Microsoft: Millions of Android smartphones are at risk

by admin, Thursday, 2 June 2022 (2 months ago)

Millions of Android smartphones are in danger of being breached. Microsoft has discovered security vulnerabilities in popular Android applications from the Play Store or have been installed by default by the manufacturers. It seems that Play Protect is completely incapable of detecting violations of this type. To protect users, an emergency update was made available with the help of Microsoft experts.

Microsoft has just discovered the presence of a number of security flaws in some Android applications. In a report posted on its website, the American giant explains that it identified “high-vulnerabilities in a mobile framework belonging to mce Systems” in September 2021.

This is an Israeli company that provides software frameworks to developers. These prefabricated frames make life easier for developers and for activating Android devices, Microsoft explains. However, the “extended control” of the products provided by mce Systems makes them a primary target for hackers.

According to Microsoft researchers, this framework is used by many companies that specialize in application development, including system applications that are built into the phone by default. Clearly, it is the applications that are pre-installed on Android phones that put users at risk. Often, it is not possible to get rid of these applications by uninstalling them.

Millions of Android smartphones are at the mercy of hackers according to Microsoft

Android vulnerability

According to Microsoft, these applications are available on millions of Android smartphones around the world. Some apps available in the Play Store have recorded millions of downloads. In detail, Microsoft identified 4 security vulnerabilities by digging into the framework code. “The vulnerabilities we’ve discovered can all be exploited in the same way,” adds Microsoft.

According to the research team, the defects could allow an experienced intruder to “implant a persistent backdoor” in a smartphone remotely. With this backdoor, it will be able to install viruses or spyware without you knowing it. Worse, a hacker could take direct control of your device without having to physically access it.

As Microsoft points out, the framework is capable of “accessing system resources and performing system-related tasks, such as customizing the audio, camera, power, and storage controls of the device.” The framework developed by mce Systems also has “extended privileges” for running system applications.

In addition, this is why exploiting a flaw in the box code endangers users’ personal data and security. In this context, Microsoft believes that the violations may be due to high severity.

Microsoft researchers also found that Google Play Protect, the security system that monitors Play Store applications, is completely powerless in this case. “These tests were not designed to detect such problems,” he said report.

Also, this is not the first time that Play Protect reliability has been questioned. To improve security on Android, Microsoft contacted Google teams. Working together, the two companies were able to help Play Protect “identify these vulnerabilities”.

Rate this news

Comments

Your email address will not be published.