Millions of Android users face security threat due to bug: Check Point

Several apps on the Google Play store such as Bumble, OkCupid, Cisco Teams, Yango Pro, Edge, Xrecorder, PowerDirector, and Grindr are said to have a bug that can affect millions of Android phones users.

. Cybersecurity experts at Check Point have found that the aforementioned apps and several others have known vulnerability CVE-2020-8913. It is found to be in the Google Play Core library that is used by app developers to send updates with new features to their respective apps on Android phones.

. Apparently, the bug allows criminals to inject malicious code into vulnerable applications, and through that, they gain access to all the same resources of the hosting application. If not fixed, they can wipe clean all sensitive information such as login details, passwords, financial details from the applications on the phone.

. The bug was actually discovered several months ago by researchers at Oversecured and was notified to Google to kill the bug in the Play Core library and the company duly updated the library.

. An advisory was sent to all application developers to upgrade to the latest version of the Play core library but very few such as Viber and Booking have complied with the request, while Cisco Webex Teams, Ynago Pro, Grindr, OkCupid, Bumble, Edge, Xrecorder and PowerDirector, and many other, which form 8% of the total apps on Google Play store are still using the old Play Core library with vulnerabilities.

. “We’re estimating that hundreds of millions of Android users are at a security risk. Although Google implemented a patch, many apps are still using outdated Play Core libraries. The vulnerability CVE-2020-8913 is highly dangerous. If a malicious application exploits this vulnerability, it can gain code execution inside popular applications, obtaining the same access as the vulnerable application. For example, the vulnerability could allow a threat actor to steal two-factor authentication codes or inject code into banking applications to grab credentials. Or, a threat actor could inject code into social media applications to spy on victims or inject code into all IM apps to grab all messages. The attack possibilities here are only limited by a threat actor’s imagination,” said Aviran Hazum, Manager of Mobile Research, Check Point.

. Must read | Beware of WhatsApp OTP scam: Here's how to safeguard yourself from online fraud

. Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech .

Millions of Android users face security threat due to bug: Check Point

Follow us on :

Follow Us