If you’re among the many who own an Android phone, you must have by now downloaded the popular operating system’s latest security update (released on 5th May) by Google.
The update fixes multiple vulnerabilities within the OS including CVE-2020-0103 which is the severest. This vulnerability could potentially allow remote code execution on an Android-enabled smartphone. This is what Google says in their release: “The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.”
Major security risk for Android users
The ramifications of this vulnerability are significant from a security perspective. Depending on the privileges associated with the application, an attacker could potentially hijack an Android device, go to the extent of installing programs, viewing, changing or deleting data and even create new user accounts with full rights.
The Center for Internet Security (CIS) states that the risks of not installing this security update are high for all types of end-users – Home Users, Small Business Entities, Large and Medium Business Entities, Small Government Entities and Large and Medium Government Entities.
A report by The Register also analyzed the vulnerability and found out that exploitation could happen on a Samsung phone with a messaging app installed before 2015 without any user interaction. Even just a malicious MMS could trigger the vulnerability, enabling code execution on the device and allowing an attacker to gain control.
Be careful what you download
Apart from ensuring that you have the latest security updates for your Android phone, you can also stay safe from being exploited by this vulnerability by following some basic guidelines.
· It’s important to download only trusted applications on your device. Malicious attackers often embed malware in innocuous-looking apps (e.g. in a gaming app). In many cases, a user may not even know that they have malware in their phones.
· Ensure that the applications you download are only from trusted vendors in the Google Play Store
· Be wary of opening links or websites that you are unable to verify
· Do not click on or open emails from senders you do not recognize
· Install security solutions and keep them updated
The Quick Heal difference
Quick Heal Total Security for Android can help to keep your Android phone safe, thanks to smart features designed to keep vulnerabilities out.
· Vulnerability Scan – Vulnerabilities of certain applications on your phone are scanned and brought to your notice by the Vulnerability Scan feature
· The Message Center displays important notifications at your fingertips. The latest IT news, security news, and alerts about new threats can be seen at a glance, ensuring you’re aware of the latest updates.
· The Scan Before Download feature automatically scans apps even before they are downloaded from the Google Play Store with details provided on whether the app is safe to install or not.
· The On Install App Scan feature scans newly installed apps on the device to detect and present threats
· The News feature serves the latest news and alerts from the Quick Heal Security Lab providing all the news about computer and mobile protection