Posted April 13, 2020 12:00:00By Justin HargisPublished April 12, 2020 05:45:00The first step to a successful Android hack is finding a way to exploit an Android vulnerability, a researcher said Wednesday.
For the past year, Android hacking has been a focus of hackers in China and elsewhere, but it’s becoming more of a problem in the U.S. with smartphones being sold in a wide variety of forms and operating systems.
Researchers at security firm CrowdStrike said they uncovered a series of vulnerabilities in the Android operating system that could be exploited by attackers who wanted to steal user data or exploit a bug in a third-party app.
The flaws have already been exploited by some Chinese hackers to compromise iPhones, said Daniel Langlois, a research engineer who worked on the research.
The attackers also used the flaws to attack Microsoft Windows, but they were not able to exploit the flaw to compromise the OS, Langloiis said.
The flaw has also been exploited to attack the Chinese government, Langlosis said, but that hasn’t happened in the past.
The Chinese government has denied that the government or any government agency has ever compromised Android devices, and it said Wednesday that there’s no proof that the flaw has been used to gain control over any devices.
China’s Ministry of Public Security, meanwhile, has said that it has already taken measures to protect users.
But security experts say it’s unclear how well the government is doing to prevent its citizens from using the operating system to access sensitive data or access a malicious app.
“If it’s the Chinese and they are aware of the vulnerability, they should fix it, not have it continue to exist,” said Langloas.
Security experts say the problem with the vulnerabilities is that they can be exploited without the user knowing about them.
They also say it is not clear if the malicious apps can be easily removed from the phone or if they’re just being left in place to allow hackers to continue exploiting the flaws.
A group of hackers called “Clickers Heroes” have been hacking into Android phones for years, but this was their first time using the vulnerabilities for their own purposes.
The group has targeted iPhones and other Android phones in China, as well as a handful of other devices in Europe and Asia, including Samsung and HTC.
Langlois said the most likely reason for the group’s recent activity is that some Android phone manufacturers are now testing the bugs in an effort to improve the phones’ security, but the researchers say the Chinese manufacturers are probably only looking to find bugs that are easy to exploit, and that it is likely they will continue to use them.
A company that sells Android phones to Chinese customers also has reported some of the vulnerabilities, said James Scott, an Android security researcher with Symantec, but he said that companies could do more to prevent the use of these flaws.
“It’s really unfortunate that the U,S.
doesn’t take this seriously,” Scott said.
“We really think there is a huge gap in the way Android devices are being marketed, so we really hope that the Chinese OEMs take this more seriously.”
Scott said it would be helpful if Google and other companies began to work with manufacturers to prevent any devices from being used for malicious purposes.