Android Security: Google Patches a Dangerous Flaw in These Phones (Mar 3, 2020)
Google has reported a severe vulnerability affecting Android devices running on MediaTek chips, with malicious apps exploiting the flaw since January 2020. The vulnerability (CVE-2020-0069) is an Elevation of Privilege (EoP) flaw, and affects MediaTek devices with Linux Kernel versions 3.18, 4.4, 4.9, or 4.14, and running Android version 7,8 or 9. The “MediaTek-su” exploit enables temporary root access in shell using one of several unnamed malicious apps (all of which have been removed in the Google Play Store), and can be used to collect the infected devices’ files, location, screenshots, and data from Chrome, Facebook, Gmail, Outlook, Twitter, and WeChat applications. Google has released a fix in its most recent Android update.
Recommendation: Always keep your mobile phone fully patched with the latest security updates. It is important to only use the Google Play Store to obtain your software (for Android users), and avoid installing software from unverified sources because it is easier for malicious applications to get into third-party stores. Applications that ask for additional permissions outside of their normal functionality should be treated with suspicion, and normal functionality for the applications should be reviewed carefully prior to installation. Antivirus applications, if available, should be deployed on devices, particularly those that could contain sensitive information.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.