Indian Govt Warns All Android Users: This Spy Can Hack Your Camera, Microphone & Steal Your Data
The Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology (MEIT) has issued an advisory for Android users with ‘High’ severity rating.
Read to find out more about the threat…
How Will Your Device Be Exploited By The Attackers?
According to the advisory, the users using smartphones that do not operate on latest ‘Android 10’ operating system are at a risk of snooping and attackers can exploit a newly-found vulnerability to spy on the user through ‘the phone’s microphone and camera and also track GPS location details on an affected device.’
“An Elevation of Privilege vulnerability named “StrandHogg 2.0” has been reported in the Google Android due to confused deputy flaw in the ‘startActivities()’ of ‘ActivityStartController.java’ which allow the attacker to hijack any app on an infected device. A local attacker could exploit this vulnerability by installing a malicious app on a device which can hide behind legitimate apps,” said CERT-In when explaining the vulnerability.
This vulnerability is present in the Android operating systems versions prior to Android 10.0.
What Will Happen If The Attack Takes Place and How to Avoid It?
The attackers will gain access to victim’s login credentials, SMS messages, photos, phone conversations, spy on the user through the phone’s microphone and camera and also track GPS location details on an affected device by exploiting this vulnerability.
CERT-In is advising to not download and install applications from untrusted sources like unknown websites or links sent over messages or emails. Also, turn off the install application from ‘Unknown Source’ option in the Security Settings page.
The advisory stated, “Install applications downloaded from reputed application markets only. Do not visit untrusted websites or follow links provided by unknown or untrusted sources. Install updates and patches as and when available from device vendors/service providers.”