Millions of Android devices have security flaws that Google took months to fix

Netease Technology News March 4 news, according to foreign media reports, mobile phone developer forum XDA today revealed that Google has fixed a serious security vulnerability related to Android devices, which involved millions of Android devices using MediaTek chipsets.

It is reported that the vulnerability has been public for several months and is a backdoor in the CPU firmware. The vulnerability allows a malicious program to gain access to Android devices using MediaTek’s 64-bit chip through a simple script, and therefore affects hundreds of smartphones, tablets and smart set-top boxes, XDA said.

Google mentioned the patch (CVE-2020-0069) in its Android security advisory in March, after details about the vulnerability had been circulating online for months. Notably, hackers can still exploit the vulnerability on dozens of Android devices.

A hacker exploiting the vulnerability can cause damage in a number of ways, by installing an app and then granting it whatever permissions it needs to hack a device. Hackers can also use the root privileges in the vulnerability to launch ransomware, potentially rendering the entire device unusable.

MediaTek has provided a patch to fix this vulnerability since May 2019, but the company cannot force OEMs to fix devices. And Google can fix the device with a license agreement and corresponding terms, XDA explained. According to XDA, Google was aware of the vulnerability months before it released a patch.

The Links:   MG30G2DL1 CM150E3U-24H IGBT