Warning for Android users in India: CERT-In issues advisory
If your Android device is compromised, attackers can get hold of your login credentials, messages, phone conversations, photos etc.
CERT-In (the Indian Computer Emergency Response Team under the Ministry of Electronics and Information Technology, has issued an advisory for Android users in India and this ‘warning' comes with a ‘high' severity rating.
According to this advisory, all those who are using Android devices that are not running the latest version of the Android operating system (Android 10) are at the risk of being snooped on. Attackers can exploit a new vulnerability to spy on Android phone users through the phone's mic and camera. They can also track GPS location details on a compromised device.
If your device is compromised, attackers can get hold of your login credentials, messages, phone conversations, photos etc.
mobile to buy?
“An Elevation of Privilege vulnerability named ‘StrandHogg 2.0' has been reported in the Google Android due to confused deputy flaw in the ‘startActivities()' of ‘ActivityStartController.java' which allow the attacker to hijack any app on an infected device. A local attacker could exploit this vulnerability by installing a malicious app on a device which can hide behind legitimate apps,” CERT-In wrote on its site.
This vulnerability is present only in Android phones that are running an OS that's older than Android 10.
What's the fix?
CERT-In advises that you need to install updates and patches that have been issued recently. For this, you need to go to settings and check for updates. If you see one, install it and update your phone right now. Most Android devices in the market right now will support Android 10, you just need to update your device.
Also, CERT-In says that you should not download and install apps from untrusted sources and websites or through random links sent over messages and emails from unverified sources. You should also turn off the “install application from Unknown Source”' option from your device's security settings.
“Install applications downloaded from reputed application markets only. Do not visit untrusted websites or follow links provided by unknown or untrusted sources,” CERT-In suggests.