The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity security warning for Android smartphone users. The government’s cybersecurity agency, in its latest advisory CIAD-2024-0013, has raised concerns over multiple vulnerabilities discovered in various versions of the Android operating system. These vulnerabilities, if exploited, could potentially allow hackers to seize control of your smartphones.
CERT-In has identified multiple vulnerabilities in Android that could be exploited by malicious actors for a variety of purposes, including obtaining sensitive information, gaining elevated privileges, executing arbitrary code, or causing denial of service conditions on the targeted system. “These vulnerabilities exist in Android due to flaws in Framework, System, AMLogic, Arm components, MediaTek components, Qualcomm components & Qualcomm closed-source components,” the vulnerability note states.
Potential Risks
If attackers exploit these vulnerabilities, they could:
- Steal sensitive information: This includes your login credentials, messages, photos, contacts, and financial data.
- Gain control of your phone: Attackers could take complete control of your phone, allowing them to install malicious apps, steal data, or even spy on you.
- Cause denial-of-service (DoS): Attackers could render your phone unusable by overwhelming it with requests.
Affected Devices
These vulnerabilities affect a broad range of Android devices, including phones running Android versions 12, 12L, 13 and 14.
To safeguard your devices, CERT-In has urged users to apply appropriate updates promptly when made available by their respective Original Equipment Manufacturers (OEMs). These updates typically include patches and fixes to address the identified vulnerabilities and enhance the security posture of the Android system. Google has already released fixes for the highlighted vulnerabilities, and the latest Android Security Bulletin-March 2024 contains details of security vulnerabilities affecting Android devices. Security patch levels of 2024-03-05 or later address all of these issues.
“Android partners are notified of all issues at least a month before publication. Source code patches for these issues have been released to the Android Open Source Project (AOSP) repository and linked from this bulletin. This bulletin also includes links to patches outside of AOSP,” the Security Bulletin reads.
Recommended Actions
Users are advised to update their Android OS with the latest security patch. This update will patch the vulnerabilities and protect your device. If you have not received the notification, don’t wait for it. You can usually check for updates by going to your phone’s settings menu and navigating to the “Software update” or “System update” section.
Additionally, exercise caution about what you download: Only download apps from trusted sources like the Google Play Store. Avoid downloading apps from unknown websites or third-party app stores. Keep security software up-to-date: If you use any security software on your phone, ensure it’s up-to-date to detect and block potential threats.
Also Read: PM-led Committee Appoints Two New Election Commissioners