DENVER (KDVR) — The Denver district attorney is warning Android users about a threat after a security issue was uncovered that leaves a device’s microphone and camera vulnerable to hackers.
Tech experts explain that this is not a new threat, but it is one that is nearly preventable.
Hackers might be accessing your phone to listen to you, watch you or even view your pictures. Experts told FOX31 that there are two types of attacks: Some require you to click on a link or open an email, but some are called “zero-click vulnerabilities” that can happen without you even knowing it.
“The question is do you care whether the data on your phone, for example, do you care whether somebody’s listening to your conversations? Do you care if somebody’s watching you, you know, while you’re in your bedroom, getting dressed or doing something else? Do you know? So if you care about that, that patching becomes important,” said Mitch Tanenbaum, chief information security officer for CyberCecurity.
A patch is a software update that often fixes a bug or vulnerability. Vulnerabilities allow hackers to do what’s called a “remote code execution attack.”
“That gives them the ability to hit, you know, past photos videos. It actually allows them to take control of the phone and take new photos. It actually allows them to record videos, take GPS tags off of photos. It’s very invasive!” said James Turgal, of Optiv.
Optiv said it only gets worse from there, but they could access personal, financial and business information.
“So the actual threat is really far more nefarious, right. This is not just a personal privacy threat,” Turgal said. “Everything that we do, whether it’s your house, it’s wired up or the devices you carry — everybody banks online, right — so your entire life and sometimes your livelihood is connected to the internet.”
Which Android phones are
Mitch from CyberCecurity said that essentially, the older the phone, the bigger the risk.
“Every couple of years, you really do need to replace your Android phone if you’re an Android phone user, not because the phone doesn’t make phone calls anymore, but because it’s not being patched anymore,” Tanenbaum said.
He said to make sure updates are automatic and that your phone is still supported.
And it’s not just phones: Anything with a camera can be targeted.
“All the mainstream vendors are all really good about releasing patches. It’s when you go with a bargain brand, when you go to the local discount store, and you say, ‘Oh, well, this camera is $10 cheaper than the name-brand camera.’ Then, well how do you think they save that money?” Tanenbaum said.
Mitch claimed security features are often compromised first.
Turgal at Optiv reminded everyone to have good “cyber hygiene”:
- Have strong passwords
- Turn your devices on and off regularly
- Reboot your Wi-Fi network
Google, which owns Android, did not immediately respond to a request for comment.
Source : https://kdvr.com/news/technology/android-vulnerabilities-hacker-access/