Android phone, device vulnerabilities could give hackers access

DENVER (KDVR) — The Denver District Attorney is warning Android users of a threat after a security issue was discovered that makes a device’s microphone and camera vulnerable to hackers.

Technology experts explain that this is not a new threat, but it is almost preventable.

Hackers can access your phone to listen to you, watch you, or even view your pictures. Experts told FOX31 that there are two types of attacks: some require you to click a link or open an email, but some are called “zero-click vulnerabilities” that can happen without your knowledge.

“The question is do you care if the data is on your phone, for example, do you care if someone is listening in on your conversations? Do you mind if someone is watching you, you know, while you’re in your room, getting dressed or doing something else? Did you know? So if you care about that, patching becomes important,” said Mitch Tanenbaum, director of information security at CyberCecurity.

A patch is a software update that often fixes a bug or vulnerability. The vulnerabilities allow hackers to perform what is called a “remote code execution attack.”

“That gives them the ability to access, you know, videos of previous photos. In fact, it allows them to take control of the phone and take new photos. In fact, it allows them to record videos, remove GPS tags from photos. It is very invasive!” said James Turgal of Optiv.

Optiv said it only gets worse from there, but personal, financial and business information could be accessed.

“So the real threat is much more dire, right? This is not just a threat to personal privacy,” said Turgal. “Everything we do, whether it’s your home, it’s connected, or the devices you carry, they all bank online, right? So your whole life and sometimes your livelihood is connected to the internet.”

What Android phones are they?

CyberCecurity’s Mitch said that essentially the older the phone, the higher the risk.

“Every two years, you really need to replace your Android phone if you’re an Android phone user, not because the phone no longer makes calls, but because it’s no longer patched,” Tanenbaum said.

He said to make sure the updates are automatic and your phone is still compatible.

And it’s not just phones: anything with a camera can be targeted.

“All the major vendors are very good at releasing patches. It’s when you go with a cheap brand, when you go to the local discount store and say, ‘Oh, well, this camera is $10 cheaper than the brand name camera.’ So, well, how do you think they save that money? Tanenbaum said.

Mitch stated that security features are often compromised first.

Turgal at Optiv reminded everyone to have good “cyber hygiene”:

  • Have strong passwords
  • Turn your devices on and off regularly
  • Restart your Wi-Fi network

Google, which owns Android, did not immediately respond to a request for comment.

Leave a Comment