Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Android Flaw. Show all posts
Security Flaws
Amnesty International Android Android Flaw Cyber Security Google Account Google Exploit Google security Security Flaws

Google Patches Android Zero-Day Flaws Used to Unlock Phones

 

Google recently addressed critical security flaws in Android that allowed authorities to unlock phones using forensic tools, according to a report by Amnesty International. The report, released on Friday, detailed three previously unknown vulnerabilities exploited by phone-unlocking company Cellebrite. Amnesty’s researchers discovered these flaws while investigating the hacking of a student protester’s phone in Serbia. Since the vulnerabilities were found in the core Linux USB kernel, they could have potentially affected over a billion Android devices. 

Zero-day vulnerabilities, which remain unknown to software and hardware makers until discovered, are particularly dangerous as they can be exploited without any existing patches. Amnesty first noticed traces of one such flaw in mid-2024. Later, while examining the phone of an activist in Serbia, the organization shared its findings with Google’s Threat Analysis Group. This led Google to identify and fix the three security loopholes. During its investigation, Amnesty found that Serbian authorities had used Cellebrite’s forensic tools to exploit a USB vulnerability, allowing them to bypass security measures and unlock the activist’s device. 

Amnesty had previously reported in December that Serbian officials had used similar tools to access the phones of both an activist and a journalist, later installing the Android spyware NoviSpy. Following these allegations, Cellebrite stated earlier this week that it had discontinued its services for its Serbian customers. A Cellebrite spokesperson, Victor Cooper, pointed to a company statement that acknowledged the Amnesty report. The statement emphasized that Cellebrite had reviewed the allegations from Amnesty’s December 2024 report and conducted an internal investigation. As a result, the company decided to halt the use of its products by the Serbian authorities. 

In January, Amnesty was contacted to analyze another case involving a youth activist who was arrested by Serbia’s Security Information Agency (BIA) late last year. According to the report, the circumstances of his arrest and the actions of BIA officers closely resembled previous incidents documented in Amnesty’s December findings. A forensic analysis of the activist’s device confirmed that Cellebrite’s tools had been used to unlock his Samsung A32 without consent or legal authorization.  

Amnesty condemned the use of Cellebrite’s technology against individuals engaging in peaceful protests and exercising their right to free expression, stating that such actions violate human rights laws. Bill Marczak, a senior researcher at Citizen Lab, advised activists, journalists, and civil society members to consider switching to iPhones, which may offer stronger protection against these types of exploits. Amnesty’s Security Lab head, Donncha Ó Cearbhaill, warned thatCellebrite’s widespread availability raises serious concerns, suggesting that the full extent of its misuse may still be unknown. 

Google has not yet responded to requests for comment regarding the issue.
Read more »
VPN
Android Flaw Block Chain Cyber Bug Cyber Data Cyberattacks Cybersecurity Data Leaks DNS Mullvad Privacy VPN

Android Flaw Exposes DNS Queries Despite VPN Kill Switch

 


Several months ago, a Mullvad VPN user discovered that Android users have a serious privacy concern when using Mullvad VPN. Even with the Always-On VPN feature activated, which ensures that the VPN connection is always active, and with the "Block connections without VPN" setting active, which acts as a kill switch that ensures that only the VPN is the one that passes network traffic, it has been found that when switching between VPN servers, Android devices leak DNS queries. 

It is important to understand that enabling the "Block Connections Without VPN" option (also known as the kill switch) ensures that all network traffic and connections pass through an always-connected VPN tunnel, preventing prying eyes from tracking all Internet activity by users. During the investigation, Mullvad discovered that even with these features enabled in the latest version of Android (Android 14), a bug still leaks some DNS information. 

As a result, this bug may occur when you use apps that make direct calls to the getaddrinfo C function. The function provides protocol-independent translation from a text hostname to an IP address through the getaddrinfo function. When the VPN is active (and the DNS server is not configured) or when the VPN app re-configures the tunnel, crashes or is forced to stop, Android leaks DNS traffic. 

This leakage behaviour is not observed by apps that are solely based on Android's API, such as DNSResolver, Mullvad clarified. As a result, apps such as Flash Player and Chrome that currently have support for getting address information directly from the OS are susceptible to this issue since they can access the address information directly. This is rather concerning since it goes against what you would expect from the OS, even if security features are enabled. 

Users may want to use caution when using Android devices for sensitive tasks, and may even want to employ additional protective measures until Google addresses this bug and issues a patch that is compatible with both original Android and older versions of Android, in light of the severity of this privacy issue. 

The first DNS leak scenario, which occurs when the user changes the DNS server or switches to a different server, is easily mitigated if the VPN app is set to use a bogus DNS server at the same time. It has also failed to resolve the VPN tunnel reconnect DNS query leak, which is a significant issue for all other Android VPN apps because this issue is likely to affect all other VPN apps as well. 

Mullvad also discovered in October 2022 that, every time an Android device connected to a WiFi network, the device leaked DNS queries (such as IP addresses and DNS lookups), since the device was performing connectivity checks. Even when the "Always-on VPN" feature was enabled with the "Block connections without VPN" option enabled, Android devices still leaked DNS queries.

The leak of DNS traffic can potentially expose users' approximate locations and the online platforms they use as well as their precise locations, posing a serious threat to user privacy. Since this is a serious issue, it may be best to stop using Android devices for sensitive activities or to adapt additional safeguards to mitigate the risk of such leaks until Google fixes the bug and backports the patch to older versions of Android to mitigate the risk.
Read more »
Subscribe to: Posts (Atom)