There are two possible ways to exploit CVE-2019-2215. The first one is via a malicious app, the second one is from the Web, exploiting a second flaw in the Chrome browser (and Chromium-based browsers), which in turn activates CVE-2019-2215. In both cases, the result is the same: the hacker can quickly gain full privileges on the device, which allows him to do whatever he wants with it. From stealing data to installing any kind of software on the phone, such as a tracker to spy on the user and follow his movements.

Which smartphones are affected by CVE-2019-2215

Not all Android smartphones, thankfully, are at risk. Ma nella lista di quelli che lo sono compaiono anche nomi eccellenti:

  • Google Pixel 1
  • Google Pixel 1 XL
  • Google Pixel 2
  • Google Pixel 2 XL
  • Huawei P20
  • Xiaomi Redmi 5A
  • Xiaomi Redmi Note 5
  • Xiaomi A1
  • Oppo A3
  • Motorola Moto Z3
  • LG Oreo
  • Samsung S7
  • Samsung S8
  • Samsung S9

Come difendersi dalla vulnerabilità CVE-2019-2215

Se hai uno di questi smartphone sei sicuramente a rischio. Molto probabilmente anche altri smartphone sono vulnerabili, ma non è ancora nota la lista completa. Google ha già annunciato che la vulnerabilità CVE-2019-2215 verrà fixata con le patch di sicurezza di ottobre. A breve, quindi, i possessori di smartphone Pixel saranno al sicuro. Gli altri, però, dovranno aspettare che i rispettivi produttori rilascino le patch per ogni modello affetto. Potrebbe volerci del tempo e, sui modelli più vecchi, le patch potrebbero anche non arrivare mai.