17
DEC

Are you using an android phone?

Be careful! Viewing an innocent-looking image on your Android may result in hacking. Google has reported a crucialvirus in the Android Security Bulletin.

According to Google, “The most severe of these issues is a critical security vulnerability in Framework that could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process.”

One of the Cyber Security Companies in Kolkata declares this process of hacking has become quite influencing among hackers. Opening a single image in PNG format is sufficient for your Android phone to get hacked.

The vulnerabilities, identified as CVE-2019-1986, CVE-2019-1987, and CVE-2019-1988, have patched in the Android Open Source Project (ASOP) by Google as an element of their Android Security updates on February 2019.

In addition to these three flaws, Google also counted fixes for 42 vulnerabilities in the Android OS in its last update in February 2019. Among them, 11 are considered as crucial, 30 having high impact and one medium in severity.

A maliciously-crafted PNG image file could implement code on vulnerable Android devices, potentially by hacking phones and allowing access by a remote attacker.They reveal a new method where hackers attack the Android Mobiles just by using malicious PNG images or files. This virus has afflicted millions of devices that run on Android OS versions, ranging from Nougat 7.0 to its present Android 9.0 Pie.

The good and bad revelation:

According to the Security bulletin, till now there is no evidence of active customer exploitation is reported. However, we all are waiting for Google, to announce more facts about the vulnerabilities.

Google has also fixed the flaws in an update for its own devices. That’s a good revelation for users who have Google-manufactured Pixel phones. The bad revelation is for users who have purchased devices from other vendors, which usually take a bit more time to roll out patches.

A file type that can cause harm to your computer is known as an image file. These are files that generally end with “ .jpg, .gif, and .png”. 90% of the time these files are safe but the rest 10% can be dangerous. Certain hacking groups find ways to sneak data and scripts from mobile through an image. As you click on the picture to have a look at the image you may fall in the trap.

.PNG isn’t ideal for sharing images through the internet as they are quite large. The malicious party tries to target a vulnerability in a particular application that may be used to open and display the image. At this point the malicious code can execute on the device. So, it’s better to be careful when downloading images from the internet especially if they come from an unknown source.

How to protect yourself!

Always make sure to update your Android device to the latest available version of Android. One should update their Android Smartphone as soon as a security update available from the handset operator.

Google also suggests that users restrict their Smartphone to only install applications from Google Play and allow the feature Google Play Protect that enables the Android security team to keep an eye on your phone against any malicious activity.

Patch your Android phone as soon as a security update is accessible.

It isn’t easy work for anyone to abuse this hacking method. Moreover, no such cases are reported yet. But it is not for the first time that PNG files are noted as dangerous as they can be accessed easily. And this is very easy to send a simple-looking PNG file to victims over chat, email, social media which provokes the device to download malware.

If you haven’t received an update yet from your device then it’s time to start the stopwatch or may get a Cyber Security Service from Kolkata



Leave a Comment:

Populer Postes

14 DEC, 2019

Why the ‘Mobile Apps’ demand access to your ‘Data and Device Tools’?

Get Exclusive Cyber Security Tips On:

Prevention from damage dealt to an organization’s reputation.

Investments on fixing the issues caused by attack.

Preventing confidential data and Intellectual Property being stolen

Prevention of revenue loss due to service disruption and much more.

Subscribe Now