A wing under the Ministry of Electronics and Information, the Indian Computer Emergency Response Team has issued a warning to android users about vulnerability to spying. The advisory issued by them says that smartphone users that have a lower version of Android running are at risk of potential spying and attack because of a vulnerability found in the system. The latest operating system is Android 10 which is safe from this attack.
As per CERT-In, login credentials, GPS location details, Photos, SMS, and phone conversations can be accessed by the attackers. They will use the microphone and camera to spy on the affected device.
Explaining to a national daily, CERT-IN said that An Elevation of Privilege vulnerability named “StrandHogg 2 has been reported in the Google android due to confused deputy flaw in the “startActivities()” of “ActivityStartController.java” which allow the attacker to hijack any app on an infected device. A local attacker could exploit this vulnerability by installing a malicious app on a device which can hide behind legitimate apps.
CERT-In’s guidelines are to not download and install any unknown apps from unknown sources or something from an unknown website. Emails and websites have malicious links that we should be alert about. Any untrusted source online should be immediately dismissed. They have also recommended to head to the Security Settings page and turn off install applications from “Unknown source” option.