Shulou(Shulou.com)05/31 Report--

We talked about the word "f" before we talked about Android. Fragmentation can be a serious problem for millions of Android users when distributing monthly Android security updates. This is because not every mobile phone manufacturer will release the latest security patches in time. This is another example of why true Android or Google ecosystem enthusiasts might want to buy Pixel (they have got the first loophole in the latest version of Android, as well as cool features such as real-time transcription and astrophotography).

Many Android phones (including the recently purchased Samsung Galaxy Note 105G (which comes with Android 10 in T-Mobile) do not include a December update). "although we are doing our best to provide security patches for all applicable models as soon as possible, the delivery time of security patches may vary from region to region and model," Samsung said in a statement. " We can only imagine a list of Android phones a few months behind.

For most Android users, the monthly security update is a sleeping holiday because it doesn't make any changes or add new features that they can view or use. The problem is that due to a vulnerability called CVE-2019-2232, the December security update is very important. According to the NIST vulnerability database (through Forbes), maliciously crafted messages can lead to a permanent denial of service attack, which could attack phones running Android 8,8.1,9 or 10. The December Android security update includes a CVE-2019-2232, which means that if the update has been sent to your phone, install it immediately. The real problem, however, is that only a limited number of devices currently own it. When the update was first released on December 2nd, Google said: "generally speaking, it takes about a month and a half for OTA to access all Google devices." This applies only to Pixel phones.

StrandHogg is a dangerous loophole that puts the top 500 Android apps at risk.

The reason is that, unlike Apple, which makes hardware and software for the iPhone, there are a large number of Android manufacturers. You can go to the Android phone settings and find the security patch you received last time. Our Pixel 2 XL installed the security patch level on December 5th.

There have been a lot of other security issues in the use of Android recently. Last month, we told you about the Google camera app, which allows bad guys to remotely shoot videos and photos on unsuspecting Android phones. This vulnerability affects hundreds of millions of Android users. Also last month, we passed the vulnerabilities found in the next generation of Android messaging, the Rich Communications Service (RCS). An attacker can exploit this vulnerability by spoofing caller ID and phishing. In a worst-case scenario, Android users may be tricked into revealing their personal identification numbers to banks and other accounts, which will discover and steal large amounts of assets.

Earlier this month, security software developer Promon released information about the "StrandHogg" vulnerability. The malware, disguised as a legitimate application, puts the first 500 Android applications at risk (Propro partner Lookout found that 36 malicious applications actually carry this vulnerability) and allows bad actors (without root access) to monitor Android users through their mobile microphones, remotely control the camera and take photos, read and send text messages, make and record calls, and find users' locations through GPS access. Check the photos and files on your Android phone and check your address book.

StrandHogg is a dangerous vulnerability that could allow hackers to access your personal information.

With "StrandHogg", Android users will click on icons that are legitimate apps. Malware will be displayed and some permissions will be required instead of legitimate applications. Once unsuspecting Android users grant these permissions, hackers get the green light. This vulnerability may launch a phishing attack to give bad actors access to important personal data.

Google recently announced that it will work with a number of security companies, including the aforementioned Lookout, to fight malware. Let's hope the App Defense Alliance is one step ahead of bad actors. Security companies usually contact Google to provide their findings, and companies close these vulnerabilities. However, as StrandHogg,Promon pointed out, Google didn't take it seriously at first. Although the application responsible for distributing malware was eventually removed, it is clear that the vulnerability has not yet been fixed. Moreover, many of the "eye drops apps" that help spread StrandHogg are still on Android users' phones. One of them is a PDF creator application called CamScanner, which has been installed more than 100 million times.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.