Alex Lekander@CyberInsider
//
Serbian authorities reportedly used a Cellebrite-developed Android zero-day exploit chain to unlock the device of a student activist and attempt to install spyware. This exploit targeted vulnerabilities in Android, allowing authorities to bypass security measures. Amnesty International discovered the exploit after analyzing the student's phone, which prompted them to alert Google.
Google has since fixed three zero-day vulnerabilities in Android that were exploited by Cellebrite forensic tools. Following the reports of misuse for political reasons, Cellebrite blocked Serbia from further use of its solution. The company took action after claims emerged that the equipment was being used improperly. Recommended read:
References :
@The DefendOps Diaries
//
A new version of the Triada trojan has been discovered preinstalled on thousands of new Android devices, raising significant cybersecurity concerns. This sophisticated malware, initially identified in 2016, has evolved to embed itself deeply into the Android system framework, making it difficult for users to detect or remove. Discovered on counterfeit versions of popular smartphone models sold at discounted prices through online stores, Triada poses a severe threat as it can steal user data immediately after device setup.
Triada's capabilities include stealing user data, such as social media and messenger accounts, and manipulating cryptocurrency transactions by replacing wallet addresses. The malware can also falsify caller IDs, monitor browser activity, and even activate premium SMS services. Experts warn that this new version infiltrates the device at the firmware level, indicating a compromised supply chain and urging users to exercise caution and purchase Android devices from reputable sources. Recommended read:
References :
info@thehackernews.com (The Hacker News)@The Hacker News
//
Google has released the February 2025 Android security updates, patching a total of 48 vulnerabilities. Among these fixes is a critical zero-day kernel vulnerability, identified as CVE-2024-53104, which Google has confirmed is being actively exploited in the wild. This particular flaw is a privilege escalation issue found within the USB Video Class (UVC) driver, potentially allowing attackers to gain elevated permissions on affected devices.
The vulnerability, with a CVSS score of 7.8, stems from an out-of-bounds write condition within the "uvc_parse_format()" function of the "uvc_driver.c" program, specifically when parsing UVC_VS_UNDEFINED frames. This flaw, present since Linux kernel version 2.6.26 released in mid-2008, could lead to memory corruption, program crashes, or even arbitrary code execution. While the specific actors behind the exploitation remain unclear, the potential for "physical" privilege escalation raises concerns about misuse by forensic data extraction tools. Recommended read:
References :
CISO2CISO Editor 2@ciso2ciso.com
//
Google is introducing a new security feature called Identity Check for Android devices to combat theft. This feature locks sensitive settings, such as device and account passwords, behind biometric authentication when outside a trusted location. This prevents thieves from making unauthorized changes even if they possess the device's passcode. The intent is to safeguard user data and improve overall device security.
Identity Check requires biometric verification for accessing sensitive areas like performing factory resets, changing screen locks, adding new fingerprints, and disabling ‘Find My Device’. It also protects access to developer options and Google Password Manager. Initially, the feature will roll out to Samsung Galaxy devices eligible for One UI 7, both as part of the new OS and potentially on older versions in the near future. Non-Samsung users will receive the security update later in the year. Recommended read:
References :
|